COVID-19 firefighting, Czech and US health services under cyber-attack
Monday, March 16, 2020
The tweet partly meant to dismiss the false information circulating after the multi-level hacking, of which senior Trump administration officials were aware, the report said.
"Organisations should urgently consider implementing and promulgating a clear, centralised and consistent internal process to communicate all the events and precautions related to the coronavirus pandemic. Corporate cyber-security and security awareness should constitute an invaluable part of such communications, as cyber-criminals are profiteering from obscurity and uncertainty,” commented Ilia Kolochenko, founder and CEO Immuniweb.
The administration is yet to attribute any perpetrator for the attack, in which no data was stolen or leaked, the report added. This is the latest in the stream of cyber-attacks riding on the wave of the Coronavirus scare across the globe.
Days after Czech Republic declared a state of national emergency, hackers attacked a hospital’s network, delaying dozens of coronavirus test results. Cyber-criminals have added the use of fake HIV test results to target insurance, healthcare, and pharmaceutical companies globally, SC Media Uk reported earlier.
“Coronavirus is a formidable and fairly unprecedented opportunity to trick panicking people amid the global havoc and mayhem. In light of the spiraling uncertainty and fake news, even experienced cyber-security professionals may get scammed by a well-crafted phishing email allegedly coming from a national health authority and involving his or her family or workplace,” said Kolochenko.
"We’ve seen hackers make use of persistent back doors using SSH machine identities in high-profile cases such as the attack on the Ukrainian power grid, or attackers hiding in encrypted traffic to breach Equifax because of expired TLS certificates, both of which are risks because of the cloud based, automated, remote working world that business is adopting. Security teams need to move quickly for the visibility, intelligence, and automation needed to protect machine identities and manage these threats.”
Complicating the matter is the presence of human judgement and emotions when it comes to pandemics such as COVID-19, noted Kolochenko.
“The more emotions and personal matters the attackers leverage, the more successful their campaigns will likely be. The human factor remains the most burdensome to mitigate by technical means among the wide spectrum of organisational cyber-risks, and the COVID-19 connection makes victims particularly susceptible to thoughtless actions.” Read Full Article
The Sun: Coronavirus cyber-scams go viral – including fake diagnosis, hacked maps and hoax donation pages
SC Media: Russian cybercrime forums seen selling malware-sabotaged COVID-19 map