Lessons Learned From COVID-Related Cyberattacks

May 19, 2020

As expected, cybercriminals have shifted into overdrive to take advantage of the COVID-19 pandemic. The range of targets has been enormous. Government agencies around the world are among the early victims, and while some hackers promised to stay away from healthcare organizations during the coronavirus outbreak, hospitals, among other providers, are seeing active attacks

Security engineer in front of a laptop with two screens.

To follow, we take a look at some of the cyberattacks related to COVID-19 and share advice on how your organization can better prepare for these types of threats.

Italian Welfare Agency INPS

Hackers attacked Italy's social security agency INPS at the most inopportune time, just as citizens impacted by the coronavirus lockdown began applying for aid. The attack forced the agency to take its website offline for a couple of days.

What happened: 

While few details about the incident are available, there is a high probability it was the result of an orchestrated distributed denial-of-service (DDoS) attack. INPS’s president said the site received as many as 100 requests per second, according to some reports.

Takeaway: 

Botnets are typical culprits behind DDoS attacks, and blocking malicious IPs known for hosting bots is one way to fight proactively. Consider security tools like a web application firewall, and follow best practices for preventing malware infections, such as using strong endpoint security.

Champaign Urbana Public Health District

Illinois' Champaign Urbana Public Health District was the victim of a ransomware attack in March. The attack took the agency's primary website offline for several days, during a time when disseminating public health information was crucial.

A road map with Champaign, Illinois in the center.

What happened: 

The ransomware launched in this attack was NetWalker (formerly Mailto). For now, it appears its aim is directed on the healthcare sector, but it likely won't stop there. The bad actors behind the attack use coronavirus-themed phishing emails to lure recipients to download a malicious executable file, which proceeds to hold the targeted organization’s systems or data hostage.

Takeaway: 

Cybercriminals leverage current events in their phishing campaigns, and COVID-19 is especially attractive to them because it preys on people's curiosity and fears at the same time. User awareness training is your best prevention tool. Make sure employees can spot phishing emails and know how to report or flag them. Additionally, monitor your network 24x7 to quickly identify anomalies in traffic and user behavior.

Hammersmith Medicines Research

Cybercriminals behind the Maze ransomware attacked U.K. medical research company Hammersmith Medicines Research, which was on standby to test COVID-19 vaccines. The Maze group broke its own earlier promise not to attack healthcare organizations during the coronavirus crisis.

What happened: 

The healthcare company managed to stop the attack while it was in progress and restored its systems within the same day. Despite this, the hackers proceeded to extort the ransom and published sensitive personal and medical information dating back eight to 20 years.

Takeaway: 

Cybercriminals often go for the low-hanging fruit, targeting organizations that are the most likely to be vulnerable. During this current unprecedented situation, however, any organization that has had to move to a work-from-home (WFH) environment is vulnerable. The best way to mitigate the new WFH risks is through network monitoring, so you can quickly detect and triage threats.

World Health Organization (WHO)

The WHO and its partner agencies have become a prime target during the pandemic. The global agency has experienced multiple hacking attempts, prompting it to issue a warning to the general public that scammers are impersonating the organization.

What happened: 

In the latest unsuccessful attack, hackers tried to compromise the WHO's IT systems to get a foothold inside the agency in an espionage attempt. Some experts believe it was the handiwork of an elite hacking group called DarkHotel, which has been active since 2004.

Takeaway: 

DarkHotel's advanced persistent threat activity through the years has targeted industries such as hotels and business centers, among others. One of its tactics is to go after internet connections and Wi-Fi. Ensure you only use encrypted connections—including for your WFH workforce—as well as employ advanced threat detection and response capabilities so you can quickly identify threats.

Brno University Hospital

Czech Republic's Brno University Hospital, one of the country's largest COVID-19 testing facilities, was attacked in March. The hospital was forced to immediately shut down its computer systems while in the crucial stage of its coronavirus response.

What happened: 

Details about the attack are unclear, but ransomware is suspected. The attack crippled the hospital's ability to store data digitally or transfer it to other systems.

Takeaway: 

A recovery plan is imperative for your ability to get your business operations back up and running quickly. With business dynamics in flux, now is a good time to review your backup and business continuity procedures.

Next Up: Other Sectors

Attackers are primarily focused on healthcare and government sectors currently because those are the most vulnerable organizations. But organizations in other industries should expect these campaigns to expand their focus to target them as well.

Keep in mind that the malware and ransomware families observed in the COVID-19 campaigns have been used successfully in the past against businesses in transportation, finance, and other industries—so always remain vigilant.

And if your organization needs help staying protected against cyberthreats, a managed detection and response solution may be the answer. Contact Arctic Wolf to find out how to start boosting your security posture. 

 

Previous Article
COVID-19 Weekly Threat Roundup: May 22
COVID-19 Weekly Threat Roundup: May 22

The May 22 COVID-19 Weekly Threat Roundup highlights recent cyberattacks, featuring information on IOCs, at...

Next Article
COVID-19 Weekly Threat Roundup: May 15
COVID-19 Weekly Threat Roundup: May 15

The May 15 COVID-19 Weekly Threat Roundup highlights recent cyberattacks, featuring information on IOCs, at...

×

Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Company
Country
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!