Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Phishing Increases Amid COVID-19 with Shift to Online

Hackers have sought to exploit the novel coronavirus to spread chaos, make money and build political advantage. The trends show a variety of ways bad actors are using this particular global moment to their advantage.

hacker_shutterstock_294978146
Shutterstock/GlebSStock
Even as government agencies around the world stretch themselves thin to battle the novel coronavirus, they have also had to defend themselves against an apparent surge in interest from hackers.

With a large uptick in government telework, the fear and anxiety surrounding cyberattacks has risen, and reports from state and federal authorities consistently indicate hackers are trying to take advantage of the current chaos for their own gain.  

At the same time, in certain areas where experts had predicted catastrophic effects, recent reports have shown that those concerns may have been overblown. Here's a run down of the current trends and the ways hackers are targeting governments as the COVID-19 crisis continues to unfold. 

GLOBAL HEALTH ORGANIZATIONS ARE UNDER ATTACKS 

Health organizations have seen a lot of activity at the national and international level. Reports show that hackers are consistently targeting large health organizations, often in an apparent bid to disrupt their response to the virus outbreak. 

A recent attack leaked thousands of passwords from email accounts attached to some of the world's largest health organizations, including the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), and the National Institutes of Health (NIH). Researchers say the culprit behind the breach is a mysterious hacker with conspiracy theories about the origins of COVID-19.

Of the 6,835 email addresses that were leaked, 2,712 were from WHO, of which 457 are valid and active addresses, a WHO representative told Government Technology. A check on the active accounts found that none of them had been compromised, though their passwords have been changed anyway to ensure security, he said. 

The organization further commented that hackers have targeted WHO workers using a variety of techniques that exploit "the current Covid-19 situation via multiple impersonation approaches (vishing [voice phishing], email phishing, WhatsApp phishing, social media)."

NATIONAL BENEFITS WEBSITES HAVE BECOME TARGETS

As joblessness has climbed at an alarming rate, unemployment benefit websites have apparently become major targets for hackers

"Attackers, whether cybercriminals or nation-state adversaries, are always looking for stress points and cybervulnerabilities," said Marcus Fowler, director of strategic threat at Darktrace, whose company recently published research on this trend. "The current global disruption and implosion of what was once normal is exposing, and at times even creating, new stress points and attack opportunities."

Fowler, a former CIA agent with a background in cybersecurity and data analysis, said that benefit websites have become one such stress point. Their increased political importance paired with a lack of cyber-readiness makes them appealing targets. 

"Every government is suddenly having to manage massive unemployment spikes and an unprecedented number of benefits sign-ups as COVID-19 disrupts economies around the world. U.S. unemployment application numbers have reached over 26 million. Just this week, Reuters has reported that millions of Americans have been completely locked out of U.S. unemployment sites," said Fowler. 

"Previously, these sites were not as critical to countries’ ability to move forward as they are today. This likely means they also were not resourced adequately from a cybersecurity standpoint. Much like the saying 'you don’t start digging the well when you are thirsty,' you want to avoid trying to scale up security only after your site has become a target," he said. 

E-LEARNING MAY PUT STUDENTS AT RISK 

Some experts are warning that schools may become one of the biggest public-sector targets for hackers during the outbreak. Earlier this month, the FBI warned that remote education platforms were targets for hackers, and numerous schools have reported incidents in recent weeks, as the flood of "zoombombing" reports shows.

Schools have traditionally been a target because of poor cybersecurity staffing and training. Some 350 K-12 breaches were reported during FY19 alone, a number that could grow given the circumstances, said James Yeager, CrowdStrike's public sector expert. Schools may be particularly susceptible to social engineering attacks, which have risen in prominence since COVID-19, he said.

"Ed tech is at risk of falling victim to these schemes, as students and/or parents may click on a link thinking it’s a virtual classroom or some other method of electronic curriculum when instead it’s a cybercriminal attempting to gain login credentials," said Yeager.  

Many schools will likely have to rely on families' personal devices, which are more insecure and aren't under the same rigorous compliance standards in terms of security patching, he said. 
 

"While school systems may not have the IT infrastructure, tools and manpower that large enterprises do, they can still do their part to ensure teachers and students can safely keep class in session as we get through this crisis," said Yeager. 

SUCCESSFUL RANSOMWARE INCIDENTS ARE DOWN, BUT NOT OUT  

Not all the cybernews is bad, however. As odd as it might seem, successful ransomware attacks on municipal entities have actually "taken a nosedive" since the coronavirus outbreak, said Brett Callow, threat analyst with Emsisoft. 

A precipitous drop in successful attacks on health care, education and other government entities marked the first quarter of 2020, Emsisoft research shows. Of those, schools are being hit the hardest, but overall numbers for entities are down across the board since this time last year. 

"Despite COVID-19 and WFH [work-from-home], or, more accurately, because of them, the number of successful ransomware attacks on the U.S. public sector, including health care, has declined significantly. In fact, the number of incidents has reduced to a level that we have not seen for several years," Callow said, explaining that with entities reducing their organizational footprint they may be effectively reducing the attack surface.  

However, this doesn't mean that you can't still get hit, as is evident by recent events involving the city of Torrance, Calif., which was struck by DoppelPaymer ransomware in January and is now having its stolen data leaked online. 

Also, the Emsisoft report notes, this relief is "only temporary," and successful attack levels are likely to revert to normal levels once society returns to normal. Callow warned against an "uptick" in successful attacks in the coming weeks. 

OTHER TYPES OF ATTACKS HAVE DECREASED 

Several other indicators show a potential decline in successful activity since the shelter-in-place orders have taken effect, said Guy Propper, head of threat intelligence for Deep Instinct. 

Propper said that while media coverage of cyberattacks has risen since the virus outbreak, the attacks being carried out are not fundamentally different than before the crisis. Furthermore, several indicators of successful attacks have seen declines, according to his company's research. These include "droppers," which are programs that inject malware. 

"Office droppers are regarded to be highly indicative of infection rates as they are the main initial infection vector, particularly in phishing email attempts," said Propper. "When compared to January, March saw a 66 percent decrease, and when compared to February the decline was 50 percent. At present, the numbers for April are dramatically reduced again, pacing at only 19 percent of January infection figures and 27 percent of those for February." 

The other trend that saw declines were malicious portable executables (PE), which are a particular file format and are also used to spread malware in computer systems. 

"The number of malicious PE in March decreased by 38 percent compared to January and so far, April is pacing at only 76 percent compared to the same number of days into the month as January," Propper said.

Why these attacks have declined isn't totally clear. Some of it may have to do with the shifting landscape of the attack surface, while it could also potentially be attributed to hacker altruism. Some hackers may legitimately be restraining themselves during this crisis as an odd gesture of good will, the researcher offered. 

"It would be a mistake to generalize that all hackers behave the same, because there are many different groups and individuals acting (or not acting) for different reasons and who tend to have different targets," said Propper. "Many will adapt to generate profit no matter the circumstance, while others operate with a moral compass."

 Government Technology is a sister site to Governing. Both are divisions of e.Republic.

Government Technology is Governing's sister e.Republic publication, offering in-depth coverage of IT case studies, emerging technologies and the implications of digital technology on the policies and management of public sector organizations.
Special Projects
Sponsored Stories
Sponsored
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
Sponsored
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Sponsored
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.
Sponsored
Service delivery and the individual experience within health and human services (HHS) is often very siloed and fragmented.
Sponsored
In this episode, Marianne Steger explains why health care for Pre-Medicare retirees and active employees just got easier.
Sponsored
Government organizations around the world are experiencing the consequences of plagiarism firsthand. A simple mistake can lead to loss of reputation, loss of trust and even lawsuits. It’s important to avoid plagiarism at all costs, and government organizations are held to a particularly high standard. Fortunately, technological solutions such as iThenticate allow government organizations to avoid instances of text plagiarism in an efficient manner.
Sponsored
Creating meaningful citizen experiences in a post-COVID world requires embracing digital initiatives like secure and ethical data sharing, artificial intelligence and more.
Sponsored
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?
Sponsored
As more state and local jurisdictions have placed a priority on creating sustainable and resilient communities, many have set strong targets to reduce the energy use and greenhouse gases (GHGs) associated with commercial and residential buildings.