March 17, 2020
Weaponized Pandemic: Actions Criminals Take in Tragic Times
There are no such thoughts as “we stooped to a new low” in the mind of cybercriminals.
With the news about an attack on HHS on Sunday, and a cyberattack on the Czech hospital that acted as the biggest COVID-19 testing laboratory in the country, we were presented with yet another piece of evidence underlining the ruthless nature possessed by some of the attackers.
This is not unprecedented, as history has numerous examples where hospitals were hit by ransomware or had their equipment infected in the middle of the crisis.
Ransomware attacks alone increased a whopping 350% during the last quarter of 2019, according to Corvus’ data science team.
Crisis Is a Time of Opportunity for the Hackers
While the type of attack the Brno hospital faced recently is undisclosed, ransomware seems like a plausible guess, as this type of malware can lock up the access to critical patient data.
As known from the news item, the situation was so severe that the hospital had to re-route new patients and postpone urgent surgeries, which falls in line with the consequences of the aforementioned attack. The staff was ordered to ‘shut down all computers’ to prevent a further spread.
Remote desktop protocol abuse, potential Server Message Block protocol exposure, or a credential-stealing tool like Mimikatz could all assist in this type of attack. Ransomware can move laterally across the infected network and reproduce without any user interaction whatsoever.
Ransomware use is huge right now. As Corvus states, more than 91% of ransomware attacks result from phishing.
This is not a surprising number, taking into consideration how medical facilities lack email filtering and scanning tools, and knowing how overworked employees must be right now to effectively navigate through the inbox and identify sophisticated lures.
It is easy to imagine that in moments such as this one, when the shortage of hands is real, and that hospitals are tested for their capacity, phishing becomes a lethal weapon. High-pressure situations where personnel have to act swiftly present the best time for such vile attacks, and with that, opportunities to accomplish twisted political and financial goals.
The use of coronavirus topics alone has now been attributed to Advanced Persistent Threat groups from China, North Korea, and Russia. There’s also a spike of registered webpages somehow related to coronavirus.
Sadly, there’s nothing to indicate that malicious email campaigns will stop anytime soon.
Emails Are Also Effective in the Information War
While a lot of us know that email is a premier infection carrier able to knock off medical facilities, recently it has also shown another capability able to cause panic.
That is, simply, spam. Emails providing recipients with information of any kind the attacker pleases to influence the behavior of the masses.
A viral email campaign about coronavirus in late February caused a ruckus and split the Ukrainian society even further, for example. All that it took to ignite hate, violence and mass protests was a message that seemed to come from the Ministry of Health, but in fact, originated from a foreign country. Lack of email authentication and the magnitude of recent events sparked the chaos, and this is a situation where you can’t blame anyone in particular.
Email works best for spreading misinformation, simply because the message is directed at you through a dedicated channel, which is different from finding something while surfing the web.
Email is also perceived as a way to deliver documents, which could contain various types of malware, not only ransomware.
With so much misinformation provided online, you really can’t help but wonder what’s true these days anymore. One thing is for certain though... People are anxious, and people have shown their worst sides during the outbreaks.
I’m sure many of you are aware by now of the whole supply hoarding and reselling scheme. The greed and mercilessness of human beings are off the charts.
All in all, email proves to be an effective tool to weaponize the pandemic. Email can be used to transport different types of malware, to steal user information and sell it on for profit, to spread misinformation, gain competitive advantage, influence the political climate in the whole country even. It gives criminals an easy way to disrupt the lives of others, and for that reason, it has to be taken with a grain of salt, even in times of scrutiny.
Please be extra cautious about what you get and what you read, and put your health in a fair priority, without harming others.