It was only a matter of time before hackers exploited the coronavirus pandemic for nefarious gain. Certainly others are coming but one primary attack has occurred this week against the US government. Another happened previously but was announced this month against a consumer-based organization heavily impacted by the COVID-19 virus.
Likely the effort of a foreign actor, what appears to have been a distributed denial of service (DDOS) attack targeted the HHS Department. The attack tried to overwhelm the HHS servers by launching millions of hits for hours. Fortunately the effort didn’t succeed. The threat actors attempted to create disruption and interfere with the HHS’s ability to manage the pandemic, as well as thwart American interests in general. It’s not being called a hack because no breach occurred to the HHS system, fortunately, as it houses critical functions active during this current pandemic.
A successful DDOS attack would have turned users’ machines into automated bots and used them to control the larger system, overwhelming it or bringing it down.
The attack began before midnight on Sunday (March 15). The National Security Council warned they’d seen fake text messages. An anonymous person started the process by sending a warning message that they had military friends who had heard that the “president will order a two week mandatory quarantine for the nation.” The message spread via text, email and social media and officials believe it was related to the HHS cyberattack.
The president did encourage Americans to keep group gatherings to under 10 people on Monday, as well as to stop going to restaurants and bars, but he did not suggest a mandatory quarantine.
John Ullyot, a spokesman for the National Security Council, said, “We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly. HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks.” He also said, “HHS and federal networks are functioning normally at this time.”
Officials believe the attack came from outside the US but the source is still unknown.
Another spokesperson, Health and Human Services Secretary Alex Azar, said yesterday Monday March 16 at a White House briefing on the coronavirus, “We had no penetration into our networks, we had no degradation of the functioning of our networks.”
The agency has also said it has “put extra protections in place” as it responds to the coronavirus outbreak.
The CISA also issued a statement from Sara Sendek, “CISA will continue to support our partners at HHS as they protect their IT systems. CISA has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies, including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts. We’re confident that the measures we’ve all put into place are sufficient, and we will stay on the lookout for and defend against malicious activity.”
Still, the concern of cyberattacks coming from anti-American foreign actors remains a concern, especially while the COVIC-19 crisis continues.
The government isn’t the only target. As if they didn’t have enough problems, Princess Cruises’ troubles continue to mount.
In February, everyone watched the grim story unfold of the Diamond Princess ship and its initial 10 people, followed by others, who tested positive for COVID-19. Now, two Carnival Cruise lines – the Princess Cruise company and its Holland America line - released the news in early March that they had received fraudulent emails last May that ultimately gave a third party unauthorized access to employee emails. The short version: their systems were hacked.
The company lines reported they "acted quickly to shut down the attack and prevent further unauthorized access." After, they hired a prominent cybersecurity company to investigate and assist them in rebuilding a securer environment.
The investigation didn’t turn up good news. They found the hackers had accessed personal information for employees and guests in three categories: personally identifiable information (PII) - including Social Security numbers, government ID numbers, passport and identity card numbers; financial – credit card and financial account info; and health information.
So far, the cyber PIs haven’t seen that the hacked data has been used for identify theft or other bad acts. Carnival will be providing the usual credit monitoring services, which will add additional expenses to what Carnival is already anticipating to hit their bottom line.
These are scary and unprecedented times, no question. The world has seen pandemics, yes, but this one is playing out very differently from any before it. Certainly nothing anyone saw coming. Information changes by the minute, accompanied by all manner of reactions and reactions. Locking down our personal lives is not a fun prospect but when it’s critical for safety, people do it. The same is true for data. Locking down data and applications so they’re safely protected from invaders is essential for its health – and ultimately for the well being of its owners.
During this time where life everywhere is radically impacted, level heads and precautionary measures must prevail, both in our personal lives and our cybersecurity and data systems.
Learn more in the resources below and at https:/virsec.com.
Further resources
Solution Brief: Ransomware Protection
The Virsec Story: Game-Changing Application Visibility & Protection
White Paper: Runtime Application Visibility & Protection
The Year of Rising Ransomware, Ryuk Wields its Own Unique Nastiness
Oregon DHS hit by massive phishing attack, 645K accounts compromised
Sources
https://www.fool.com/investing/2020/03/02/carnival-cruise-lines-reports-cyberattack.aspx