While the whole world increases their efforts to contain the coronavirus pandemic and minimize its impact on humans and on the economy, cyber criminals are showing their most inhumane face. The U.S. Department of Health and Human Services, which is at the forefront of the U.S. Administration efforts, has suffered from a DDoS attack during the weekend, according to a Bloomberg report.
The cyber-attack targeted the Department’s computer system, probably as part of a campaign of disruption and disinformation that was aimed at undermining the response to the coronavirus pandemic. While a foreign state is suspected in the attack, the administration hasn’t provided any comments on this.
National Security Council also acknowledged the incident. “We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly,” said spokesman John Ullyot. “HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks.” He also added that all HHS and federal networks are functioning normally.
The attack, which involved overloading the HHS servers with millions of hits over several hours, didn’t succeed in slowing the agency’s systems significantly. “We had no penetration into our networks, we had no degradation of the functioning of our networks,” Health and Human Services Secretary Alex Azar said at a White House briefing on the coronavirus on Monday afternoon.
Just before midnight on Sunday, the National Security Council issued a tweet warning about “fake” text messages concerning “a two-week mandatory quarantine for the nation.” According to Bloomberg, it is believed that the message - spread by text, email and social media - was related to the HHS cyber-attack.
Although DDoS attacks are not sophisticated, it is the timing of the attack and the potential motive that raises significant concerns. The goal of these attacks is to prevent legitimate users from accessing the affected websites and systems. Considering the ongoing efforts to contain the coronavirus pandemic, the most prominent targets of such attacks are institutions that are providing information to the public regarding COVID-19. These institutions include local, state, federal, and government agencies, media outlets, pharmaceuticals companies and healthcare industries.
Unfortunately, this is not the only incident where cyber criminals are playing with fear and try to capitalize on emergency situations to wage their acts. The World Health Organization (WHO) has already warned that scammers posing as WHO representatives are trying to trick people into sharing their account access credentials or opening malicious email attachments. Scammers have also been sending email that exploits concerns about COVID-19 to spread malware. Researchers note that more than 4,000 coronavirus-related domains have been registered since the beginning of the year; of those, three percent are considered malicious, and another five percent are suspicious. Finally, security researchers have located an Android app which claims to provide access to a map with real-time virus-tracking and information, but in fact the app is laced with ransomware.
Undoubtedly the above are unfortunate events. At a time when nations struggle and mourn, although not unexpected, it is particularly tragic to witness.
“The attack on US HHS is the first sign that the world will soon also face a cyber-attack crisis in addition to the coronavirus pandemic,” said Kevin Bocek, VP, Security Strategy & Threat Intelligence at Venafi. “Attackers of all types – from cybercriminals seeking profits, terrorists and other seeking disruption, and nation states seeking to hit their targets when they are distracted - will abuse the public health crisis. While cybercrime to profit from phishing and fraud will grow, most worrisome are terrorists and nation states striking when many governments and businesses are placing their attention on pandemic response. Not just governments, but banks, payment providers, retailers, manufacturers must be on high alert for cyber-attacks,” adds Bocek.
While medical experts and healthcare personnel are on the front lines of a war against the pandemic, and we should be grateful for their efforts, cybersecurity professionals must be vigilant to ensure hackers do not use this public health emergency to cause chaos. “Now is not the time to consider cybersecurity optional. While the business environment is challenging, a cyber-attack can be a knockout for businesses and government not focusing on the threat,” says Bocek.
Cyber hygiene and especially maintaining secure machine identities is becoming more important because of the public health requirements to work from home. Many businesses have reverted to remote working because of this health emergency. While providing the same quality of services to their employees or customers is a critical operational factor, providing these services in a secure manner is of equal importance. However, poor certificate management can result in vulnerabilities and threats that can have a negative impact on business continuity.
“Especially worrisome, even more as the race for digital transformation, DevOps, and cloud use increases, automated machine and software driven process become increasingly vulnerable. Persistent back doors using SSH machine identities to take down the Ukrainian power grid or attackers hiding in encrypted traffic to breach Equifax because of expired TLS certificates, are all risks of the cloud-driven, automated, remote working, new world business is adopting. Security teams need to drive quickly for the visibility, intelligence, and automation needed to protect machine identities and enable the digital transformation needed for business to survive the pandemic and beyond,” concludes Kevin Bocek.
Everybody should stay safe and follow hygiene rules and governments’ measures. But at the same time everyone must be cyber safe.