avatarSkanda Vivek

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

2862

Abstract

to treatments for COVID-19</p><p id="5c79">The FBI said that 3 states are particularly vulnerable. You guessed right — New York, Washington, and California; those hit the worst by COVID.</p><h1 id="989c">Other hacking incidents related to COVID</h1><p id="2dfa">Initially, as COVID began to spread, malicious <a href="https://www.cybereason.com/blog/just-because-youre-home-doesnt-mean-youre-safe">COVID-themed emails</a> were submitted from China, targeting Chinese speakers. However as the disease began to spread, emails increased from tens to hundreds in a span of few days, targeting other countries — South Korea, Japan, and European countries. Some of these emails were just fake ransomware (scareware) trying to scare someone reading the email into paying money.</p><figure id="f1af"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*KJv53OZFCseBgihY.png"><figcaption>Fake COVID scareware | CYBEREASON NOCTURNUS</figcaption></figure><p id="2453">U.S. Representative Katie Porter shared her experience with a suspicious phishing attempt offering free iPhones.</p> <figure id="5ae4"> <div> <div> <img class="ratio" src="http://placehold.it/16x9"> <iframe class="" src="https://cdn.embedly.com/widgets/media.html?type=text%2Fhtml&amp;key=d04bfffea46d4aeda930ec88cc64b87c&amp;schema=twitter&amp;url=https%3A//twitter.com/katieporteroc/status/1239698845354741761&amp;image=https%3A//i.embed.ly/1/image%3Furl%3Dhttps%253A%252F%252Fpbs.twimg.com%252Fmedia%252FETRLPK2UEAEoKzv.jpg%253Alarge%26key%3D4fce0568f2ce49e8b54624ef71a8a5bd" allowfullscreen="" frameborder="0" height="281" width="500"> </div> </div> </figure></iframe></div></div></figure><p id="d5d9">In the past week, Google said it saw more than <a href="https://cybersguards.com/google-sees-18millions-covid-19-related-phishing-emails-daily/">18 million</a> covid related malicious emails, <b>sent daily</b>.</p><p id="8374">Preying on our vulnerability and instinct to daily (or more than daily in my case) check various apps and maps showing and visualizing stats on COVID; an app provides the acclaimed Johns Hopkins coronavirus tracker. Underneath the hood however, it lets Libyan hackers watch through your camera, listen to your voice and even read your text messages.</p><figure id="c935"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*yZKATwo6FSOrjH11"><figcaption>COVID-19-themed malware that can spy on your Android | AVISHEK DAS/SOPA IMAGES/LIGHTROCKET VIA GETTY IMAGES</figcaption></figure><h1 id="4821">Looking ahead — Cyber Vultures</h1><p id="f6f1">Vultures hit you when you are wounded. Our nations are particularly wounded right now. With all the recent evidence and the FBI warnings, why aren’t we hearing much on this? One reason is our nations im

Options

mune systems are overwhelmed with COVID and we forget —</p><p id="58be" type="7">While we are physically distanced, we are socially connected online.</p><p id="f205">And we overcompensate for physical distancing; opting for increased social connectedness. Zoom has sparked all sorts of privacy concerns, and lack of established protocols means high profile meetings that happen through Zoom could be vulnerable to hacking. While Zoom does have a passcode authentication for joining a meeting, Boris Johnson <a href="https://metro.co.uk/2020/03/31/boris-johnson-sparks-security-concerns-revealing-zoom-id-cabinet-meeting-12489236/">releasing the Meeting ID</a> of a high level cabinet meeting <b>is a security concern</b>.</p><figure id="00c9"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*q5CR4AlsiNHA7HAQ"><figcaption>The UK prime minister exposed the Cabinet’s Zoom meeting ID | Pippa Fowles / 10 Downing Street</figcaption></figure><p id="f5ae">We’ve so far never had a<a href="https://www.cpomagazine.com/cyber-security/cyber-war-between-iran-and-united-states-could-have-far-reaching-implications/"> cyber-Hiroshima</a>. But such an incident could lead to widespread cyber distrust. There has been tensions brewing at the surface. In 2010 the Stuxnet worm widely believed to have originated from the US was discovered to have ruined many of Iran’s nuclear equipment and severely damaged it’s nuclear ambitions. Maybe Iran’s cyber attacks during COVID are in retaliation.</p><p id="2ddb">In the near future, everything will be connected to the internet. Already, power grids, city infrastructure, home cameras, hospital equipment being connected to the internet have sparked concern. From very recent events, we have seen that cyber disruptions are not limited to information loss. Take the hospital hacking incident in the Czech Republic: loss of their IT network for one day resulted in complete stoppage of medical operations as well as COVID testing. Future vehicles are also at risk — a ransomware that interfered with vehicle operations could cause city-scale chaos. In such critical systems like transportation, power, and healthcare, it is critical that even in the event of cyber disruptions; continuity is ensured and disruptions minimized. Which is why:</p><p id="922e" type="7">It is essential that we develop various solutions ranging from traditional cybersecurity approaches — to optimal response in the eventuality that a large scale hack of critical infrastructure DOES OCCUR.</p><p id="1459">Let’s learn from our COVID experiences: how many lives and how much time might have been saved if our country had planned better for this eventuality? Now let’s think about how we can respond better for a cyber disaster — before lives are lost; <b>not just waiting for it to happen and then responding</b>.</p></article></body>

Hackers are targeting COVID-19 hospitals and research centers— says FBI

Fake COVID ransomware | CYBEREASON NOCTURNUS

Early morning on March 13th, the 2nd largest hospital in the Czech Republic sent a message that all personnel should immediately shut down all computers due to ‘cybernetic security’ and subsequently repeated this message every 30 minutes until 8 am. The Brno University Hospital is one of the countries largest testing center and this incident forced delayed testing, as well as cancelling all surgeries for that day. Little much else is known publicly about this mysterious incident; except the Czech Cyber security agency is currently working to fix the hospital’s computers.

Unfortunately, this alarming incident isn’t the only case of healthcare institutions being targeted by hackers during COVID — and it’s yet another illustration that cyber disruptions aren’t limited to computer networks. Just a day later, on March 15th, hackers targeted U.S. Department of Health and Services, aiming to overload servers with millions of hits over the course of several hours. Luckily they failed and there was no penetration. In addition, since March 2nd, Iranian hackers have been targeting WHO staff emails in an attempt to steal passwords through phishing.

Regional Office for the Americas of the WHO | REUTERS/Raphael Satter/File Photo

Then on March 14th, the Hammersmith Medicines Research facility in London, that previously tested Ebola vaccines and was on standby to test any potential covid vaccines was hit by a ransomware attack. While the attack was resolved quickly without any downtime, the hackers did manage to exfiltrate data and published patient records online as the ransom wasn’t paid.

On April 16th, a senior cybersecurity official with the FBI said that foreign state hackers have broken into companies conducting research into treatments for COVID-19

The FBI said that 3 states are particularly vulnerable. You guessed right — New York, Washington, and California; those hit the worst by COVID.

Other hacking incidents related to COVID

Initially, as COVID began to spread, malicious COVID-themed emails were submitted from China, targeting Chinese speakers. However as the disease began to spread, emails increased from tens to hundreds in a span of few days, targeting other countries — South Korea, Japan, and European countries. Some of these emails were just fake ransomware (scareware) trying to scare someone reading the email into paying money.

Fake COVID scareware | CYBEREASON NOCTURNUS

U.S. Representative Katie Porter shared her experience with a suspicious phishing attempt offering free iPhones.

In the past week, Google said it saw more than 18 million covid related malicious emails, sent daily.

Preying on our vulnerability and instinct to daily (or more than daily in my case) check various apps and maps showing and visualizing stats on COVID; an app provides the acclaimed Johns Hopkins coronavirus tracker. Underneath the hood however, it lets Libyan hackers watch through your camera, listen to your voice and even read your text messages.

COVID-19-themed malware that can spy on your Android | AVISHEK DAS/SOPA IMAGES/LIGHTROCKET VIA GETTY IMAGES

Looking ahead — Cyber Vultures

Vultures hit you when you are wounded. Our nations are particularly wounded right now. With all the recent evidence and the FBI warnings, why aren’t we hearing much on this? One reason is our nations immune systems are overwhelmed with COVID and we forget —

While we are physically distanced, we are socially connected online.

And we overcompensate for physical distancing; opting for increased social connectedness. Zoom has sparked all sorts of privacy concerns, and lack of established protocols means high profile meetings that happen through Zoom could be vulnerable to hacking. While Zoom does have a passcode authentication for joining a meeting, Boris Johnson releasing the Meeting ID of a high level cabinet meeting is a security concern.

The UK prime minister exposed the Cabinet’s Zoom meeting ID | Pippa Fowles / 10 Downing Street

We’ve so far never had a cyber-Hiroshima. But such an incident could lead to widespread cyber distrust. There has been tensions brewing at the surface. In 2010 the Stuxnet worm widely believed to have originated from the US was discovered to have ruined many of Iran’s nuclear equipment and severely damaged it’s nuclear ambitions. Maybe Iran’s cyber attacks during COVID are in retaliation.

In the near future, everything will be connected to the internet. Already, power grids, city infrastructure, home cameras, hospital equipment being connected to the internet have sparked concern. From very recent events, we have seen that cyber disruptions are not limited to information loss. Take the hospital hacking incident in the Czech Republic: loss of their IT network for one day resulted in complete stoppage of medical operations as well as COVID testing. Future vehicles are also at risk — a ransomware that interfered with vehicle operations could cause city-scale chaos. In such critical systems like transportation, power, and healthcare, it is critical that even in the event of cyber disruptions; continuity is ensured and disruptions minimized. Which is why:

It is *essential* that we develop various solutions ranging from traditional cybersecurity approaches — to optimal response in the eventuality that a large scale hack of critical infrastructure DOES OCCUR.

Let’s learn from our COVID experiences: how many lives and how much time might have been saved if our country had planned better for this eventuality? Now let’s think about how we can respond better for a cyber disaster — before lives are lost; not just waiting for it to happen and then responding.

Covid-19
Cybersecurity
Hacking
Network Security
Healthcare
Recommended from ReadMedium