Employees of several NHS (National Health Service) organizations in the UK received an email with the subject: “All Staff; Coronavirus Awareness.”
It was supposedly from their internal IT department. The mail informed that the institution was organising a seminar for all staff to talk about the deadly virus.
It asked them to click on a link to register. The link took them to an Outlook web app which had a form that needed to be filled up by the employees.
In reality, anyone who filled it wasn’t going to attend any talk but was handing over their details to hackers – it was a malicious mail, one of the many, exploiting our anxieties over this deadly virus.
Around the same time, hackers attempted to break into the email accounts of World Health Organization (WHO) staff members .
Unit 42, a global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreat, mentions a ransomware variant (EDA2) found in attacks on a Canadian government healthcare organization and a Canadian medical research university, as well as an info-stealer variant (AgentTesla) used in attacks
Some of the government related organisation under attack inclusive of :
United States defence research entity,
Turkish government agency managing public works,
German industrial manufacturing firm,
Korean chemical manufacturer,
Research institute in Japan ,
Medical research facilities in Canada
Fortunately, none of these attacks were successful.
However, what is worse is that cyber criminals are shutting down the IT infrastructure of hospitals until they pay a hefty ransom according to a report in the Washington Post.
In March, cyberattacks shut down computers at the Champaign-Urbana Public Health District in Illinois for three days.
Eventually, the district was forced to shell out $300,000 in ransom, as reported by the Pew Charitable Trust’s Stateline service.
Another similar attack shut down computers at a university hospital in the Czech Republic, compelling them to turn away patients.
A major attack was also reported in North-Rhine Westphalia, a province in western Germany. The government was allegedly duped of tens of millions of euros of emergency coronavirus aid and funding after it failed to secure its website from what seems to be a classic phishing attack.
Cybercriminals created copies of the original government website, distributed the link through targeted email campaigns, requested information from users and simply replaced their bank account details with their own leading to severe financial losses.
These incidents, alongside several others, have led the Interpol’s cybercrime threat response team to issue a purple alert.
[splco_quote]It said a “significant increase” in such kinds of ransomware attacks have been detected around the world. The Interpol has alerted all 194 of its member countries and is working with the cybersecurity industry to gather information about the attacks as well as assisting national police forces.[/splco_quote]
Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths.
NHS was also the target of the WannaCry ransomware attack in 2017. It was the largest ever cyberattack on the health service, locking out staff access to hundreds of NHS computers, leading to thousands of appointments being cancelled and some A&E departments having to turn away ambulances.
An assessment by western intelligence agencies tracked the attack to a North Korean hacking organisation known by researchers as the Lazarus Group