Cyber Criminals Taking Advantage of Coronavirus Pandemic
Malware and phishing attacks during a global pandemic emphasize the need for trained cyber security professionals
The staggering number of new COVID-19 cases reported every day are one reminder that the world is facing massive upheaval. With an unprecedented amount of the workforce resigned to home offices and IT teams struggling to monitor activities of their co-workers, the coronavirus has also turned into a boon for cyber criminals.
While certainly not an exhaustive list, below are several ways cyber criminals are attacking NGOs, corporations, and private citizens. Security companies and cyber security professionals are able to intercept most breach attempts. That said, companies must remain vigilant while adjusting to the current situation in which remote employees are introducing new cyber risks into the corporate environment.
A Cyber Attack on the World Health Organization
The World Health Organization (WHO) is leading global efforts to combat COVID-19 while simultaneously fending off cyber threats from opportunistic criminals. According to RTE, cyber attacks against the WHO have increased two-fold since the beginning of March.
Reuters also reported that an elite cybercriminal organization is now using a website that mirrors the WHO’s internal emailing system. Attackers are using the site to send official-sounding emails to deliver malware and steal passwords from WHO officials.
Cyber Criminals Posing as Government Officials
Criminal enterprises are also taking advantage of the new U.S. stimulus package along with the goodwill of American citizens who are interested in combatting the virus. Two new phishing campaigns have been spotted recently. One is from an email address similar to the Internal Revenue Service asking recipients for banking information in preparation for stimulus checks.
The F.B.I. has also confirmed phishing emails from an email account that is mimicking the Center for Disease Control (CDC). Attackers are sending emails asking for bitcoin donations that will help fund a vaccine and distributing malware-infected COVID-19 maps.
Attacks on the Healthcare Industry
Going against previous promises to leave healthcare services alone during a global pandemic, a criminal outfit targeted the British clinical research company Hammersmith Medicines Research with Maze ransomware in early March. After stealing personal identifying information from thousands of former research subjects, the perpetrators demanded ransom that Hammersmith refused to pay. Sensitive information including passports and drivers’ licenses were then publicly released as retribution.
Hammersmith tested vital Ebola vaccines during the 2015 pandemic and is currently on hold preparing to test possible COVID-19 solutions. Unfortunately, Hammersmith is not the only health care organization targeted since the global crisis began. The Wall Street Journal reported that the Czech Republic’s second largest hospital was also attacked, crippling their systems for nearly two weeks. In the United States, a hospital group based out of Champagne, Illinois was forced to pay a $350k ransom in order to retrieve control of their network.
Cyber Security Never Stops
What’s become clear over the last two months is how essential cyber security is to business continuity, and the growing need for trained cyber security professionals. Online criminals have stepped up their attacks since the coronavirus began paralyzing industries worldwide. Once the pandemic has ended, many companies, NGOs and governments will need to reassess their cyber security program and ramp up new measures to defend against the next attack.
eLearnSecurity offers red, blue and purple team courses and training paths that prepare students for real-world cyber attack scenarios. Certifications allow students to build their resumes and prove their skills to prospective employers. For more information on our offerings, check out our course page today.