A new cyberthreat in healthcare is coming not from state-sponsored hackers or technologically sophisticated cybercriminal gangs — but from bored teens.
The latest generation of hackers has been dubbed "advanced persistent teenagers," TechCrunch reported Nov. 1. Groups like Scattered Spider and Lapsus$ have been tricking IT help desks, including in healthcare, into giving up employees' credentials.
"The trend that we're seeing is really around insider threat," Heather Gantt-Evans, chief information security officer of fintech card issuer Marqeta, said at the TechCrunch Disrupt conference Oct. 29. "It's much ... easier to manipulate your way in through a person than through hacking in with elaborate malware and exploitation of vulnerabilities, and they're going to keep doing that."
Federal agencies recently warned healthcare organizations to be on the lookout for hacking attempts from Scattered Spider, which uses artificial intelligence-enabled voice spoofing and voice phishing to impersonate employees and gain login IDs and passwords. Those hackers are thought to be around 19 to 22 years old and living in the U.S. and U.K.
Cybersecurity experts said these individuals also have a lot of time on their hands. "It's a different motivation than the traditional adversaries that enterprises see," Darren Gruber, a security advisor at database company MongoDB, said at the TechCrunch event.