A recent alert from the Department of Health and Human Services Cybersecurity Coordination Center warns organizations in the healthcare sector to be prepared and take steps to protect themselves against potential attacks after a U.S. healthcare entity was targeted by the pro-Russian hacktivist group “KillNet”.
HC3 has been closely monitoring the activities of hacktivist groups, due to the fact that they have been targeting organizations across many different sectors, including healthcare, worldwide. These groups are known to launch DDoS attacks, which involve sending thousands of connection requests and packets to the target website every minute, with the result of slowing down or completely halting vulnerable systems. One such group is KillNet, which is believed to have links to certain Russian government organizations such as the FSB and SVR. This group used to focus their attacks on European countries which had a negative attitude towards Russia. However, following the war in Ukraine, they have turned their attention to countries which are part of NATO, and recently even targeted a healthcare organization in the United States.
John Riggi, the National Advisor for Cybersecurity and Risk from the American Hospital Association, recently released a warning that threat actors may increase their targeting of the healthcare sector during the holidays. KillNet, one of the cyber adversaries, is reportedly using publicly available DDoS scripts and IP stressors for most of its operations. Federal law enforcement efforts have shut down multiple domains linked to DDoS-for-hire services, though it is uncertain how much of an effect this will have on KillNet. Moreover, the group has the potential to receive aid from pro-Russian ransomware groups, such as the Conti group. This could lead to entities that KillNet has targeted being extorted through ransomware or DDoS attacks. HC3 has warned that this is a likely outcome.
Providers should be aware of the necessary steps to take in order to prepare for the potential danger of a DDoS attack. These steps include organizing services, having knowledge of defense strategies, upstream protection, and having a test-run response plan. The alert also provides links to Killnet knowledge and DDoS measures from the Cybersecurity and Infrastructure Security Agency. According to Riggi, “It is especially crucial to be extra careful right now, as foreign cyber gangs and spies are attempting to breach our security through use of remote access tools, exploiting technical weaknesses, and employing new ransomware, with the goal of stealing patient data and disrupting healthcare services.” Riggi emphasized the importance of studying the multiple ransomware alerts given by HC3 and other federal defense agencies within the last month and implementing the recommended remediation measures.