Like many people today, you may have visited the World Health Organization’s (WHO) website for the first time to get the latest official news on the COVID-19 crisis rocking the world this year. The global health authority has been at the center of everything recently as concerned citizens around the world seek accurate information in a sea of fake news. The WHO even set up a new WhatsApp-based health alert messaging service to provide reliable information to billions of worried people around the world as they do everything they can to reduce the impact of this major crisis.
What you might not have heard is that cyberattacks against the WHO have doubled in the past month during the crisis. On March 13th, suspicious activity at the WHO was first flagged to news agency Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity. Urbelis noticed a group of hackers he'd been following had activated a malicious site mimicking the WHO's internal email system.
"I realized quite quickly that this was a live attack on the World Health Organisation in the midst of a pandemic," said Urbelis, who has also tracked thousands of coronavirus-themed web sites being set up daily, many of them obviously malicious. "It's still around 2,000 a day," he said. "I have never seen anything like this."
Flavio Aggio, Chief Information Security Officer at the WHO, confirmed that the fake WHO website spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staff. "There has been a big increase in targeting of the WHO and other cybersecurity incidents," Aggio said. "There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled."
While Costin Raiu, head of global research and analysis at Kaspersky, could not confirm suspicions that the hacker group ‘DarkHotel’ was responsible for the WHO attack but said the same malicious web infrastructure had also been used to target other healthcare and humanitarian organizations in recent weeks. "At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country," he said.
A COVID-19 vaccine test center was hit on March 14th and Paris hospital suffered a hack on March 22nd but healthcare and humanitarian organizations are not alone in seeing increased cyberattacks. As many of the world’s businesses are being forced into a sudden remote working situation, they are faced with all the cybersecurity issues that the industry has continually warned against for decades — accessing company networks from less secure home networks creates huge vulnerabilities.
“We always say that you can’t manage what you don’t know about and that is going to be a truth with nightmare consequences for many companies and government agencies struggling to respond to the coronavirus situation,” said Dr. Barbara Rembiesa, president and CEO of IAITAM. “The impulse to send employees home to work is understandable, but companies and agencies without business continuity plans with a strong IT Asset Management (ITAM) component are going to be sitting ducks for breaches, hacking, and data that is out there in the wild beyond the control of the company.”
COVID-19 themed phishing scams started circulating as early as January, preying on fear and confusion around the crisis. Such attacks have increased ever since and there is much worse to come according to Dave Waterson, CEO at security protection software company, SentryBay. “Endpoints are notoriously vulnerable, with as many as 42% being unprotected at any given time. With so many people using compromised laptops or home computers to log-in to the corporate network, they are creating a weak link in the security chain, and potentially devastating damage to their employer at what is already a very testing time.”
The conditions are ripe for cyberattacks of all sorts, and suspicions are rife for activity from all kinds of cyberattacker. Reports suggesting that two major cybercrime groups issued statements saying they will not attack healthcare and medical targets during the coronavirus crisis, are hardly inspiring confidence as overall attacks continue to rise. The reality is that everyone is distracted and that presents opportunities for criminals of all kinds.
Millions of new remote workers around the world are making understandable mistakes that open the door to hackers. IT departments tasked with securing company networks are often down to skeleton crews and facing a situation that a full staff would struggle with. Meanwhile, hackers around the world are being asked to stay home, essentially encouraged to sit in front of their computers all day. A perfect storm for cyber mayhem that even state-hackers want to take advantage of.
“Whatever your baselines are, you’ve probably departed from them now with all of this remote access. So anything you thought you were going to get out of certain tools you’re not going to get anymore—and a lot of times everything, every connection is just lighting up like a Christmas tree,” says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. “There’s no question that some intelligence agencies are going to take advantage of this. Plus, everybody is just so distracted. It definitely presents an opportunity for attackers to be a little bit noisier and a little more aggressive. I would be very surprised if they don’t take advantage of that.”
These are strange times. As the coronavirus pandemic continues, it is truly bringing the best out of so many. Caring individuals, communities, and businesses have come together in remarkable ways to help those suffering and those trying to control the spread of the virus. However, this crisis is also bringing out the worst of society, from those spreading fake news to those hoarding vital supplies, to those ignoring lockdown policies and putting lives at risk. In our connected age, many cybercriminals have chosen to exploit fear and seize the opportunities presented by the crisis. While we will recover from COVID-19, we may never be immune to cyberattacks.