Most email attacks enabled by easily obtained credentials
A new report from two information security firms examines the prevalence of email attacks based on a review of 1,000 healthcare organizations that include physicians, third party administrators, software vendors, regional health plans, medical billing firms and hospitals.
On average, 68 percent of the reviewed entities and their business associates had employees compromised accounts with visibly available credentials on the Dark Web, where stolen information is marketed. Some 76 percent of stolen credentials included actionable password information, and 23 percent had fully visible text passwords, according to Evolve IP and ID Agent, which conducted the survey.
Evolve IP is a cloud hosting company supporting disaster recovery, virtual desktops and data centers, call centers and phone systems. ID Agent markets threat intelligence, identity monitoring and software protection products.
“With 68 percent of healthcare organizations having compromised credentials within the Dark Web, organizations are failing to adequately protect customers from on-line account takeover and data exploit,” says Kevin Lancaster, CEO of ID Agent. “To combat the growing threat, it’s important to develop an end-to-end solution to automate the process of identifying stolen credentials and proactively securing customer on-line accounts.”
“While it is virtually impossible to prevent phishing attacks, the right disaster recovery plan and (disaster recovery) services can prevent a healthcare organization from experiencing serious losses or even potentially going out of business,” says David M. McCrystal, healthcare program manager of Evolve IP.
The study of email attacks on healthcare organizations found that outdated passwords retain their value because most people use the same password or a similar password across all their online domains.
Even organizations with a single compromise still face major risk on the Dark Web, the companies warn, with the risk proportional to company size.
The vendors note that there is a common exploit lifecycle to stolen data:
• Gain access to data from emails exploited by phishing, malware, data breach, social engineering and other attack forms
• Use obtained data to study a targeted company or individual
• Gain system access
• Establish a foothold in the system
• Gain more privileges
• Move laterally through the organization and its supply chain to extract data or control system access
More information from Evolve IP and ID Agent, including the need to embrace proactive threat intelligence, continuous security management and rapid incident response and recovery processes, is available here.