Latin America. Technology services company NTT Ltd. released its Monthly Threat Report, revealing that there has been a significant increase in cyberattacks in the wake of the emergence of COVID-19, as hackers seek to exploit the panic related to the Coronavirus, along with vulnerabilities created by an increase in remote working.
Recent attacks have included information-stealing malware embedded in a World Health Organization (WHO) fake information app, while phishing emails have offered on-demand items, including face masks, hand sanitizer and coronavirus testing. High-profile attacks have been launched against hospitals, the World Health Organization and a COVID-19 testing center.
It seems that now the tactics and strategies of threat actors are becoming more sophisticated and more focused on aspects such as industry, geography (including country-specific phishing lures as the virus becomes more prevalent), as well as taking into account the purchases and deliveries of the potential victim.
Hospitals in particular have experienced a wave of threats, at the exact moment when their resources are focused on saving lives and managing an overflow of patients. Ransomware, encrypting apps and files until a ransom is paid, has been the main threat, along with attempts to steal patients' financial information and medical records.
For example, in Italy information-stealing malware has been discovered via emails with the subject line 'Coronavirus: Important Information for Caution' containing a malicious Word document. Research suggests that, when opened, the document asks the victim to click the "Enable Content" button to properly view the message. Once a recipient clicks, malicious macros will be executed that extract various files to install and launch the Trickbot malware. If successfully installed, Trickbot collects information from the compromised system and attempts to move laterally through the connected network to gather more information. Any information acquired is returned to the attackers.
In response to the increase in attacks launched by cybercriminals seeking to exploit the panic caused by the pandemic, NTT Ltd. will provide qualified hospitals fighting the coronavirus with cybersecurity incident response support at no cost, should an incident occur.
Starting on World Health Day, Tuesday 7 April, hospitals across the UK and Ireland, Europe, North America, Australia and Singapore will be able to use their cybersecurity incident response services for 60 days. After an assessment, the service will include remote deployment of NTT's incident response tools and then focus on containment and remediation of the attack.
Matt Gyde, President and CEO of the Security Division of NTT Ltd., says: "Unfortunately malicious actors are launching cyberattacks that attempt to exploit panic, security vulnerabilities and the fact that our hospitals are already under enormous pressure. Hospitals around the world need help to be able to respond quickly to threats as they carry out their important work in the fight against the Coronavirus."
