Less than a week ago, several of the world’s most active cyber crime gangs publicly announced they would no longer attack healthcare organisations during the COVID-19 crisis. This announcement raised a few eyebrows yet was never taken seriously by the security community. Given the dubious ethics of cyber criminals, we certainly were not planning to let our guard down.
Now, as the global situation deepens, one of these organisations has already backflipped on that position and continued its efforts to extort a medical facility that is prepared to test coronavirus vaccines. It’s likely they will claim the attack began prior to the digital curfew, but the sentiment remains the same. They’ve stolen confidential medical records from Hammersmith Medicines Research and published them online to show they are serious.
Australian organisations on high alert
This latest extortion attempt comes from the gang who successfully targeted Australian logistics company, Henning Harders, last week with ransomware, resulting in their online tracking system being down for some time. Kinetic IT is aware that the Maze cybercrime gang targets multiple sectors including government, so Australian organisations should be on high alert.
RELATED CONTENT: 8 cloud security tips to keep your data safe in the cloud
The rise of phishing attacks
This gang’s operation begins with a phishing attack as many do. Once the malware is installed, it proceeds to steal confidential data before encrypting it, thus the gang will slowly release data on the Internet until the ransom is paid.
These attacks are not unique, and we’ve seen the volume of phishing scams, ransomware and digital extortion escalate almost as fast as the COVID-19 crisis itself. As an increasing number of criminals lose their usual income streams, cyber crime was always expected to rise. But as the whole world goes into lockdown, Kinetic IT expects the levels of online crime to rise higher than we have ever seen before.
RELATED CONTENT: Top 4 tips to avoid falling victim to online scams
Common phishing scams
One consideration is that almost every successful cyber attack starts with phishing. We’re seeing various types of phishing attempts with malicious attachments and links to rogue websites, leveraging email, SMS text messages, and webchat services like WhatsApp and Facebook Messenger. Scam phone calls are also on the rise, with criminals pretending to be remote support teams requiring users to install remote access software for them to fix computers, or from government departments where the ruse relates to income support or grants to help small businesses through the COVID-19 crisis.
What can you do?
No one is safe. Security awareness messaging to all users is critical during this time since people are more vulnerable than ever to phishing scams. If you are a business, the best advice is to immediately educate your users and consider rolling out good endpoint detection and response systems, whereby even those who are conned into opening malicious attachments or following malicious links will be saved as the malware is denied installation on the computer.
RELATED CONTENT: The Essential Eight cyber strategies for an 85% better sleep
Application whitelisting is another option, and one that is recommended by the Australian Cyber Security Centre (ACSC) as one of the Essential Eight cybersecurity controls to prevent targeted cyber attacks.
Microsoft Windows has its own built-in application whitelisting capability, called AppLocker, which is highly effective at stopping malware from running. The simple premise is that if an application is not on the list (the whitelist) it doesn’t run. So even if the malware has dropped onto the user’s computer, if it tries to execute, the operating system intercepts it prior to running and shuts it down. You can find more information about AppLocker here.
If you are unsure as to how to protect yourself and your organisation, a great place to start is the ACSC’s Small Business Cyber Security Guide.
For more advice and guidance about tailored security solutions, get in touch with the security experts at Kinetic IT’s PROTECT+.