Cyberattacks continue to mount during COVID-19 pandemic

From PPE phishing scams to ransomware to hospital supply chain risks, hackers and scammers are seizing on the chaos of the coronavirus crisis.
By Nathan Eddy
11:24 AM

Intelligence agencies, security firms and Big Tech giants and all ringing alarm bells over the growing threat from cybercriminals in the wake of the global COVID-19 pandemic – with ransomware attacks, opportunistic phishing threats and other malicious activities all threatening healthcare organizations worldwide.

Scams by so-called gray-marketers for personal protective equipment have been increasing steadily as healthcare professionals face shortages of critical supplies.

The FBI has issued a warning about Kwampirs malware targeting supply chains including the healthcare industry – Kwampirs is a backdoor Trojan that grants remote computer access to attackers.

"One of the reasons for this increased risk to the supply chain and the healthcare sector is a rise in the number of people who are now working from home because of the COVID-19 pandemic," Elad Shapira, head of research for third-party security-management-automation specialist Panorays, wrote in a research note.

"As a result, companies now face technology risks such as unmanaged devices, shadow IT and insecure access, along with human risks like increased phishing attempts."

Meanwhile, Microsoft is warning hospitals to watch out for sophisticated ransomware attacks that could target them through their VPNs and other network devices. The company has already sent targeted notifications to dozens of at-risk hospitals.

In particular, Microsoft singled out the ransomware campaign REvil (also known as Sodinokibi), which actively exploits gateway and VPN vulnerabilities to gain a foothold in target organizations.

Following a successful exploitation, attackers can then steal credentials, elevate their privileges and move laterally across compromised networks, installing ransomware or other malware payloads.

Critical infrastructure systems in hospitals are particularly threatened by ransomware, which can be locked up by malicious actors and only unlocked following hefty payments.

Cybercriminals are also exploiting the crisis by selling Chloroquine, COVID-19 test kits and respirators for astronomical prices, reported a cybersecurity software provider, a finding that mirrored recent advisories from European law enforcement agency Europol.

The firm found underground vendors offering surgical masks and N95 respirators for a 400% to 500% markup, and others selling prescriptions of Chloroquine plus Azithromycin for $500 to $1,000, which for a 30-day, 250 mg. prescription would normally run between $111 and $165.

The World Health Organization has reportedly seen attempted cyberattacks double since the onset of the COVID-19 crisis, and a vaccine-testing facility has also been targeted with ransomware.

As healthcare organizations battle the pandemic, they're also facing heightened cybersecurity threats from malicious actors looking to take advantage of the crisis caused by the outbreak.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.