Less than a week ago, several of the world’s most active cybercrime gangs publicly announced they would no longer attack healthcare organisations during the COVID-19 crisis. This announcement raised a few eyebrows yet was never taken seriously by the security community. Given the dubious ethics of cybercriminals, we certainly were not planning to let our guard down.
Now, as the global situation deepens, one of these organisations has already backflipped on that position and continued its efforts to extort a medical facility that is prepared to test coronavirus vaccines. It’s likely they will claim the attack began prior to the digital curfew, but the sentiment remains the same: they’ve stolen confidential medical records from Hammersmith Medicines Research and published it online to show they are serious.
This latest extortion attempt comes from the gang who successfully targeted Australian logistics company, Henning Harders, last week with ransomware, resulting in their online tracking system being down for some time. Kinetic IT is aware that the Maze cybercrime gang targets multiple sectors including government, so Australian organisations should be on high alert.
This gang’s operation begins with a phishing attack as many do. Once the malware is installed, it proceeds to steal confidential data before encrypting it, thus the gang will slowly release data on the Internet until the ransom is paid.
These attacks are not unique, and we’ve seen the volume of phishing scams, ransomware and digital extortion escalate almost as fast as the COVID-19 crisis itself. As an increasing number of criminals lose their usual income streams, cybercrime was always expected to rise, but as the whole world goes into lockdown, Kinetic IT expects the levels of online crime to rise higher than we have ever seen before.
One consideration is that almost every successful cyber attack starts with phishing. We’re seeing various types of phishing attempts with malicious attachments and links to rogue websites, leveraging email, SMS text messages, and webchat services like WhatsApp and Facebook Messenger. Scam phone calls are also on the rise, with criminals pretending to be remote support teams requiring users to install remote access software for them to fix computers, or from government departments where the ruse relates to income support or grants to help small businesses through the COVID-19 crisis.
No one is safe. Security awareness messaging to all users is critical during this time, since people are more vulnerable than ever to phishing scams. If you are a business, the best advice is to immediately educate your users and consider rolling out good endpoint detection and response systems, whereby even those who are conned into opening malicious attachments or following malicious links will be saved as the malware is denied installation on the computer.
Application whitelisting is another option, and one that is recommended by the Australian Cyber Security Centre (ACSC) as one of the Essential 8 cybersecurity controls to prevent targeted cyberattacks. Microsoft Windows has its own built-in application whitelisting capability, called AppLocker, which is highly effective at stopping malware from running. The simple premise is that if an application is not on the list (the whitelist) it doesn’t run. So even if the malware has dropped onto the user’s computer, if it tries to execute, the operating system intercepts the it prior to running and shuts it down. Details of AppLocker can be found here.
If you are unsure as to how to protect yourself, reach out to your IT service provider, security services provider or for smaller businesses look at the ACSC’s Small Business Cyber Security Guide.