COVID responders attacked by state-sponsored hackers: UK, US report
May 08, 2020
by Thomas Dworetzky, Contributing Reporter
Britain’s National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that state-sponsored hackers were mounting aggressive attacks on pharmaceutical companies, research organizations and local governments to ferret out information about efforts to fight the COVID-19 pandemic.
No specific culprits were identified, but unnamed sources from both nations told Reuters that the alarm was raised in direct response to Chinese, Iranian, and Russian-linked attempts.
Such efforts “frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities,” stressed the cyber groups, noting that they “may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19-related research.”
The news agency had reported recently on similar events, including a Vietnam-linked hack over COVID against the Chinese and a number of groups, including ones linked to Iran, who had launched attacks against the World Health Organization.
“These are organizations that wouldn’t normally see themselves as nation state targets, and they need to understand that now they are,” warned one unnamed official.
A CISA spokesman told the news agency that it was “no surprise that bad actors are doing bad things right now, in particular targeting organizations supporting COVID-19 response efforts.”
Of special note is that working from home, as many staffers now do, makes security even more challenging for organizations.
So much so that in April, Microsoft warned several dozen hospitals to take precautions against gateway and VPN appliance attacks during the pandemic.
It expressed concern specifically about REvil — also known as Sodinokibi — a ransomware campaign that actively exploits gateway and VPN vulnerabilities to access organizations.
“During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances,” it advised. “Unfortunately, one sector that’s particularly exposed to these attacks is healthcare. As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals.”
In mid-March the U.S. Health and Human Services Department got slammed with a cyber-attack, suspected at the time to come from a foreign state, that overloaded its servers with millions of hits over several hours, and also led to false rumors about the pandemic.
“Text message rumors of a national #quarantine are FAKE. There is no national lockdown,” tweeted the National Security Council just before midnight. “@CDCgov has and will continue to post the latest guidance on #COVID19.”
“We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly,” John Ullyot, a spokesman for the National Security Council, said in a statement at the time.
Cyberattacks have surged in recent years. A recent survey found that healthcare providers experienced triple the number of breaches to their records in 2019 than they did in 2018.
No specific culprits were identified, but unnamed sources from both nations told Reuters that the alarm was raised in direct response to Chinese, Iranian, and Russian-linked attempts.
Such efforts “frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities,” stressed the cyber groups, noting that they “may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19-related research.”
The news agency had reported recently on similar events, including a Vietnam-linked hack over COVID against the Chinese and a number of groups, including ones linked to Iran, who had launched attacks against the World Health Organization.
“These are organizations that wouldn’t normally see themselves as nation state targets, and they need to understand that now they are,” warned one unnamed official.
A CISA spokesman told the news agency that it was “no surprise that bad actors are doing bad things right now, in particular targeting organizations supporting COVID-19 response efforts.”
Of special note is that working from home, as many staffers now do, makes security even more challenging for organizations.
So much so that in April, Microsoft warned several dozen hospitals to take precautions against gateway and VPN appliance attacks during the pandemic.
It expressed concern specifically about REvil — also known as Sodinokibi — a ransomware campaign that actively exploits gateway and VPN vulnerabilities to access organizations.
“During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances,” it advised. “Unfortunately, one sector that’s particularly exposed to these attacks is healthcare. As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals.”
In mid-March the U.S. Health and Human Services Department got slammed with a cyber-attack, suspected at the time to come from a foreign state, that overloaded its servers with millions of hits over several hours, and also led to false rumors about the pandemic.
“Text message rumors of a national #quarantine are FAKE. There is no national lockdown,” tweeted the National Security Council just before midnight. “@CDCgov has and will continue to post the latest guidance on #COVID19.”
“We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly,” John Ullyot, a spokesman for the National Security Council, said in a statement at the time.
Cyberattacks have surged in recent years. A recent survey found that healthcare providers experienced triple the number of breaches to their records in 2019 than they did in 2018.