As nations around the world struggle with the COVID-19 pandemic, cybercriminals are taking advantage of the situation.
The healthcare industry has long been a favorite target for hackers. Attackers wage email phishing campaigns against healthcare employees and attempt to install “ransomware”—software that encrypts files and data with a private key that only the attackers have. Depending on the extent of their access, hackers can cripple IT systems throughout the facility. Then, they issue a ransom demand to administrators.
The hackers know that their attacks can make a hospital unable to render effective care to their patients. They know this places hospital administrators under tremendous pressure, with no quick solution other than to pay the ransom, so they can meet the needs of those in their care.
Therefore, ransomware attacks are common in the healthcare industry. Just in the last quarter of 2019, ransomware victims included a hospital in Washington State, three hospitals in Ontario, a three-hospital network in Alabama, seven hospitals in Australia, a 17-hospital network in New Jersey, and more.
However, those attacks preceded the COVID-19 pandemic. It might seem that this international crisis would cause the hackers to reconsider their actions—that they would have compassion, and would stop attacking healthcare systems which are, in some countries, extremely strained.
That expectation is wrong. Even as the pandemic grows worse, cyberattacks continue on hospitals, government healthcare administrators, and others.
On March 16, the secretary of the US Health and Human Services Department said that the Department had been hit with a DDoS (Distributed Denial of Service) assault. Hackers attempted to knock its website offline by overwhelming it with traffic; in the space of a few hours, the site received millions of hits.
Smaller organizations are being attacked too. In Illinois, the website of the Champaign-Urbana Public Health District was breached, and hackers were able to install NetWalker ransomware. Employees of the district, which serves over 200,000 people, were unable to access their files.
Perhaps the most egregious incident occurred at the Brno University Hospital in the Czech Republic. On March 13, a sudden and massive cyberattack resulted in the immediate cancellation of all surgeries, a re-routing of urgent patients to other hospitals, and the shutdown of its entire IT network. Two other facilities (the Children’s Hospital and the Maternity Hospital) were also affected.
The hackers’ motives were not immediately known, but this attack seems especially ruthless. The Brno University Hospital is one of the Czech Republic’s biggest testing laboratories for COVID-19, and it plays a key role in the fight against the growing viral outbreak in that nation. Although the attack did not disable operations within the hospital’s individual laboratories, it did make it impossible for their test results to be transferred into the patient database system. System outages lasted for days (and as this article is being written, have still not been fully resolved).
Not just healthcare
Outside of the healthcare industry, hackers are exploiting the viral outbreak in a number of ways. Many attempts are crude and easily identified, such as the growing number of spam emails promising “Coronavirus cures” and so on.
However, many attacks are much more sophisticated. Recently a malware campaign was unleashed in Italy that reached an estimated 10 percent of all organizations in the country. Malicious emails were sent that appeared to originate from the World Health Organization, claiming to have important information about “necessary precautions against coronavirus infection.” Victims who opened the attachment received a nasty payload: the Trickbot banking trojan.
Even some governments are exploiting the COVID-19 situation, and using it to wage cyberattacks. In February, a state-sponsored group in Russia attacked Ukraine with a malware campaign. Ukrainians received messages allegedly from the Center for Public Health of the Ministry of Health of Ukraine, with information about COVID-19. The emails actually contained a backdoor trojan. A few days later, North Korea tried a similar tactic against targets in South Korea.
Ironically, one of the nations mostly actively exploiting the pandemic is China. Security researchers have identified several state-sponsored attacks coming from China, which used sophisticated social engineering and COVID-19 themes to accomplish their goals.
One attack aimed to penetrate government computers in Mongolia, and install remote-access malware. It used messages which appeared to be press briefings about COVID-19 from the Mongolian Ministry of Foreign Affairs. Another attack was aimed at targets in Vietnam; emails which claimed to be from the Vietnamese Prime Minister actually installed backdoor trojans on recipients’ computers.
Lessons to learn
As the COVID-19 pandemic continues, cybercriminals are revealing their true natures: they are callous, relentless, and ruthless. In a time of crisis, they are not restraining themselves. Instead, they seek to exploit it.
Executives must ensure that their employees are well-informed about these ongoing attempts to exploit COVID-19 for criminal purposes. In times of fear and uncertainty, it is easy for employees to be overwhelmed—so overwhelmed that they will forget basic rules about email hygiene, and will eagerly open attachments that seem to offer useful information. This is how security disasters such as ransomware encryption can happen.
Even in the midst of tragedy, organizations must not relax their vigilance. Executives must ensure that their organizations maintain effective security, and must remind and encourage their employees to do so.
Obviously, when the world is facing a situation like the current pandemic, it can be challenging to raise and discuss mundane issues like email hygiene. But it is not only possible to do this delicately and respectfully—in the current environment, it is vitally important to do so.
