Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

HHS Says DDoS Attack Failed to Cause Disruption

The U.S. Department of Health and Human Services (HHS) was targeted with a distributed denial-of-service (DDoS) attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident.

The U.S. Department of Health and Human Services (HHS) was targeted with a distributed denial-of-service (DDoS) attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident.

“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities. On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter,” Caitlin Oakley, an HHS spokesperson, told SecurityWeek.

“Early on while preparing and responding to COVID-19, HHS put extra protections in place,” Oakley added. “We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”

Ellen Nakashima, a national security reporter at The Washington Post, learned that the HHS’s website never actually crashed as a result of the attack, which her sources described as a 2 on a scale from 1 to 10.

Bloomberg, which first reported on the incident, learned from sources that a tweet from the National Security Council (NSC) about fake text messages warning of a national quarantine was also related to the “hack.” Bloomberg also initially used the term “cyber intrusion,” but later removed it from the body of its article — it still appears in the subheadline at the time of writing. It’s worth noting that mainstream media often confuses DDoS attacks with breaches.

According to some reports, the attack may have been launched by a foreign threat actor and its goal was to undermine the HHS’s response to the COVID-19 crisis. However, this theory has not been confirmed and experts have cautioned that it’s too early in the investigation to make these types of claims.

“We should not jump to conclusions and assume the attack was nation state affiliated,” Rick Holland, CISO and VP of strategy at Digital Shadows, told SecurityWeek. “Incident response takes time, and as this just occurred last night, more time for investigations will be required. Based on reporting, this appears to be some sort of denial of service attack and the barrier to entry for DOS attacks are low.”

Other experts, however, pointed out that even DDoS attacks can have serious consequences and they could precede more sophisticated attacks.

“DDoS attacks are not sophisticated, but the timing of the attack and potential motive raises significant concern,” Stephen Boyce, principal consultant at the Crypsis Group, said via email. “The goal of these attacks is to prevent legitimate users from accessing HHS websites and systems. These attacks could also be a precursor for a larger attack that may result in data access and or exfiltration.”

“The most prominent targets of such attacks are institutions that are providing information to the public regarding COVID-19. These institutions include: local, state, federal, and tribal government agencies, media outlets, pharmaceuticals companies, and healthcare industries. We should expect more DDoS attacks on the institutions mentioned above and an increase in spear-phishing attacks as well,” Boyce added.

Related: Coronavirus-Themed Emails Deliver Malware, Phishing, Scams

Related: China-linked APT Hackers Launch Coronavirus-Themed Attacks

Related: COVID-19 Themed Phishing Campaigns Continue

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...