Table of Contents
Cybersecurity researchers said this week that they have observed the pro-Russia hacking group known as Killnet increasingly launch distributed denial of service (DDoS) attacks targeting healthcare organizations since November.
Killnet was established following Russia’s invasion of Ukraine in February 2022, and spent most of the last year launching DDoS attacks against governments and companies around the world.
While the attacks are mostly a nuisance – knocking websites offline for about an hour in most cases – they have caused concern within the U.S. government, particularly when they are launched at critical infrastructure like airports and hospitals.
In recent months, the group has focused its attention on the websites of healthcare organizations, launching a campaign in February that targeted hospitals in more than 25 states.
The Cybersecurity and Infrastructure Security Agency (CISA) said less than half of these attacks – which involved routing a deluge of page requests at targeted websites — were successful in knocking sites offline.
On Friday, Microsoft Azure Network Security Team members Amir Dahan and Syed Pasha published an analysis of DDoS attacks on healthcare organizations using their security tools.
They tracked all of the attacks from November 18, 2022 to February 17, 2023, observing an increase from 10-20 daily attacks in November to 40-60 attacks each day in February.
“The types of healthcare organizations attacked included pharma and life sciences with 31% of all attacks, hospitals with 26%, healthcare insurance with 16%, and health services and care also with 16%,” they said.
Killnet typically tried two different methods – creating many different connections and trying to keep them alive for as long as possible to render a website useless, or establish as many new connections as possible over a short amount of time to drain resources.
DDoS protection services like Cloudflare have reported similar trends. Akamai — another firm that offers similar tools — published a report last month that found DDoS incidents in Europe increased significantly in 2022, with more campaigns now involving extortion tactics. The company also warned that DDoS attacks are now increasingly being used as cover for actual intrusions involving ransomware and data theft.
#Trend #DDoS #Healtcare