10 Destructive COVID-19 Data Breaches
Health care firms, especially those involved in vaccine and treatment research, are prime targets.
![COVID-19 Scams Hacker COVID-19 Scams Hacker](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt9e1077bc972c2746/652458649bdad96b7fc24d6e/COVID-19-Scams-Feature.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
At least 18 companies and the City of Knoxville, Tennessee, have all been hit with ransomware attacks. And all chose not to pay the ransom, said Tyler Moffitt, security analyst at OpenText. The companies include Snaptron, Lionco, Silvaris and Digital Management.
“As a result, the cybercriminals released the affected companies’ data to the public on the dark web,” he said.
A new banking scam uses terms such as “COVID-19” and “FMLA” to target victims. First reported last month by Juniper Networks’ Threat Labs, this phishing scam, when successful, installs IcedID banking malware into a victim’s system, Paunet said.
Microsoft also warned in May about another phishing scam that attempts to deliver the malware virus known as Lokibot into victim’s systems, Paunet said. In their presented example, the subject lines followed the tone of “business continuity” and “pandemic plans.”
When infected, LokiBot will steal saved login credentials from a variety of browsers, file transfer protocol (FTP), mail and terminal programs. And then it will send them back to the attackers’ servers where they can be later retrieved.
Among the data breaches leveraging COVID-19, quite a few are targeting the health care industry, Hicks said.
“One example is 10x Genomics, which was successfully attacked with ransomware,” he said. “They were able to contain the attack to a segment of their network, but still had about one terabyte of data exfiltrated.”
Another attack worth noting is Hammersmith Medicines Research. It was compromised by Maze ransomware, Hicks said. Data there was successfully exfiltrated as well, he said.
For very high-profile attacks, hackers will auction off data instead of releasing it free to the public, Moffitt said. The Allen Grubman law firm, which represents high-profile celebrity clients, was the victim of a file-encrypting malware. That’s where hackers stole confidential documents and threatened to leak those files on the dark web if the victim failed to pay their demanded ransom, he said.
In April, scammers were sending text messages under the guise of coming from big-box stores like Costco, Paunet said.
“These texts prompted victims to complete a survey for the chance to purchase bulk items at a discounted price,” she said. “People were attracted to the words “stimulus,” “paper goods” and “reduced,” easily falling victim to these cyber criminals.”
One change we’ve seen recently is cybercriminals will now steal data before they issue ransom in case a person decides not to pay, Moffitt said.
“They will then auction or release the data so that the person’s company faces ramifications for regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA),” he said. “The cybercriminals are trying to create a scenario where paying the ransom is the most attractive option available.”
Phishing malspam into ransomware is one of the most popular infection vectors, Moffitt said. Cybercriminals have adapted to the COVID-19 landscape and a large majority of all the phishing emails surround COVID-19. They’re usually themed with Centers for Disease Control (CDC) guidelines, free testing, etc., he said.
“The phishing email usually contains a Word document that requests for you to run a macro-enablement,” he said. “Once a person clicks the ‘enable content’ button, the malspam will download a trickbot or dridex, which will analyze the network so the cybercriminals can decide what kind of environment the person’s computer is in and they can ballpark a figure of what they would want to charge for a ransom.”
Unemployment fraud is among the top COVID-19 scams. For example, CBS Boston reports residents in Massachusetts have been targeted as part of a national unemployment fraud scheme. The state first warned of the scam in May. Since then, more than 58,000 fraudulent claims have been filed.
With the possibility of a second stimulus check, scammers no doubt are ready to pounce again. TransUnion cites stimulus check scams among the top COVID-19 related scams.
According to the Better Business Bureau, a typical scam goes like this: You get a message or see a social media post regarding the COVID-19 economic impact check. You click the link and are taken to what seems to be an official website asking you to enter your personal information and/or banking details. It’s “necessary” to verify your identity and process your check.
With the possibility of a second stimulus check, scammers no doubt are ready to pounce again. TransUnion cites stimulus check scams among the top COVID-19 related scams.
According to the Better Business Bureau, a typical scam goes like this: You get a message or see a social media post regarding the COVID-19 economic impact check. You click the link and are taken to what seems to be an official website asking you to enter your personal information and/or banking details. It’s “necessary” to verify your identity and process your check.
The onslaught of COVID-19 data breaches has left a trail of victims, both businesses and individuals, globally.
And the volume is unlikely to drop as the pandemic rages on.
People, especially early on in the pandemic, were looking for any pieces of information they could find. That’s according to Heather Paunet, Untangle‘s senior vice president of product management.
Keep up with resources for supporting partners and customers during the COVID-19 crisis. |
Untangle’s Heather Paunet
“People were signing up for news alerts, oftentimes not checking the validity of a site, giving away their personal information without thinking twice,” she said. “In looking for information or some way to navigate through the pandemic, people were also purchasing large quantities of household staples without any due diligence. For example, on Amazon, you can purchase items in bulk, and many times this is where people went for masks, paper goods, food items. But if they are not careful, [malicious hackers] can create false shopping pages, gaining access to payment information with no intention of delivering items purchased.”
Jessica Couto is vice president of North America channels at Vectra AI. She said it’s obvious that pandemic operating conditions haven’t made anything easier for network defenders.
Vectra AI’s Jessica Couto
“Traditional IT management and legacy security controls are farther removed from mobile assets,” she said. “And continued stress and anxiety among staff have increased susceptibility to social engineering attacks; in fact, the increased risk of fraud related to the operating environment of COVID-19 is deemed significant enough that it was specifically mentioned as a justifying factor for the U.S. Secret Service’s newly created Cyber Task Force.”
COVID-19 Data Breach Trends
Webroot shared the following disturbing pandemic-related trends:
Two percent of all COVID-19 websites created in past few months were malicious.
There has been a 2,000% increase in malicious files with Zoom in their name.
A 40% increase in unsecured remote desktop protocol (RDP) machines for remote working. With unsecured RDP, cybercriminals will use brute force to gain complete control of the machine. Unsecured RDP isn’t new, but during the pandemic, the attack area surface is only continuing to grow.
Jason Hicks is Kudelski Security‘s global CISO. He said the pandemic has made health care firms priority targets for malware. That’s especially true for those involved in vaccine and treatment research, Hicks believes.
Kudselski’s Jason Hicks
“They feel like these firms would be more willing to pay if they are successfully compromised due to the high pressure environment they operate in,” he said. “An additional enticement for targeting these firms could determine which organization is having success during their vaccine or treatment testing. This would appeal to criminal groups from an investment perspective. If you knew ahead of time one of these firms had approval to release a vaccine or treatment, their stock price would skyrocket after the announcement.”
It’s also appealing for nation-states that don’t mind being shady, Hicks said. For example, say a country wants to produce its own treatment or vaccine without paying the firm that developed it.
A new TransUnion study shows phishing is the top digital fraud scheme related to the pandemic globally.
“From the impacts of phishing and other well-documented COVID-19 scams like unemployment fraud, it’s clear that fraudsters have the data and increasing opportunities to create synthetic identities and utilize stolen identities,” said Shai Cohen, TransUnion’s senior vice president of global fraud and identity solutions. “Identity fraud is a primary way fraudsters leverage stolen consumer data from phishing and other social engineering schemes. It can have long-term impacts for consumers such as the compromise of multiple online accounts and bringing down credit scores, which we anticipate will increase during pandemic reconstruction.”
MSSPs Can Help
Consider MSSPs a “force multiplier” in protecting organizations, Couto said. That’s particularly true for those that offer managed detection and response (MDR) services.
“But organizations should still recognize that MSSPs themselves may be adjusting to pandemic operating conditions,” she said. “It’s critical that organizations do their due diligence, and don’t just shop for big names, but also evaluate the specific set of capabilities that they need, and whether those are best delivered through a big-box or boutique player. Additionally, it’s critical that organizations are as adamant about measuring MSSP key performance indicators as they are about measuring their own.”
Successful enterprises, Couto added, aren’t just measuring mean time to detect; “they’re measuring the mean time to action and mean time to resolve.”
Scroll through our slideshow above outlining 10 COVID-19 data breaches.
Read more about:
MSPsAbout the Author(s)
You May Also Like