A senior cybersecurity official with the U.S.’s Federal Bureau of Investigation said on Thursday that foreign government hackers have broken into biotech and pharmaceutical companies conducting research into treatments for COVID-19, the respiratory illness caused by the corona virus. The news follows reports that hospitals are being targeted with ransomware attacks that aim to shut them down until they pay fees of millions of dollars. Attacks on banks and other financial institutions spiked by 38% between February and March, according to security experts, and the U.S. Department of Homeland Security and the UK’s National Cyber Security Centre issued a report last Friday warning all businesses to be on the alert.
The alerts illustrate how the pandemic is highlighting the flaws in cybersecurity in the public and private sectors.
FBI Deputy Assistant Director Tonya Ugoretz told participants in an online panel discussion hosted by the Aspen Institute that the bureau had recently seen state-backed hackers poking around a series of healthcare and research institutions, according to a Reuters story.
“We certainly have seen reconnaissance activity, and some intrusions, into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research,” Ugoretz told conference attendees.
Ugoretz said it made sense for institutions working on promising treatments or a potential vaccine to tout their work publicly. However, she said, “The sad flipside is that it kind of makes them a mark for other nation-states that are interested in gleaning details about what exactly they’re doing and maybe even stealing proprietary information that those institutions have.”
Meanwhile, hospitals that are already pushed to their limit dealing with a patient surge from the novel coronavirus pandemic are being targeted with an array of ransomware attacks. Such attacks shut down computers at the Champaign-Urbana Public Health District in Illinois for three days in March and forced the district to shell out $300,000 in ransom, as reported by the Pew Charitable Trust’s Stateline service. Another attack shut down computers at a university hospital in the Czech Republic, which was forced to turn away patients ,according to a story in The Washington Post.
The attacks have prompted stark warnings to hospitals from the Department of Homeland Security and from Interpol, which warned of a “significant increase” in cyberattacks targeting hospitals around the globe. Interpol issued a “purple notice” — basically a warning about a criminal trend and its methods — alerting police in 194 countries about the heightened ransomware threat, the Post reported.
Medical testing laboratories, companies delivering critical supplies and medical device manufacturers have also faced ransomware attacks since the start of the coronavirus outbreak, Brett Callow, a threat analyst for cybersecurity company Emsisoft Ltd, told the Wall Street Journal.
The finance sector has also been increasingly targeted during the COVID-19 surge. Between February and March, there was a 38% increase in cyberattacks against financial institutions, according to a blog posting by the VMware Carbon Black Threat Analysis Unit. It noted that in February the retail sector led the majority of observed threats with just over 31%, but shrank to 1.6% in March, suggesting that as retail organizations shifted to remote business models, attacks actually went down and attackers shifted to target financial organizations.
Of the 52% of attacks targeting the financial services sector in March 2020, 70.9% of those came from the Kryptik trojan, which attempts to target victim machines via nefarious installers, according to the unit’s blog post. It then attempts to acquire admin rights to make registry modifications, allowing it to execute each time a Windows machine boots.
The Kryptik trojan can be very persistent and, without the appropriate visibility, can be difficult to detect as it often deletes its executable file after running.
More generally “attackers have been using Covid-19 to launch phishing attacks, fake apps/maps, trojans, backdoors, cryptominers, botnets and ransomware,” says the unit’s blog. “Increased vigilance and visibility into enterprise-wide endpoint activity are more paramount than ever.”
Indeed, an April 8th advisory issued by the UK’s National Cyber Security Centre (NCSC) and the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) said the agencies have detected cyber criminals scanning for vulnerabilities in software and remote working tools as more people work from home during the pandemic.
Widespread office closures worldwide have overloaded some virtual private networks with remote workers, reports EnterpriseTalk. The most crucial question business will now have to scale up virtual private networks (VPNs) to handle the surge in traffic.
IT teams are being pulled between aggressively policing potential breaches and helping employees maintain productivity, says the story. Such a balancing act — let alone new security investments — makes it difficult for businesses to tighten their budgets amid an economic slowdown. “It is evident that the businesses cannot focus on proactively patching, as well as maintaining their networks. And the risk is that most remote workers are now using their own computers, email, and file-sharing accounts. These are often accessed through the public Internet, and private tools increase the surface area for attacks. This helps in more successful data breaches as it is very challenging for intrusion-detection tools and cybersecurity teams to monitor in such situations,” the story says.
At least three major industry groups are working to counter the latest cyber threats and scams, according to a report in KrebsOnSecurity. Among the largest in terms of contributors is the COVID-19 Cyber Threat Coalition (CTC), which comprises rough 3,000 security professionals who are collecting, vetting and sharing new intelligence about new cyber threats.
Using threat intelligence feeds donated by dozens of cybersecurity companies, the CTC is poring over more than 100 million pieces of data about potential threats each day, running those indicators through security products from roughly 70 different vendors. If at least 10 of those flag a specific data point — such as a domain name — as malicious or bad, it gets added to the CTC’s blocklist, which is designed to be used by organizations worldwide for blocking malicious traffic.
Another Slack-based upstart coalition called the COVID-19 CTI League spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft Corp and Amazon.com Inc.
Mark Rogers, one of several people helping to manage the CTI League’s efforts, told Reuters the top priority of the group is working to combat hacks against medical facilities and other frontline responders to the pandemic, as well as helping defend communication networks and services that have become essential as more people work from home.
Among the more mature organizations working to counter the threat from COVID-19 scammers is the Cyber Threat Alliance, a industry group founded in 2017 that counts among its members more than two dozen major cybersecurity firms that are all required to regularly share threat intelligence with other members.“One thing we’re paying attention to in addition to phishing and malware attacks is anything targeting stuff involved in the pandemic response, such as the manufacturers of protective gear, testing kits, or hospitals,” CTA President Michael Daniel told KrebsOnSecurity. “One of those organizations getting hit with ransomware now would be really bad, and we want to make sure if we see that we’re alerting and working with law enforcement.”
You can read more of The Innovator’s News In Context articles here.