Some 20,000 coronavirus (COVID-19)-related cybersecurity threats have been reported to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) so far this year, an agency official said in early June.
The IC3 is tracking a massive spike in hackers attempting to capitalize on the COVID-19 crisis, Tonya Ugoretz, the deputy assistant director of the FBI’s Cyber Division, said during a virtual conference hosted by cybersecurity provider CrowdStrike. (via The Hill) In April, Ugoretz said that online crimes reported to IC3 had roughly quadrupled since January to 4,000 incidents daily. COVID-19 threat reports alone now account for five times that figure, more than the IC3 saw for all threats in 2019, including unrelated scams, phishing and fraud schemes.
“Already, here we are in the first or second week of June, the IC3 has already had as many complaints up to this point as they did for all of 2019, and that is for all types of internet fraud,” Ugoretz said.
Foreign nation-state hackers are zeroing in on healthcare institutions, pharmaceutical companies and research facilities working on treatments for COVID-19, Ugoretz said. “We have also seen other actors, including nation states, scanning for vulnerabilities, conducting reconnaissance, conducting intrusions, and attempting to steal data from those U.S. universities and research institutions that are really focused on trying to deliver that research in response to the pandemic,” she said.
The Department of Homeland Security’s Computer and Infrastructure Security Agency (CISA) is also tracking the startling jump in phishing attacks and ransomware extortions related to COVID-19. “We are seeing adversaries that are targeting our pharmaceutical companies, pharmaceutical research, laboratories, testing, and really out into the future manufacturing of the vaccine systems and the distribution of vaccines,” Ware said. “We are committed to doing everything we can in our mission of protecting critical infrastructure in protecting those companies involved in research and development of the vaccines.”
The list of COVID-19-tied infiltrators is long. In mid-May, the FBI and CISA warned Chinese government-backed hackers to lay off trying to steal COVID-19 related intellectual property and public health data from healthcare organizations and research organizations involved in vaccine development. At the same time, CISA and the United Kingdom’s National Cyber Security Centre (NCSC) warned that advanced persistent threat (APT) actors are probing for COVID-19 intellectual property on national and international healthcare policy along with sensitive research data.
A number of COVID-19-linked cyber attacks have hit federal agencies, including the World Health Organization (WHO) and the Department of Health and Human Services, in the past few months. For example, “hack-for-hire” cyber crews are ensnaring individuals in the U.S., the U.K., Bahrain, Canada, Cyprus, India and Slovenia with phishing email invitations to sign up for bogus COVID-19 notifications from the WHO.
In April, unknown hackervists made public some 25,000 email credentials reportedly belonging to staffers at the National Institutes of Health (NIH), the WHO, the Gates Foundation and others battling COVID-19. And, Iran-backed nation-state hackers tried to hijack the personal email accounts of a number of WHO staffers.
Managed security service providers (MSSPs) are also fighting COVID-19 cyber attacks on the healthcare industry. In late March, more than 400 cybersecurity experts formed the COVID-19 CTI League, a cyber threat intelligence group whose top priority is to combat hacks against medical facilities and other frontline responders during the pandemic.