Healthcare Institutions Need to Strengthen Identity Security as Social Engineering Assaults Proliferate
Cyber Threats Are Escalating - Particularly social engineering attacks, healthcare organizations must be vigilant in their efforts to combat these threats due to HIPAA regulations and the potential impact on continuity of care. This necessitates investing in endpoint detection and response tools, securing identities, and achieving cross-domain visibility.
The surge in voice phishing attacks rose by 442% between the first and second half of 2024. Threat actors have moved away from traditional cyberattacks like deploying malware through malicious documents in favor of targeting help desks. This shift was highlighted in CrowdStrike's 2025 Global Threat Report.
China's cyberactivity saw an average increase of 150% year over year across various sectors. With decades of investment, the nation-state has developed formidable offensive cyber capabilities, rivaling those of other world powers, driven by the goal of global hegemony.
Adam Meyers, head of counter-adversary operations at CrowdStrike, indicated during a report briefing that the geopolitical landscape is shifting, leading to China becoming more aggressive toward Taiwan, with confrontation potentially occuring in the next 12 to 24 months.
The Rise of Social Engineering Attacks
China uses an operational relay base model, relying on botnets of infected routers in the U.S. This allows for attacks to be disguised as normal network traffic.
In 2024, hands-on-keyboard attacks accounted for 79% of all cyberattacks, with attackers manually handling the operation post-compromising user credentials. They often use these credentials via an application or browser to move across the network. They acquire these credentials by impersonating users and calling the help desk for a password reset or flooding a user with spam emails, followed by an impersonation of the help desk to send a link bypassing multifactor authentication.
Generative artificial intelligence makes it easier to harvest credentials. Phishing emails written by generative AI had a click-through rate of 54%, compared to 12% for those written manually.
In one case, a company made a $25.6 million wire transfer in response to an emailed deepfake video. Companies are also unwittingly hiring North Korean attackers who create fake LinkedIn profiles with GenAI, then use deepfake videos during interviews while answering questions via AI.
"Not only are these adversaries using different techniques, different capabilities, they're doing it faster," Meyers said.
The average breakout time – the time it takes an adversary to move laterally within a network – was 48 minutes in 2024, down from 62 minutes the year prior, and the fastest breakout recorded was 51 seconds.
Some threat actors, known as access brokers, focus on gaining access to a target and then selling it to the highest bidder, an activity that jumped 50% from 2023 to 2024.
Don't Underestimate Cloud-Conscious Adversaries
CrowdStrike found a 26% increase in cloud intrusions, and abuse of valid accounts has become the primary access method to the cloud, accounting for 35% of cloud incidents in the first half of 2024. This signals that adversaries are improving their ability to target and operate in such environments.
Once inside the cloud, adversaries are targeting generative AI models - one reason China and North Korea are increasing their cloud collections, Meyers said.
Salt Typhoon, a Chinese advanced persistent threat actor, often accesses the cloud by finding vulnerabilities in edge-facing devices.
"You can gain access to an older VPN concentrator or network router and then pivot from there, deeper into the environment," Meyers said. "And because those things don't run modern security tools, they're softer targets."
Healthcare organizations must prioritize what they patch based on intelligence assessments of what adversaries are exploiting, especially as threat actors increasingly chain vulnerabilities together, Meyers said.
Ample adversaries do their homework, scouring public research, disclosures, and blogs for new exploits targeting small parts of identities.
"If you're not looking across all of those domains, then you're going to miss all of these attacks," Meyers said.
The surge in social engineering attacks has expanded, with voice phishing attacks rising by 442% in 2024. This escalation involves impersonating users and calling help desks for password resets or flooding users with spam emails, ultimately leading to unauthorized access.
The rise of generative artificial intelligence has made credential harvesting simpler, with phishing emails written by AI having a higher click-through rate (54%) compared to those written manually (12%). These attacks can potentially impact the health-and-wellness sector, given the sensitivity of data held by healthcare organizations, which must invest in security measures to combat these threats, leveraging science and technology to protect consumer health and maintain the continuity of care.
