Cybercrime around the coronavirus pandemic is increasing, and experts fear it could escalate to ransomware attacks that disrupt response efforts within healthcare organizations as well as city, state and local governments.
In 2019, municipalities and hospitals were hit especially hard by ransomware, and coronavirus-related cybercrime could cause 2020 to be worse. Overall cybercrime around the coronavirus pandemic increased, as several security vendors reported jumps in phishing campaigns and malicious links using the virus as a theme.
For example, Check Point Software Technologies reported a massive surge in coronavirus-related domains and determined that these new domains were 50% more likely to be malicious than other domains registered since Jan. 20.
"Check Point has definitely seen an uptick in crimes related to the coronavirus," said Maya Levine, security engineer at Check Point. "A huge phishing scam hit over 10% of all organizations in Italy making it seem like it was from the World Health Organization, asking to open a document attached to the message containing a malicious file."
This trend is nothing new, says Patrick Sullivan, CTO of security strategy at Akamai Technologies. No tragedy is off limits.
"Unfortunately, we see malicious actors regularly try to capitalize on tragic events as a way to profit or attack victims. No tragic event appears to be off limits for attackers using the event as phish bait given people's natural tendency to open attachments or click links without their normal skepticism given the emotional response to the tragedy," he said.
Unfortunately, several experts expect coronavirus-related threats to ramp up in severity.
Threat detection vendor RiskIQ published a report, titled "Ransomware Attacks the Next Consequence of the Coronavirus Outbreak," that predicted attackers will leverage the pandemic to launch ransomware attacks. Aaron Inness, protective intelligence analyst at RiskIQ, said healthcare organizations were already popular targets for ransomware, and the pandemic will likely make them even bigger targets.
"Our research suggests ransomware attacks on healthcare facilities have increased since 2016 with cybercriminals tending to go after direct patient care facilities such as hospitals, health care centers, medical practices, and health and wellness centers; all likely responders to the COVID-19 pandemic," Inness said via email. "We assess cyber-attackers prefer these facilities because they are more likely to pay in order to prevent disruption to patient care. We expect the upward trend of ransomware attacks on these providers to continue as the COVID-19 pandemic persists."
Trend Micro director of global threat communications Jon Clay agreed that current cyberattacks could escalate to ransomware. "Ransomware actors may take this crisis as an opportunity to hit healthcare organizations with their ransomware attacks, as there is a much higher potential for the victim to pay their ransom in order to get critical systems back online to support their patients," Clay said.
In addition, the attacks could damage coronavirus response and relief efforts. "A cyberattack at a time like this would be disastrous for a hospital and would likely result in loss of life," said BitSight vice president Jake Olcott. "Hospitals will already be overwhelmed; to add an operational disruption to the mix would be catastrophic."
Campbell Murray, technical director of cybersecurity at BlackBerry, noted that municipal government networks have seen a surge in ransomware attacks, and that disruption from such attacks on both governments and healthcare organizations could have devastating effects.
"There is a very real danger that any ransomware strike now on medical or hospital facilities could have a very serious outcome for the fight against the coronavirus and patient care," he said. "Impacting the governments' and health authorities' ability to communicate information to the populace in a timely and efficient manner will only increase the speed and reach of the virus, which will subsequently have a knock on effect for available health care for critical patients."
Preparing for disaster
Security experts said there's no evidence that hospitals and government agencies are being specifically targeted yet and that past attacks have likely been a result of poor security postures within those organizations.
But if the trend of ransomware attacks in 2019 holds, 2020 could be just as bad, or worse. Last year saw ransomware attacks against healthcare providers like Hackensack Meridian Health, one of New Jersey's largest healthcare providers, and municipalities such as Albany and, notably, Baltimore.
One of the first healthcare-related ransomware attacks that may have ties to the coronavirus occurred when Champaign-Urbana Public Health District's website was taken down by the ransomware variant NetWalker.
In order to protect themselves, organizations should follow good cybersecurity hygiene, much in the same way real-life hygiene should be given extra attention in the coronavirus outbreak.
Paul Ducklin, senior technologist at Sophos, said organizations should patch early and often, pick proper passwords, keep track of accounts, use 2FA when possible, check system logs and prepare a layered defense.
"Many attacks unfold in multiple stages -- an intrusion, a malware download, a bunch of changes in security settings and so on. This sequence is often called the 'kill chain' because the crooks typically need to succeed at every stage, whereas you can thwart the attack if you block just one of the steps," Ducklin said.
News writer Arielle Waldman contributed to this article.