Cybersecurity experts come together to fight coronavirus-related hacking

An international group of nearly 400 volunteers with expertise in cybersecurity formed on Wednesday to fight hacking Called the COVID-19 CTI League, for cyber threat intelligence, the group spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft Corp (MSFT.O) and Inc (AMZN.O).


One of four initial managers of the effort, Marc Rogers, said the top priority would be working to combat hacks against medical facilities and other frontline responders to the pandemic. It is already working on hacks of health organizations.


Also key is the defense of communication networks and services that have become essential as more people work from home, said Rogers, head of security at the long-running hacking conference Def Con and a vice president at security company Okta Inc OKTA.


The group is also using its web of contacts in internet infrastructure providers to squash garden-variety phishing attacks and another financial crime that is using the fear of COVID-19 or the desire for information on it to trick regular internet users.


“I’ve never seen this volume of phishing,” Rogers said. “I am literally seeing phishing messages in every language known to man.”  Phishing messages try to induce recipients to enter passwords or other sensitive information on websites controlled by the attackers, who then use the data to take control of bank, email or other accounts.


Rogers said the group had already dismantled one campaign that used a software vulnerability to spread malicious software. He declined to provide details, and said that in general the group would be reluctant to reveal what it was fighting.


Rogers said law enforcement had been surprisingly welcoming of the collaboration, recognizing the vastness of the threat.


Rogers is a UK citizen based in the San Francisco Bay Area. Two other group coordinators are American, and one is Israeli.


“I have never seen this level of cooperation,” Rogers said. “I hope it continues afterwards, because it’s a beautiful thing to see.”


Coronavirus Is a New Challenge for Cybersecurity

By Silviu Stahie on Apr 20, 2020

If you think the COVID-19 epidemic means a respite from cyberattacks against companies, you’d be wrong. If anything, the situation is worse, as organizations divert resources to other parts of the business, leaving their infrastructure exposed. And the proof of that is the flurry of attacks against hospitals.


It’s unhealthy for a company to believe hackers will pass up the opportunity to attack infrastructures or to compromise valuable data. Even if other concerns might seem more important right now, protecting a company’s assets has never been more vital, especially when cybercriminals lack any scruples.


From a security point of view, having most or all employees working from home is a challenge. Once a terminal leaves the protective shell of the corporate infrastructure, it becomes more exposed. Sure enough, all emails still flow through the same filters, but much network security is absent.


People still need to work and, in some situations, they need to use VPN and RDP connections (remote desktop protocol) — not a happy scenario for security teams. RDP is the preferred infiltration vector for ransomware, followed by phishing.


Don’t think you’re out of the woods


Since pretty much everyone in the world is now focused on the global Covid-19 pandemic, it’s easy to lose sight of other aspects. Where feasible, people have started to work from home, but people are usually a weak link in the cyberchain and prone to making bad security decisions.


The global pandemic has proven a useful carrier for phishing, with emails touting messages from officials, selling high-quality protections masks, or promoting so-called advice to people looking for more information.


This is just one scenario: Someone is tricked by a phishing email and either offers a user name and a password for some bogus website or inadvertently installs a piece of malware that starts syphoning data.. Now, with all that information, possibly even legitimate credentials, in the hands of attackers, they can start going after the corporate network. For instance, they could even try dialing in using RDP connections and then easily move inside the corporate network.


Cybercriminals won’t back down just because a global crisis is in the making. If anything, they will attack the more vulnerable industries to capitalize on the urgency of the situation. Healthcare is obviously on the frontlines now.


Just recently, the University Hospital Brno was hit by an unspecified cyberattack, forcing to shut down their IT network. For hospitals, an inability to treat incoming or existing patients in critical condition would be the absolute worst-case scenario, which makes healthcare all that much more valuable than it already was. Now more than ever, it’s essential to have the proper protection in hospitals and all other healthcare-related facilities.


Just because it’s not healthcare, doesn’t mean you’re safe


Right now, the bulk of attacks seem focused on healthcare providers and adjacent verticals, and they involve all sorts of Coronavirus phishing scams. But the masses of people or employees now working from home will soon become a focus for attackers.


Just because the Coronavirus appears to be the only affliction today, it doesn’t mean that all other illnesses and diseases are taking a break. By the same token, just because everyone is watching ransomware and hospitals right now, doesn’t mean that all the other attackers looking to steal databases, infiltrate critical infrastructure, or simply to create mayhem will take a breather.


If cybersecurity wasn’t on many companies’ agendas, especially in a work from home scenario, it’s becoming a growing priority. The challenges of keeping all employees safe, wherever they may be in the world, mustn’t be taken lightly, and measures need to be undertaken before it becomes a real problem.