National Post (National Edition)
Cyberattack targets response workers
Two Canadian organizations involved in work on COVID-19 — one a government body — have been the targets of recent ransomware attacks, according to a report from U.S. cybersecurity giant Palo Alto Networks Inc. that highlights the increased opportunities the pandemic is creating for cyber-criminals.
The new research, published Tuesday by Palo Alto’s Unit 42 threat intelligence team, centered on an attack aimed at encrypting the computer files of “several individuals associated with a Canadian government health organization actively engaged in COVID-19 response efforts, and a Canadian university conducting COVID-19 research.”
The company did not say which specific university, or which public health agency was targeted, but said the attacks were unsuccessful.
Jen Miller-Osborn, deputy director of threat intelligence with Palo Alto, said they’re seeing an uptick in phishing attacks in which criminals use the pandemic as a hook to trick people into opening an attachment or clicking a link.
In one of the attacks described in the report, targets received an email with a file attachment named “20200323-sitrep-63covid-19.doc” that if opened would encrypt files on their computer until a ransom had been paid.
Miller-Osborn said the targeting of front-line healthcare providers was particularly troubling.
“Right now, going after people who are on the front lines is just really despicable. So we really want to call attention to the fact that that is happening to make sure those people on the front lines have as much awareness as they can,” she said.
But she added that the pandemic was creating a much broader set of opportunities for criminals as well.
For one thing, she said, it’s extremely useful that the same issue is affecting so many countries around the world at the same time, so putting “COVID-19” or some other pandemic terminology in the email subject line or attachment file name can trick a lot of people.
“They don’t need to put as much work into lures for different regions. You can literally take the same theme or the same file, and use it more broadly now,” she said. “The same kind of lures will now work on all of their targets.”
Miller-Osborn said there’s also a larger issue at play: with so many businesses facing upheaval due to social distancing measures, cybersecurity protocols have in many cases been upended.
With companies unprepared for most of their employees working from home, IT systems are strained.
“It’s not something they’re used to, right? So they don’t necessarily have best practices for working from home, because it’s something they might do only occasionally,” she said.
Miller-Osborn said most cyber attacks rely on manipulating users to click a link or open a file, and the simple mistakes that come with heightened stress can be a major factor. “Any business should be looking out for this phishing — emails and links to things, and even text messages,” she said.
She said a good cybersecurity practice can simply be to take a deep breath and not allow yourself to give in to the feeling that every email needs to be tackled instantly.
“It’s difficult to have the kind of awareness you need for security on top of taking care of your two kids that are at home, and your dog is going crazy, and your spouse is in another room on a call,” she said.
“The only way to really do anything about that is for people to kind of establish good behaviours while they’re working from home, like following those kinds of guidance and best practices, and whenever possible taking a break just to walk away.”