Malware/Ransomware

Ransomware is the biggest threat to hospitals and research centres. Malicious hackers are
specifically targeting hospitals because of the value of the data they hold (Hospitals become major
target for ransomware, 2016). Due to the urgency of the medical data and research data required
hospitals are more likely to pay the ransom and that ransom compared to other ransomware
campaigns will be a huge amount (Hospitals become major target for ransomware, 2016)

In a study by Kaspersky’s labs, it was found that from April 2016-March 2017 the number of users
that were attacked by a ransomware was 2,581,026 (KSN report, 2018). Since 2016-2017 an
estimated $98 million in ransoms were paid out (Datto, 2018). These numbers are increasing daily.
Globally ransomware damage by 2019 is predicted to exceed $11.5 billion annually (Morgan, 2018).
Year by year the number of attacks against businesses and users is increasing. WannaCry a
ransomware variant that was unleashed on to the world in early May 2017, the outbreak infected
over 45,000 systems in just one day Over 400,000 machines were reported as infected and the
ransomware spread in 150 countries (Crowe, 2017)

Here are some the main sub-types of Trojans: backdoor, banking, downloader, keylogger, scareware
and ransomware:

● Backdoor Trojans are also known as Remote Access Trojans (RATs), and once run the trojan allows an attacker to monitor, send commands and control a computer. They are the most invasive Trojan, as they allow someone to enable a webcam to watch the user as well as being able to look at the system. This level of access means they can steal passwords and download further malware too. Backdoors can also be used to collect systems to form a botnet. They do have the potential for legitimate use as some companies use them to watch their employees making sure they are working or allows someone to be able to access their computer while away from home or work.

● Banking Trojans, or short bankers, are specifically used to obtain a user’s financial details. Bankers deploy a few different techniques to do this such as modifying web pages to capture passwords and card details, logging keystrokes or redirecting a user to a fake page which is designed to look like a banking website (known as phishing).

● Downloader Trojans are usually more simple programs which connect to a single or multiple server to download other malicious programs, which usually either another type of trojan or potentially unwanted program. They often can be seen in the form of scripts or domain specific programming languages, usually Visual Basic Script, JScript or office macros.

● Keylogger Trojans are designed to capture keystrokes without a user knowing. They can be used to steal passwords and personal information by an attacker. Keyloggers do have legitimate uses, such as a parent monitoring what a child is typing and employers can use it to make sure employees are not searching for something they should not be.

● Scareware, also known as rogues, are programs which are designed to look like an antivirus product and claim that a system is infected. The rogue then tells a user that they will need to buy this program to remove the infection. In some cases, paying will lead to them stealing payment details. Rogues also can block users from running many programs, including antiviruses, as well as stop users from visiting certain websites.

● Ransomware Trojans come in two different forms; screen lockers and file encryptors. Screen lockers only prevent the user from using their system and do not do any actual damage. Like rogues, screen lockers demand payment to unlock the system. They usually pretend to be related to law enforcement, claiming they have detected illegal activities are going on. Getting access to the computer again is possible. File encryptions encrypt personal files or the whole hard drive on a user’s machine which prevents a user from accessing their files unless they pay. Some file encryptors use weak or insecure algorithms meaning a user’s files can be decrypted without paying.

Insider Attacks

Insider threat is the biggest cause of data loss, malicious or otherwise (Clearswift.com, 2017). In fact,
a study by the Ponemon institute found that 2,081 of the 3,269 incidents reported were due to
insider negligence by staff or contractors (2018 Cost of Insider Threats: Global, 2018).

Social Engineering
Social engineering is the method of either gaining information, or more worryingly gaining access to
sensitive information through the method of manipulating users/staff. Two of the most common
methods are:

● Phishing is a tool used by malicious hackers where they will act as a trusted company, a friend, a work place, someone that a user will trust and get the user to give up their personal details. This can be done in many ways but the most common attack vector is usually E-Mail.

● Spear phishing is a targeted attack method where a specific organisation or an individual is/are chosen. They will then use methods to get the user to give up their detail unsuspectingly. Where a phishing email is general and just sent out to as many people as possible, spear phishing is targeted.

‍