Profiling the intellectually brilliant Hannibal Lecter was key to the capture of a serial killer in Silence of the Lambs. Getting inside the ‘collective’ minds of state actors, and state-sponsored attackers engaged in computer network exploitation of U.S.-based companies, is proving to be equally, if not more, challenging, particularly as today’s actors, their motivations, and ultimately their targets, continue to change.
Visualize this: Cyber soldiers from the People’s Liberation Army, the military arm of the People’s Republic of China, report to work, sit down at their computer, and are presented with tasks for the day. Provided with a list of IP addresses, they begin to scan the Internet and search for specific vulnerabilities and look for opportunities for compromise. These line soldiers may never know the actual target or purpose for their daily work. Some units may focus on the theft of data from cleared defense contractors, financial information, or information on a major merger and acquisition. Regardless, these state-sponsored attacks are meant to provide the host country with a political, social, or economic advantage over the United States.
Even though we have seen massive data breaches in the healthcare industry, they continue to be soft targets, with incredible stashes of personal data and digital records. All of which can be monetized particularly if intellectual assets, patents, drug trial research, or equipment development data are compromised.
Why would a nation-state target the healthcare industry? Although banks and financial institutions, technology companies, retailers, defense firms, even law firms may seem like more obvious pathways to treasures, the real purpose may be to capitalize on a target with easy access and weak defenses.
Gaining entry and establishing a foothold into the network of a healthcare provider may serve as a possible “testing” ground for the actor’s tools, techniques, and procedures. Once perfected, the actor may maintain the foothold and launch attacks against other sectors with obfuscation and anonymity enhanced by the use of the healthcare provider’s internal network.
In addition, financially motivated individual hackers or loosely affiliated criminal groups may “piggyback” off of the vulnerabilities identified and exploited by state-sponsored actors, thereby creating a “dirty pond” environment. This scenario creates havoc for those seeking to attribute the attack and ultimately determine what was stolen and why.
Preparation is our best defense. Organizations with a lack of effective controls become easy targets for both state-sponsored and criminal attacks. The motivation for these attacks may be as simple as opportunism. Those organizations that are best prepared for the inevitable attack are the ones that will quickly return to regular business operations.