Cybercriminals are creating up to 2,000 COVID-19-themed websites every day and are continuing to launch attacks against healthcare. That is the key message from the April Global Threat Intelligence Centre (GTIC) report issued by NTT Ltd. The company is also providing 60 days of free cybersecurity Incident Response to hospitals across the UK and Ireland, Europe, North America, Australia and Singapore.
In a statement, Matt Gyde, President and CEO, Security Division at NTT Ltd, said: “Unfortunately malicious actors are launching cyberattacks that attempt to exploit panic, security vulnerabilities, and the fact that our hospitals are already under huge pressure. Hospitals across the globe need help to be able to respond to threats quickly as they carry out their hugely important work in the fight against COVID-19.”
Threat actors continue to leverage COVID-19
Threat actors have been quick to exploit global fears over the COVID-19 pandemic. Websites containing malware and fake news, phishing attacks, fake apps and infected documents are just some of the ongoing attacks. The attacks are not just targeting those working from home. There is a concerted campaign that is launching ransomware attacks against hospitals.
February saw a significant rise in phishing attacks that directed users to newly-registered domains. According to Danika Blessman, Sr Threat Intelligence Analyst, NTT Ltd, it is likely that many of those domains are illegitimate.
Blessman says that while phishing continued in March, it changed its focus. It moved from a broad blast to a more focused approach. Attacks are tuned by country, industry and even target companies. Among the latter are the shopping and deliveries of the victim.
There is also an increase in information-stealing malware such as Trickbot. Documents using macros distribute the malware. When the user allows the macros to run, it installs the malware on their device. The malware not only attacks the device of the victim but also moves across networks to infect other machines. Users working from home often have less security on personal devices that are connected, via VPNs, to corporate networks.
Blessman also warns that what looks like legitimate software to clean computers, WiseCleaner, is distributing malware. It includes the COVID-19 ransomware and a password-stealing Trojan called Kpot.
Nation-state actors getting in on the game
There is also evidence that nation-state actors are taking advantage of the situation to launch attacks. Blessman calls out APT41, a Chinese hacking group that has increased its activities since February. She says it is targeting organisation such as: “healthcare, telecommunications, government/defense and finance” across several countries such as: “Japan, India, the US, France, Australia and Canada.”
Blessman also notes that: “only handful of attacks have been successful.” The attacks are focused on Citrix and use known vulnerabilities. It is likely that APT41 is looking for insecure gateways supporting remote workers.
NTT Ltd offering support to hospitals
Alongside the April GTIC report, NTT Ltd has announced a 60 free support for hospitals to help with Incident Response. Like many other security companies, NTT is aware of the number of security issues facing healthcare at the moment. Attackers, both cybercriminals and nation-state, are taking advantage of the COVID-19 workload to launch ransomware attacks.
This is not to say that other organisations are not affected. The overwhelming move to work from home (WFH) has created a vast opportunity for attackers. They are looking to exploit any weakness that they can to launch lucrative attacks.
In healthcare, many GPs and other medical professionals are using online services to support patients. They use computers that are connected to medical networks and hospitals. It makes them key targets for attackers who see them as the weak link. It is important that organisations recognise this and adapt accordingly.
Enterprise Times: What does this mean
It is no surprise that attackers are taking full advantage of the current COVID-19 pandemic. What is important, however, is that organisations recognise the threat and begin to address it. The increased use of personal devices in insecure environments, such as the home, increases the risk. Cybercriminals know this and are crafting their attacks accordingly.
Like other organisations, NTT Ltd is putting out as much information as it can to its customers. It is also looking to support critical organisations in their time of need. This is more than just good PR. It is a key element of any social responsibility process and one that the whole cybersecurity industry is responding to.
There is a serious question that most organisations have to answer. Given the type of attacks that Blessman has called out, how are organisations educating their users? Without education, people will continue to fall prey to attacks. Organisations need to ensure that they can take the information coming from NTT Ltd and other vendors, and deliver that to their users.