Cyber Criminals are more efficient than always

Earlier this month as hospitals grappled with the COVID-19 pandemic, employees of several NHS (National Health Service) organizations in the UK received an email with the subject: “All Staff; Coronavirus Awareness.”

It was supposedly from their internal IT staff. The mail informed that the institution was preparing a seminar for all staff to talk about the deadly virus. It asked them to click on a link to register. The link took them to an Outlook web app which had a form that needed to be filled up by the employees.

In reality, anyone who filled it wasn’t going to attend any talk but was handing over their details to hackers – it was a malicious mail, one of the many, exploiting our anxieties over this deadly virus. Around the same time, hackers attempted to break into the email accounts of the World Health Organization (WHO) team members.

Unit 42, a global threat intelligence team at Palo Alto Networks and a realized authority on cyberthreat, mentions a ransomware variant (EDA2) found in attacks on a Canadian government healthcare organization and a Canadian medical research university, as well as an info-stealer variant (AgentTesla) used in attacks against various other targets (e.g., a United States defense research entity, a Turkish government agency managing public works, a German industrial building firm, a Korean chemical manufacturer, a research institute in Japan, and medical research facilities in Canada). Fortunately, none of these attacks were successful.

However, what is worse is that cybercriminals are shutting down the IT infrastructure of hospitals until they pay a hefty ransom according to a report in the Washington Post. In March, cyberattacks shut down computers at the Champaign-Urbana Public Health District in Illinois for three days. Finally, the district was forced to shell out $300,000 in ransom, as reported by the Pew Charitable Trust’s Stateline service. Another similar attack shut down computers at a university hospital in the Czech Republic, forcing them to turn away, victims.

A major attack was also reported in North-Rhine Westphalia, a province in western Germany. The government was allegedly duped of tens of millions of euros of emergency coronavirus aid and funding after it failed to secure its website from what seems to be a classic phishing attack.

 

Cybercriminals created copies of the original government website, distributed the link through targeted email campaigns, requested information from users, and simply replaced their bank account details with their own – leading to severe financial losses.

These incidents, alongside several others, have led the Interpol’s cybercrime threat acknowledgment team to issue a purple alert. It said a “significant increase” in such kinds of ransomware attacks have been detected around the world. Interpol has alerted all 194 of its member countries and is working with the cybersecurity industry to gather information about the attacks as well as assisting national police forces. Locking clinics out of their critical systems will not only delay the swift medical response required during these unprecedented times, but it could also directly lead to deaths.

 

NHS was also the target of the WannaCry ransomware attack in 2017. It was the largest ever cyberattack on the health service, locking out staff access to hundreds of NHS computers, starting to thousands of meetings being canceled and some A&E departments having to turn away ambulances. An assessment by western intelligence agencies tracked the attack to a North Korean hacking organization is known by researchers as the Lazarus Group

Post a Comment

0 Comments

'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();