The First Responders of Coronavirus-Related Cybercrime

On April 4th, INTERPOL delivered a rare warning to hospitals around the world to be on high alert for imminent cyber-attacks. While hospitals struggle to keep pace with a global pandemic, the number of ransomware attacks targeting organizations critical to virus response has also increased. And while some prominent cyber-criminal groups promised not to attack healthcare organizations during the COVID-19 crisis, these promises have clearly been superseded for many cyber-criminal groups by the desire, and opportunity, for profit. 

“Pay Up!” Why Threat-Actors Target Hospitals 

Adversaries have a long history of targeting medical institutions with ransomware and other destructive cyber-attacks. The Institute for Critical Infrastructure Technology cited ransomware as “the primary threat” to healthcare organizations in 2016, which has proved to be true in the years that have followed. Without factoring in the effects of COVID-19, ransomware attacks against healthcare providers increased 350% during the last quarter of 2019, with the rapid pace of attacks already continuing throughout 2020 according to a report from Corvus. 

When it comes to ransomware, cyber-criminals know that healthcare is more likely than other industries to pay the ransom, because hospitals simply cannot afford the time it would take to formulate a “rebuild and recover” plan. Faced with not just revenue loss, but the potential loss of human life, it’s not surprising that nearly a quarter of ransomware attacks against hospitals resulted in some form of payment. By locking up imperative files, making a hospital unable to admit patients, or finding a way to damage or control medical devices – such as CT scanners and infusion pumps – a successful attack can have a devastating impact on a hospital’s ability to care for patients. 

During a pandemic, these concerns are amplified. Hospitals’ resources are stretched thin, while their services have never been more urgently needed. Whether simply looking to profit, or harboring more malicious intentions, criminal organizations and nation-states that target these organizations during the COVID-19 crisis are almost certainly adding to the already-grim death toll by locking up essential resources. 

A Stressed Supply-Chain 

Hospitals do not operate in a vacuum. Food production, logistics and transport, and manufacturing are just a few of the industries that, should they suffer a cyber-attack, could have an inverse and detrimental effect on the medical industry and hospitals’ ability to effectively care for patients. 

I recently spoke with the security team at a leading US food manufacturer who said they are busier than ever, with every employee operating at maximum capacity. The global supply chain is under increased pressure to keep pace with demand, even as workflows change and new challenges arise. A cyber-attack against the manufacturing floor of a food production facility or a medical device company could cause devastating production delays and shortages, at a time when production needs have never been more urgent

Just last month, Mediterranean Shipping Company (MSC), the world’s second largest container shipping line, experienced an ongoing network outage. While not confirmed that this outage was due to a cyber-attack, MSC tweeted “We cannot rule out entirely the possibility of a malware.” I can’t help but think of the NotPetya ransomware attack, which successfully caused disruption down the supply chain by locked up shipping and logistics companies, causing chaos even without a global pandemic placing increased strain on supply chains. 

As businesses and supply chains around the world experience accelerated digital transformations due to the move to remote work, they are especially vulnerable both to cyber-attacks and human mistakes. Whether this outage at MSC was caused by an adversary or error, it is a reminder that the supply chain is vulnerable and that IT vulnerabilities impact OT and physical world business operations.  

Cyber First Responders 

I am married to a former ER nurse and have the utmost respect and gratitude for all of the first responders putting their lives and families on the line to assist others during these times. We must also remember that there are other first responders, who might not wear stethoscopes or N95 masks, but are helping to keep medical institutions running. This includes, but is certainly not limited to, the already short-staffed security and IT teams. These teams are now scrambling to get telehealth running and configure remote work infrastructure, while simultaneously defending against crippling cyber-attacks.

What can the security industry do to support cyber first responders during these challenging times? Numerous security companies are offering up free resources. However, beyond simply offering free resources, security teams are turning to automated solutions that can do some of the heavy lifting for them.

CISA has recently designated many cyber security positions ‘essential roles‘, and our understanding of essential businesses and essential employees will continue to change as the pandemic evolves. What has already become clear is that advanced technology like AI will play an essential role in ensuring businesses, hospitals, and supply chains can operate effectively – unaffected by disruption or cyber-attack.