In our final part of our three-part series (Part I, II, and III ) article on hackers exploiting the coronavirus pandemic, we take a look at some of the attacks that have taken place on hospitals and research laboratories.
Healthcare systems compromised
Hackers have targeted hospitals and research laboratories working on a cure for the coronavirus in the UK and other places in Europe. The criminal activity has been traced to an organized crime syndicate that uses ransomware called Maze. Europol, the EU’s law enforcement agency, has received reports of cyber-attacks in almost all of its 27 member countries. They targeted computers at the London-based Hammersmith Medicines Research which is involved in creating a potential vaccine against the dreaded coronavirus. The hackers used encryption to lock down thousands of the company’s patient records and promised to publish them online if a ransom wasn’t paid.
The attack reminded the healthcare sector of the WannaCry ransomware attack of 2017. The WannaCry attack sent the healthcare department into a tizzy as thousands of patient details were made online amid medical appointments and surgery cancellations. Fortune.com has reported multiple attacks on the healthcare sector as he coronavirus pandemic rages on. John Fitzpatrick, Director of HPCsec, a London-based security company, created a tool to monitor the creation of suspicious website domains associated with the coronavirus.
Fitzpatrick said that in four days from March 19 to March 23, he had identified more than 650 domain names, many of which he said was highly likely to be associated with a surge in phishing messages.
Brno University Hospital in the Czech Republic was hit by a cyber-attack earlier this month that forced it to shut down its computers, cancel operations and relocate patients. The hospital was involved in carrying out tests for the coronavirus disease.
In the California biotechnology firm 10x Genomics Inc. suffered a similar attack on its computers. The company is involved in creating gene-sequencing equipment that is further used by the Vanderbilt University Medical Center, which is involved in profiling the human immune system for use in developing potential antibody therapies for the coronavirus.
The hackers claimed to have stolen a terabyte of information about more than 1,200 of the company’s employees and its internal computer systems.
Insurance, cybersecurity firms hit
Cybersecurity insurance company Chubb, which provides aid to companies affected by data breaches, has been hit by one itself, according to a report by TechCrunch. The attack was perpetrated by a ransomware group called Maze. Maze steals data, and its ransomware spreads through a network and infects every computer it comes into contact with. The ransomware also takes the data and puts it on an external server, where it’s held until payment. If a victim doesn’t pay, then the stolen files are published online. The FBI is aware of the group’s ransom demands and has kept them on the scanner for a while. After the attack, the FBI issued an advisory that stated ‘Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and mail spam campaigns impersonating government agencies and well-known security vendors.’ The attack made news in the tech world as Chubb is one of the largest cybersecurity companies in the US and it is involved in training other firms on how to deal with hacks and data breaches.
COVID-19 CTI League to the rescue
The fight against hackers continues even as the pandemic rages on. To prevent malicious attacks at such a time of crisis, an international group of nearly 400 volunteers with expertise in cybersecurity has pledged to keep hackers at bay. Called the COVID-19 CTI League, for cyber threat intelligence, the group spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft Corp and Amazon.com, Inc. The top priority of the group is fighting hacks against medical facilities and other frontline responders to the pandemic. The defense of communication networks and services that have become essential as more people work from home is also key to prevent large-scale ransomware attacks.
The group uses its contacts pool in internet infrastructure providers to squash garden-variety phishing attacks—a type of financial crime that uses the fear of COVID-19 or the desire for information on it to trick regular internet users.
Some ransomware groups have vowed not to hit hospitals and other health-care providers while the coronavirus continues. However, security analysts have asked to exercise extreme caution when dealing with an attack. They caution businesses and users against believing the hackers’ false assurances.
Most hackers and ransom groups are well-resourced, highly skilled, creative and agile, adapting quickly to any attempts by its targets to remediate the infections. If the current physical movement restrictions mandated by authorities as a result of coronavirus makes patching difficult, companies should at the very least firewall those devices off the internet. The vulnerable systems should also be isolated from the rest of the network or taken offline if alternatives can be deployed because they are likely to be compromised.
The attacks highlight the risks associated with exposing sensitive business applications directly to the internet, which is something that companies might be under increased pressure to do given the current work-from-home situation. However, remote management should always be performed through secure connections with VPNs or zero trust access gateways. To know more about Security trends, you can download our latest whitepapers on Security