WHY IT MATTERS

Using command-and-control infrastructure to carry out attacks globally, Qakbot enabled the most prolific ransomware groups to cause losses in the hundreds of millions, said FBI Director Christopher Wray in an announcement August 29.

The FBI's national headquarters and Los Angeles field office, supported by a network of international partners, were able to infiltrate servers and redirect traffic to their own servers, and then uninstall the malware, he said.

"This is the first time we've deployed this innovative technique, severing thousands of computers from the botnet and restoring control back to the victims," said Wray in a video posted with the announcement.

Numerous cybercriminal groups have used the Qakbot infrastructure to attack organizations, including financial institutions, critical infrastructure contractors and a medical device manufacturer on the West Coast. 

"Last year cyber crooks used this botnet to steal gigabytes of private information from a healthcare provider and later leaked that information on the dark web," he said.

The FBI director also noted that the defensive action against one of the longest-running cybercriminal botnets seized millions in cryptocurrency, totaling $8.6 million in extorted funds.

THE LARGER TREND

In January, the FBI announced it gained access to the Hive ransomware group's computer networks, captured its decryption keys and offered them to victims worldwide. It also seized the group's websites and communications channels in an effort to disrupt its activity.

Cybercrime organizations like Hive have an aggressive appetite for targeting healthcare organizations. In some cases, healthcare organizations are cyberterrorism targets. That fact caused the American Hospital Association and other organizations to call for greater federal support, as well as offensive actions by the government to prevent healthcare cyberattacks that the group considers essentially acts of war.

John Riggi, AHA national advisor for cybersecurity and risk – and, formerly, a longtime FBI agent – is scheduled to deliver the keynote address this Thursday at the HIMSS Cybersecurity Forum in Boston.

Riggi told Healthcare IT News that there is significant investment and focus on offensive and defensive use of artificial intelligence to strengthen cybercrime response capabilities. 

Qakbot, commonly used in phishing attacks targeting healthcare organizations, is easily weaponized with AI tools like GPT-4.

ON THE RECORD

"With our federal and international partners, we will continue to systematically target every part of cybercriminal organizations, their facilitators, and their money – including by disrupting and dismantling their ability to use illicit infrastructure to attack us," said FBI Director Wray in a statement.

Riggi's opening keynote, "The Global Cyber Threat Landscape: Healthcare Risk, Impact and Response," is scheduled for 8:40 a.m. on Thursday, Sept. 7, at the HIMSS Healthcare Cybersecurity Forum in Boston.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.