COVID-19-themed cyber attacks hit healthcare bodies

abstract image Light traces. visualization of hacker attacks on information data server

There has been a spike in cyber attacks during the coronavirus pandemic, targeting government and medical organisations at the forefront of the response to COVID-19.

An analysis by online security consultancy Unit 42 says that COVID-19-themed attacks have been carried out on a range of targets, including a government healthcare organisation and multiple medical research university in Canada, a research institute in Japan and a Korean chemical manufacturer.

“Despite prior reporting by various sources indicating that some cyber threat attacker activity may subside in some respects during the COVID-19 pandemic, Unit 42 has observed quite the opposite,” says the security firm in a report on activity observed between 24 and 30 March.

Most of the incidents were phishing campaigns that took the form of either ransomware attacks – which if activated encrypt IT systems and demand a payment for bringing them back online – or ‘infostealer’ malware designed to gather information.

Some phishing emails were sent from a spoofed World Health Organization (WHO) email address, while others were ostensibly from companies offering equipment used in the response against the coronavirus.

Thankfully, none of them were successful, but Unit 24 notes that it isn’t a surprise to see cybercriminals “taking advantage of the ongoing COVID-19 pandemic crisis and using COVID-19 as a lure to entice victims to click on malicious attachments and infect their systems.”

Last month, cyber criminals launched a ransomware attack on London-based contract research organisation (CRO) Hammersmith Medicines Research which was working on coronavirus projects with the UK government.

IT staff repelled the attack by the Maze group, but not before the hackers stole and published sensitive information on more than 2,300 patients. Maze had previously pledged to not attacking any organisations involved in coronavirus research while the pandemic is ongoing.

Earlier attacks have targeted pharma companies as well, sometimes with extremely costly consequences.

In 2017, Merck was among a slew of companies hit by the notorious WannaCry ransomware attack, which disrupted medicine and vaccine production and cost the company $135 million in lost revenues. It also spent an estimated $175 million to shore up the security of its IT systems.

Last year, Bayer revealed it had been subjected to a year-long cyber-attack – thought to originate from the China-based Winnti hacking group – which took months to resolve.

Microsoft steps up

In response to news of the attacks, Microsoft has started offering its AccountGuard threat notification service – usually used by political groups – at no cost to healthcare organisations and human rights and humanitarian groups.

Citing recent attacks involving Brno University Hospital in the Czech Republic, hospital systems in France, Spain, Thailand and the US, and the World Health Organization (WHO), Microsoft says there is evidence that the bad actors are having an impact on COVID-19 testing and treatment as well as the delivery of guidance.

“In some cases, attackers could be looking for COVID-19-related intelligence, or to disrupt the provision of desperately needed care or supplies,” says the tech giant in a blog post.

“With today’s announcement, we are seeking to notify customers when we see attacks and provide guidance to help.”

Free access is available to hospitals, care facilities, clinics, labs and clinicians providing front line services as well as pharmaceutical, life sciences and medical devices companies until the pandemic subsides, according to Microsoft.