A recent report from Malwarebytes has revealed Trojans are the biggest malware threat. Trojans account for 79% of all malware detected on healthcare systems by Malwarebytes. The Emotet Trojan is the leading malware variant, accounting for 37% of all detected Trojans.
While the Emotet Trojan was once just a banking Trojan concerned with obtaining credentials to online bank accounts, it has since evolved to include a wide range of different functions which has made it one of the most versatile and dangerous threats. The Emotet Trojan is particularly dangerous for healthcare providers as it is capable of capturing credentials for electronic health record systems. Once access to EHRs has been gained, patient information can be stolen. Malwarebytes notes that in terms of persistence and volume, attacks have increased by 650% year-over-year.
The Emotet Trojan is an information stealer that can collect credentials stored in browsers and can eavesdrop on network traffic. Emotet is capable of downloading other malware variants such as banking Trojans, ransomware, and cryptocurrency miners. Emotet can spread across a network using the NSA exploit EternalBlue and can distribute copies of itself in spam email. The threat is primarily distributed via phishing emails.
In terms of prevalence, Emotet is followed by Trojans tracked by Malwarebytes as Trojan.FakeMS, which account for 34% of infections. Trojan.FakeMS is a generic name given to Trojans that are installed via malicious Microsoft files. Trojan.BitCoinMiner – cryptocurrency mining malware – is the third most prevalent Trojan threat, accounting for 18% of infections.
The second biggest threat category is riskware, which accounts for 11% of all infections. While riskware is not malicious in nature, it can prevent the patching of other programs, which increases the risk of cyberattacks.
Ransomware is in third place, accounting for 3% of malware detections. Malwarebytes notes that WannaCry ransomware (Ransom.WannaCrypt) is still at large and is affecting many industry sectors, including healthcare. That indicates many healthcare systems are still susceptible to the EternalBlue exploit, even though the MS17-010 security update addressed the flaw in March 2017.
Rounding out the top 5 malware threats are Spyware (3%) and worms (3%). Spyware.TrickBot and Spyware.Emotet are the leading spyware variants affecting healthcare, which account for 45% of detections in this category. These are secondary malware variants downloaded by the Trickbot Trojan and Emotet Trojan.
The main worm variant affecting healthcare is tracked as Worm.Parite, which is distributed in executable files (.exe) and screensavers (.scr). This worm places systems at risk of further attack and shows no outward signs of infection.