For the average, law-abiding person, the coronavirus COVID-19 is simply a health hazard. Unfortunately, some cybercriminals perceive the epidemic as an additional opportunity to launch a cyberattack. Right now, medical organizations need qualified information infrastructure protection as never before.
Taking advantage of widespread public fears about COVID-19, phishers began to use the topic as a hook. That’s maybe half the trouble — without the coronovirus, they would have used something else. But consider opportunistic cybercriminals attacking the information infrastructure of medical institutions, obviously hoping that with the general overload on IT services, they’ll have an easier time breaking in to clinics’ networks.
Brno University Hospital
A clinic in the Czech city of Brno reported a cyberattack last week. It hasn’t disclosed details of the incident, but hospital representatives say the attack caused database problems. The hospital can examine patients but cannot save medical data to the server, and the clinic had to cancel several operations and redirect patients to other institutions. However, the University Hospital in Brno is one of the largest Czech centers for coronavirus testing, making incident management a matter of life or death.
US Health and Human Services Department
The US Health and Human Services Department (HHS) apparently also suffered a cyberattack on the evening of Sunday, March 13. Bloomberg reported it as a massive DDoS attack meant to sabotage the normal operation of HHS servers, “undermining the response to the coronavirus pandemic.” With the agency needed to coordinate efforts to counter the coronavirus, such an attack can do much more damage than usual.
UK worker credential phishing
We have been monitoring cases of coronavirus-related phishing for several weeks now, and Sky News recently wrote about a rather unusual phishing campaign aimed specifically at medical personnel — one that’s been getting through medical organizations’ internal IT controls. The letters seemed to be announcing a seminar on coronavirus, and they contained a registration link. That link led to a phishing page disguised as Microsoft’s Outlook Web App, where attackers were collecting login credentials. Where and how cybercriminals will use this data is yet unknown.
Protecting health-care organizations
We believe that in so difficult a time, medical workers should not be disturbed. Their jobs are to protect us from the coronavirus. Therefore, Kaspersky decided to facilitate the protection of medical institutions against cyberthreats. We’re offering free six-month licenses for our solutions to health-care companies around the world. This offer applies to the following products:
- Kaspersky Endpoint Security for Business Advanced — our main solution for protecting workstations and servers;
- Kaspersky Endpoint Security Cloud Plus — a cloud version of the solution for workstations that protects your business without placing additional load on IT resources;
- Kaspersky Security for Microsoft Office 365 — comprehensive protection for Microsoft Office 365 collaboration services;
- Kaspersky Hybrid Cloud Security (Enterprise Server) — a product that allows you to secure virtual and cloud environments.