Global cyber attacks on the increase during COVID-19 crisis

Stockholm, Sweden

Researchers at Memoori have found that, even during this worldwide COVID-19 crisis where the majority are pulling together in the fight against the pandemic, there is an army of hackers carrying out an increasing number of malicious cyber attacks on all manner of organisations including the WHO, and other healthcare and charitable organisations.

Like many people today, you may have visited the World Health Organization’s (WHO) website for the first time to get the latest official news on the COVID-19 crisis rocking the world this year. The global health authority has been at the centre of everything recently as concerned citizens around the world seek accurate information in a sea of fake news. The WHO even set up a new Whatsapp-based health alert messaging service to provide reliable information to billions of worried people around the world as they do everything they can to reduce the impact of this major crisis.

However, according to Memoori, cyber attacks against the WHO have doubled in the past month during the crisis. On March 13th, suspicious activity at the WHO was first flagged to news agency Reuters by Alexander Urbelis, a cyber security expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity. Urbelis noticed a group of hackers he’d been following had activated a malicious site mimicking the WHO’s internal email system.

“I realised quite quickly that this was a live attack on the World Health Organisation in the midst of a pandemic,” said Urbelis, who has also tracked thousands of corona virus-themed web sites being set up daily, many of them obviously malicious. “It’s still around 2,000 a day,” he said. “I have never seen anything like this.”

Flavio Aggio, Chief Information Security Officer at the WHO, confirmed that the fake WHO website spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staff. “There has been a big increase in targeting of the WHO and other cyber security incidents,” Aggio said. “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”

While Costin Raiu, head of global research and analysis at Kaspersky, could not confirm suspicions that the hacker group ‘DarkHotel’ was responsible for the WHO attack but said the same malicious web infrastructure had also been used to target other healthcare and humanitarian organisations in recent weeks. “At times like this, any information about cures or tests or vaccines relating to corona virus would be priceless and the priority of any intelligence organisation of an affected country,” he said.

A COVID-19 vaccine test centre was hit on March 14th and a Paris hospital suffered a hack on March 22nd but healthcare and humanitarian organisations are not alone in seeing increased cyber attacks. As many of the world’s businesses are being forced into a sudden remote working situation, they are faced with all the cyber security issues that the industry has continually warned against for decades — accessing company networks from less secure home networks creates huge vulnerabilities.

“We always say that you can’t manage what you don’t know about and that is going to be a truth with nightmare consequences for many companies and government agencies struggling to respond to the corona virus situation,” said Dr. Barbara Rembiesa, president and CEO of IAITAM. “The impulse to send employees home to work is understandable, but companies and agencies without business continuity plans with a strong IT Asset Management (ITAM) component are going to be sitting ducks for breaches, hacking, and data that is out there in the wild beyond the control of the company.”

COVID-19 themed phishing scams started circulating as early as January, preying on fear and confusion around the crisis. Such attacks have increased ever since and there is much worse to come according to Dave Waterson, CEO at security protection software company, Sentrybay. “Endpoints are notoriously vulnerable, with as many as 42% being unprotected at any given time. With so many people using compromised laptops or home computers to log-in to the corporate network, they are creating a weak link in the security chain, and potentially devastating damage to their employer at what is already a very testing time.”

The conditions are ripe for cyber attacks of all sorts, and suspicions are rife for activity from all kinds of cyber attacker. Reports suggesting that two major cyber crime groups issued statements saying they will not attack healthcare and medical targets during the corona virus crisis, are hardly inspiring confidence as overall attacks continue to rise. The reality is that everyone is distracted and that presents opportunities for criminals of all kinds.

Millions of new remote workers around the world are making understandable mistakes that open the door to hackers. IT departments tasked with securing company networks are often down to skeleton crews and facing a situation that a full staff would struggle with. Meanwhile, hackers around the world are being asked to stay home, essentially encouraged to sit in front of their computers all day. A perfect storm for cyber mayhem that even state-hackers want to take advantage of.

“Whatever your baselines are, you’ve probably departed from them now with all of this remote access. So anything you thought you were going to get out of certain tools you’re not going to get anymore—and a lot of times everything, every connection is just lighting up like a Christmas tree,” says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. “There’s no question that some intelligence agencies are going to take advantage of this. Plus, everybody is just so distracted. It definitely presents an opportunity for attackers to be a little bit noisier and a little more aggressive. I would be very surprised if they don’t take advantage of that.”

These are strange times. As the corona virus pandemic continues, it is truly bringing the best out of so many. Caring individuals, communities, and businesses have come together in remarkable ways to help those suffering and those trying to control the spread of the virus. However, this crisis is also bringing out the worst of society, from those spreading fake news to those hoarding vital supplies, to those ignoring lockdown policies and putting lives at risk. In our connected age, many cyber criminals have chosen to exploit fear and seize the opportunities presented by the crisis. While we will recover from COVID-19, we may never be immune to cyber attacks.


Product Suppliers
Back to top