WHY IT MATTERS
By leveraging command-and-control infrastructure to launch attacks worldwide, Qakbot has enabled the most prolific ransomware groups to cause hundreds of millions of losses, FBI Director Christopher Wray said in an announcement on August 29.
The FBI’s national headquarters and field office in Los Angeles, supported by a network of international partners, were able to infiltrate servers and redirect traffic to their own servers, then remove the malware, he said.
“This is the first time we have deployed this innovative technique, disconnecting thousands of computers from the botnet and returning control to victims,” Wray said in a video posted with the announcement.
Numerous cybercriminal groups have used the Qakbot infrastructure to attack organizations including financial institutions, critical infrastructure contractors, and a West Coast medical device manufacturer.
“Last year, cybercriminals used this botnet to steal gigabytes of private information from a healthcare provider and later leaked that information onto the dark web,” he said.
The FBI director also noted that the defensive action against one of the longest-running cybercriminal botnets seized millions in cryptocurrency, netting a total of $8.6 million in extorted funds.
THE BIG TREND
In January, the FBI announced that it had gained access to the Hive ransomware group’s computer networks, captured the decryption keys and offered them to victims around the world. It has also seized the group’s websites and communications channels in an attempt to disrupt its operations.
Cybercrime organizations like Hive have an aggressive tendency to attack healthcare organizations.
In some cases, healthcare organizations are targets of cyberterrorism. That fact led the American Hospital Association and other organizations to call for more federal support, as well as offensive government actions to prevent health care cyberattacks that the group essentially views as acts of war.
John Riggi, AHA national advisor on cybersecurity and risk – and formerly a longtime FBI agent – will deliver the keynote address at the HIMSS Cybersecurity Forum in Boston next Thursday.
Riggi said Healthcare IT news that there is significant investment and focus on the offensive and defensive use of artificial intelligence to strengthen cybercrime response capabilities.
Qakbot, which is often used in phishing attacks targeting healthcare organizations, can easily be weaponized with AI tools like GPT-4.
ON THE RECORD
“Together with our federal and international partners, we will continue to systematically target every element of cybercriminal organizations, their enablers and their money – including by disrupting and dismantling their ability to use illicit infrastructure to attack us,” said FBI Director Wray said in a statement. .
Riggi’s opening keynote, “The Global Cyber Threat Landscape: Healthcare Risk, Impact and Response,” is scheduled for Thursday, September 7 at 8:40 a.m. at the HIMSS Healthcare Cybersecurity Forum in Boston.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.