U.S. Senators Urge Cybersecurity Officials to Take Action on COVID-19 Related Hacking AttemptsMay 05, 2020 by Alessandro Mascellino
Some senators sent a letter to the Department of Homeland Security and Department of Defence to prompt efforts in fight against hackers targeting the healthcare industry during the pandemic.
The letter, dated 20 April, was particularly directed to the Commander of United States Cyber Command Paul Nakasone and the Director of Cybersecurity and Infrastructure Security Agency (CISA) Christopher Krebs.
Specifically, the senators asked the government to “[e]valuate further necessary action to defend forward in order to detect and deter attempts to intrude, exploit, and interfere with the healthcare, public health, and research sectors.”
Increased Hacking Activities
Malicious actors’ attempts to exploit the coronavirus emergency to their own advantage have multiplied in the last few months. In March, for example, Trend Micro revealed a surge in the use of malware names and malicious domains involving “coronavirus” and “corona.” More recently, international hackers have targeted the oil and gas industry hoping to exploit the upcoming results of a crucial OPEC meeting.
Most of these attacks involved phishing attempts and were directed at industrial automation companies. However, the healthcare industry is a notorious target for malicious actors, both for the extended amount of data it harbors and for its often outdated security systems.
N95 respirator mask. Image used courtesy of Eclipse Automation.
Because of these reasons, and exploiting coronavirus-related worries, many hackers have created malicious email campaigns promising a hypothetical cure or personal protective equipment.
Sharing Prevention Tactics
To mitigate the spread of COVID-19, many governments have recently deployed policies of self-isolation, which have in turn translated into more activities like smart working and video conferencing. The Infrastructure Security Agency is a governmental company focusing on risk advice and working with various partners to help defend the country against malicious actors.
To help people minimize the online risks deriving from the exponential increase of work-related online activities, CISA has recently launched a dedicated telework product line intended to advise and support the incorporation of cybersecurity considerations into the aforementioned activities.
More generally, CISA is already providing both government and citizens with tips and technical assistance strategies to combat phishing attempts and other forms of hacking attacks.
The United States Cyber Command, on the other hand, is one of the eleven unified commands of the country's Department of Defense. It oversees the direction of cyberspace operations and is responsible for the DoD cyberspace capabilities and the integration of the DoD's cyber expertise.
Mitigating Further Risks
To reduce the impact of hacking attempts on the healthcare industry in this time of extraordinary crisis, the group of five senators who wrote the letter urged CISA and Cyber Command to step up their sharing and clarity efforts.
“These hacking attempts pose an alarming risk of disrupting or undermining our public health response at this time of crisis,” the letter reads.
“We write to urge CISA, in coordination with United States Cyber Command, and its partners to issue guidance to the health care sector, convene stakeholders, provide technical resources, and take necessary measures to deter our adversaries in response to these threats.”
According to the letter, even before the pandemic, hospitals were already struggling to defend themselves against ransomware and data breaches, and every successful attack was potentially crippling a facility’s efficiency.
“Disinformation, disabled computers, and disrupted communications due to ransomware, denial of service attacks, and intrusions means critical lost time and diverted resources,” the letter says. The senators listed the measures the cybersecurity companies ought to take in six points, which you can read extensively.
What do you think about this letter, and do you think governments are doing enough to protect citizens from coronavirus-related hacking attempts?
Featured image used courtesy of Wallpaper Flare.