Hackers target the healthcare industry, including dentistry, more than any other field because that’s where the money is. According to the SophosLabs 2018 Malware Forecast, these digital pirates can profit the most by targeting doctors’ offices and similar facilities via ransomware or by selling whatever valuable medical records they acquire. The security company also expects four malicious trends to dominate 2018:
- A ransomware surge fueled by malware kits that hackers can use regardless of skill level and the resurgence of worms;
- An explosion of Android malware on Google Play and elsewhere;
- Continued efforts to infect Mac computers;
- Ongoing Windows threats driven by do-it-yourself exploit kits that make it easy to target Microsoft Office vulnerabilities.
“The normal life cycle of an Office exploit starts with initial use in targeted attacks,” said SophosLabs principal malware researcher Gábor Szappanos. “Then, at some point, the information leaks out and cybercrime groups start using it more widely. Offensive security researchers then start experimenting with antivirus evasion, and the exploit finally ends up in underground exploit builders. Normally this cycle can take a few months.”
With the rapidly evolving nature of these threats, SophosLabs advises practices to educate their employees about the social tactics that attackers use to trick them into downloading malware. Practices also should continue to keep track of the vulnerabilities that affect their computer systems, especially as email will remain the primary attack vector, particularly in targeted attacks. Additional defensive strategies include:
- Staying current with all security patches and updates;
- Refraining from opening file attachments and links in emails from unknown senders;
- Using real-time antivirus software with an on-access scanner;
- Considering stricter email gateway settings;
- Always re-evaluating the necessity of external email communication and using internal-use-only email accounts where appropriate;
- Never turning off security features, even when an email or document says to;
- Regularly backing up all files and keeping at least one copy offline.