Cybercriminals are “upping their game” by stealing and then auctioning off on the dark web administrator access credentials to healthcare organizations’ clinician and patient portals, says Etay Maor, chief security officer at threat intelligence firm IntSights.
“Health data has been a lucrative target for cybercriminals for a while because of the kinds of information cybercriminals can find there and then use for different kinds of attacks,” he says in an interview with Information Security Media Group about new research by IntSights about emerging trends in the cybercriminal underground.
“We’ve been seeing databases [with] usernames and passwords being sold on the deep web for quite some time,” he notes. “But what we’re seeing now is cybercriminals are offering admin access to these [healthcare organizations’] systems, which is a real game changer. Admin access is a skeleton key to the whole infrastructure.”
Admin access enables criminals to change data as well bypass security systems, he says. “This will not pop up as an anomaly or something out of the ordinary when an admin goes in and touches every aspect of the backend server.”
In the interview (see audio link below photo), Maor discusses:
- How cybercriminals are stealing admin access credentials to sell on the dark web;
- The common types of cyberattacks and compromises that leverage stolen admin access credentials;
- Tips on steps to take to avoid falling victim to these kinds of cybercrimes.
As chief security officer at threat intelligence firm IntSights, Maor leads the security advisory practice where he works with CISOs and other senior cybersecurity executives to develop cybersecurity programs based on risk management. Previously, Maor held positions at IBM, Trusteer and RSA. During his time with IBM XForce, Maor led the creation and delivery of the IBM XForce Cyber Range operations.