Earlier this month as hospitals grappled with the COVID-19
pandemic, employees of several NHS (National Health Service) organizations in
the UK received an email with the subject: “All Staff; Coronavirus Awareness.”
It was supposedly from their internal IT staff. The mail informed that the institution was preparing a seminar for all staff to talk about the deadly virus. It asked them to click on a link to register. The link took them to an Outlook web app which had a form that needed to be filled up by the employees.
In reality, anyone who filled it wasn’t going to attend any talk
but was handing over their details to hackers – it was a malicious mail, one of
the many, exploiting our anxieties over this deadly virus. Around the same
time, hackers attempted to break into the email accounts of the World Health
Organization (WHO) team members.
Unit 42, a global threat intelligence team at Palo Alto Networks
and a realized authority on cyberthreat, mentions a ransomware variant (EDA2)
found in attacks on a Canadian government healthcare organization and a
Canadian medical research university, as well as an info-stealer variant
(AgentTesla) used in attacks against various other targets (e.g., a United
States defense research entity, a Turkish government agency managing public
works, a German industrial building firm, a Korean chemical manufacturer, a research institute in Japan, and medical research facilities in Canada).
Fortunately, none of these attacks were successful.
However, what is worse is that cybercriminals are shutting down the IT infrastructure of hospitals until they pay a hefty ransom according to a report in the Washington Post. In March, cyberattacks shut down computers at the Champaign-Urbana Public Health District in Illinois for three days. Finally, the district was forced to shell out $300,000 in ransom, as reported by the Pew Charitable Trust’s Stateline service. Another similar attack shut down computers at a university hospital in the Czech Republic, forcing them to turn away, victims.
A major attack was also reported in North-Rhine Westphalia, a
province in western Germany. The government was allegedly duped of tens of
millions of euros of emergency coronavirus aid and funding after it failed to
secure its website from what seems to be a classic phishing attack.

Cybercriminals created copies of the original government
website, distributed the link through targeted email campaigns, requested
information from users, and simply replaced their bank account details with
their own – leading to severe financial losses.
These incidents, alongside several others, have led the
Interpol’s cybercrime threat acknowledgment team to issue a purple alert. It
said a “significant increase” in such kinds of ransomware attacks have been
detected around the world. Interpol has alerted all 194 of its member countries
and is working with the cybersecurity industry to gather information about the
attacks as well as assisting national police forces. Locking clinics out of
their critical systems will not only delay the swift medical response required
during these unprecedented times, but it could also directly lead to deaths.

NHS was also the target of the WannaCry ransomware attack in 2017. It was the largest ever cyberattack on the health service, locking out staff access to hundreds of NHS computers, starting to thousands of meetings being canceled and some A&E departments having to turn away ambulances. An assessment by western intelligence agencies tracked the attack to a North Korean hacking organization is known by researchers as the Lazarus Group

No comments:
If you have some difficulties. Let me know