In recent weeks, we have seen growing threats to cybersecurity and privacy by malicious actors seeking to exploit the COVID-19 pandemic. As companies transition their employees to remote working and focus their efforts on core business continuity, hackers are actively targeting companies’ cloud-based remote connectivity, lack of multi-factor authentication, and potentially insecure digital infrastructure to exploit vulnerabilities. The need for robust cybersecurity measures is more pressing than ever, and governmental organizations are issuing calls to action.
This past weekend, INTERPOL issued a warning that healthcare institutions fighting the global pandemic have become the focus of ransomware attackers. Ransomware attacks lock targets out of their digital infrastructure systems and demand ransom payments in return for a key to unlock them. According to INTERPOL, there has been a “significant increase in the number of attempted ransomware attacks” against healthcare institutions responding to the virus. “Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.” Such attacks delay prompt medical response at a time when hospitals across the globe are working beyond capacity with patients seeking critical medical care. INTERPOL reports that healthcare-targeted ransomware is spreading mainly through phishing campaigns. INTERPOL’s warning is a stark reminder that prevention and mitigation efforts are especially critical during these uncertain times, as criminals seek to leverage the world's circumstances to their financial advantage.
This guidance comes on the heels of a cyber incident at the U.S. Department of Health and Human Services, as well as an unsuccessful cybersecurity attack on the World Health Organization – both of which are involved in responding to the coronavirus pandemic in the U.S. and around the world. It also comes at a time when cyber assaults deploying ransomware are on the rise.
While INTERPOL’s notice focuses on potential targets within the world’s critical healthcare infrastructure, the international police organization is not the only agency pushing for increased and constant vigilance. This morning, the U.S. Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security (“CISA”) and the U.K.’s National Cyber Security Centre (“NCSC”) issued a joint advisory warning the public that cybercriminals are exploiting the novel coronavirus in an amplifying threat to individuals and organizations.
In the press release announcing the joint advisory, CISA described recent scams, including phishing emails and text messages that appear to come from trusted agencies, such as the World Health Organization, and purporting to offer medical supplies to fight the pandemic. In some instances, CISA and NCSC have observed cybercriminals scanning for publicly known vulnerabilities in telecommuting infrastructure and VPN products. As we previously reported, CISA has already urged organizations across industries to implement a “heighted sense of cybersecurity” during the pandemic. The joint advisory notes that “this is a fast-moving situation” and both individuals and organizations “should remain alert to increased activity relating to COVID-19 and take proactive steps to protect themselves.” In the advisory, CISA and NCSC provide detailed indicators of compromise, as well as recommendations for organizations and individuals seeking to mitigate the increasing threats. Nonetheless, as attackers prey on people’s charitable instincts, health concerns, and need for information regarding the pandemic, the U.S. and U.K. agencies warn that the frequency and severity of COVID-19-related cyberattacks will be on the rise in the coming weeks and months.
We will continue to monitor the unique threat environment arising from the COVID-19 pandemic.