The Federal Bureau of Investigation (FBI) revealed on Wednesday that Iranian hackers attempted to launch a cyber attack against the Boston Children’s Hospital last summer. While speaking at a cybersecurity event at Boston College, FBI Director Christopher Wray said that the attack was foiled after “We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted, and understanding the urgency of the situation, the cyber squad in our Boston field office raced out to notify the hospital.”
Wray added that the plot would have been “one of the most despicable cyberattacks I’ve seen” that could have hindered care to patients at the facility, although the attack’s intended effect remains unknown. Wray also said that “quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it.”
Iran has denied involvement, with spokesperson for Iran’s Mission to the United Nations, Shahrokh Nazemi, calling the allegations “baseless” and “an example of psychological warfare against Iran and thus of no value.”
It remains unknown what form of cyber attack these hackers were attempting to carry out and what exactly they were targeting. Regardless, it is important to know the general anatomy of cyber attacks and the different methods hostile actors can take to disrupt systems.
Hostile actors intent on infiltrating a system will typically follow a four step process, as identified by Maritime Institute of Technology and Graduate Studies. The first step in the process is surveying and reconnaissance, where attackers use open source information to search for vulnerabilities in an organization’s systems. Open source information could include data from social media accounts or webpages. The second step of the process is delivery, where attackers attempt to gain access to systems to either obtain information or interfere with operational technology. This can be done in several ways, including:
- Malware: An umbrella term for harmful software designed to damage computers or systems. Types of malware can include ransomware, spyware, viruses, worms and trojans. In the case of a hospital, malware could result in an array of problems in regards to patient care, such as disrupting computers used for performing medical care, locking patient files, interfering with internal communications, and even disrupting power supplies.
- Phishing: Mass targeting of a populous using generalized messages, typically through emails, with the hope that an unsuspecting victim will open it, allowing for access into a system. Spear phishing works in a similar fashion, however it targets a specific person or company, which would fit in this instance.
- Brute force: Systematic attempts to guess passwords in order to access a system by force.
- Social engineering: Attempting to gain access to sensitive information by contacting members of an organization through social media.
- Denial of service (DoS): Flooding networks with large amounts of data, which can overwhelm servers and prevent legitimate users from accessing them. This would target something like online patient portals or the hospital’s website.
The third step of the process is breaching, where attackers gain access into a system and begin either tampering with or stealing data. It is at this point where areas with lower security are targeted and the data obtained can be used to access other systems. The last step in the process in pivoting, where attackers will attempt to gain access to other systems.