COVID-19 Cyber Attacks

Several cybersecurity firms and international government agencies are reporting a surge in attackers using the COVID-19 pandemic as a malicious tool against their victims. Hackers, scammers and even foreign state-sponsored actors are looking to profit off of the pandemic. Exploiting the situation, malicious activity like phishing attempts, ads for counterfeit products, scam charity requests and malware have all increased by 300%. As companies scramble to set up the infrastructure needed for their employees to work from home, reports of video-teleconference hijacking known “Zoombombing” is a growing phenomenon which is wreaking havoc via Zoom. There are more than 500,000 new sites using malicious web domains to steal users’ private credentials by containing terms like “covid” and “coronavirus”. These schemes have led to unprecedented amounts of theft, identity hijacking, and ransomware to steal money from the vulnerable. Foreign agents are looking to spread false information about the disease to interfere with response efforts. Tragically, healthcare organizations and hospitals are among the most targeted. Thousands of hospitals worldwide are being attacked via ransomware using encryption to lock down patient records if a ransom isn’t paid. In Chicago, the public health department website which holds personal data of hundreds of thousands of people was taken offline following a ransomware attack. Ramifications of these attacks, especially during the outbreak, are devastating. The horrific implications on human lives aside, small independent hospitals already struggling to keep up with the demands of the virus, are now overloaded with ransom requests as high as $6.5 M. We all need to remember that it’s imperative to keep up cyber security efforts. Hospitals and small businesses alike need to implement security measures like multi-factor authentication to verify authorized remote users, and ensure remote employees are using a virtual private network (VPN) while logging in. IT departments simultaneously should be enhancing remote monitoring during these times. Cybercriminals have wasted no time figuring out how to exploit COVID-19.