EclecticIQ
August 17, 2020

EclecticIQ Pandemic Intelligence Update - Week 34

EIQ_corona_FC_CTI_report_blogimage34As Europe’s leading cyber threat intelligence company, we at EclecticIQ have decided to make use of our resources and provide the community with custom reports on threats connected to the COVID-19 pandemic throughout the duration of the crisis. This is the 22nd report in a weekly series of updates to inform of important developments to COVID-19-themed attacks.

Key Findings
  • The rate of cyber-attacks is exceedingly aiming at major corporations, governments, and critical infrastructure during the COVID-19 pandemic.
  • Alerts on attacks to the healthcare industry escalate. 
  • Health organizations responding to Covid-19 continue to be at high risk from threat actors.
  • COVID-19 vaccine researchers targeted by hackers.
Analysis

Cyberattacks Rising at an 'Alarming' Rate, According to Interpol. 

Interpol's recent assessment highlights the increase in cyberattacks during the COVID-19 as targets are switching from individuals and small businesses to governments, health-sectors, and major corporations. The current trend of working from home leaves remote networks and systems vulnerable, allowing an attacker to take advantage of increased vulnerabilities by stealing sensitive information.

Interpol's report pointed out several threats like:

  • Online and Phishing Scams
  • Disruptive Malware
  • Data Harvesting Malware
  • Malicious Domains are containing the keywords, such as "coronavirus" or "COVID."
  • Misinformation and fake news

Interpol has alerted on another spike in phishing scams to occur in upcoming days when the COVID-19 vaccine becomes available. 

 

COVID-19  pandemic continues to spur cyber-attacks on the healthcare sector.

The value of medical data, patient records, and research data has led to an increase of breaches targeting the health sector. Hence, malicious actors taking advantage of the COVID 19 pandemic to run all-new phishing campaigns and ransomware attacks.

The Central California Alliance for Health warned about a possible data breach and confirmed that an unauthorized actor accessed three employees' email accounts on May 7, 2020.

The healthcare industry increasingly relies on technology connected to the internet from patient records and lab results to radiology equipment and hospital elevators.

Researchers have studied the following conditions that are making the sector vulnerable: 

  • Private patient information is worth much money to attackers 
  • Medical devices are a natural entry point for attackers 
  • Staff needs to access data remotely, opening opportunities for attack. 
  • Workers do not want to disrupt accustomed working practices with the introduction of new technology. 
  • Healthcare staff is unaware of online risks. 
  • The number of devices used in hospitals makes it hard to stay on top of security. 
  • Outdated technology means the healthcare industry is unprepared for attacks. 
  • Increasing reliance on teleworking, often with little previous experience and planning. 
  • Increased fear, uncertainty, and doubt in the general population. 

 

Progress in vaccine development possibly intensifies APT activity.

As countries across the globe make progress in vaccine development, threat actors continue exploiting the COVID-19 vaccine theme in malspam campaigns. The Oxford University of London announced that it cleared 3rd stage trails of the COVID vaccineand Russia reported to be ready with the final stage of the vaccine.

 

The United States, the United Kingdom, and Canada claimed that 'Russia state-sponsored' threat groups are targeting their COVID research centers to steal research work. The campaigns primarily target the health and research sector, higher educational institutes, and government entities to steal COVID-19 research.

 

The NCSC UK states, "Hackers are constantly trying to intercept the email & server communications taking place between Universities and Scientific Facilities, which has immensely grown in the past one month or so to steal UK's future research against Corona Virus."

 

Spearphishing is the most common attack vector, and organizations should be cautious about incoming communication (email, voice, text) referencing COVID-19.