Cyber criminals ‘feel no shame’ in extorting hospitals and people working from home
Cyber criminals are trying to con hospitals and people working from home as gangs seek to take advantage of the coronavirus pandemic, leading security experts said.
Police forces across the world said there was a rise in sophisticated crimes that involved sensitive patient data being snared by online crooks who then demand large payments for their release.
Candid Wueest, vice president of tech business Acronis, said he witnessed a significant surge in the number of ransomware attacks among the company’s UAE clients since the Covid-19 outbreak.
Acronis said there were 308 cyber attacks on its UAE clients in March compared with 115 in the same month last year.
Among those attacked were a number of hospitals.
Mr Wueest said all the attempts were successfully blocked.
“Cyber criminals don’t feel any shame when it comes to attacking hospitals and healthcare facilities,” he said.
“It’s vital that hospitals have access to their patients’ files, now more than ever in the middle of a pandemic. If they weren’t able to gain access there could be devastating consequences.
“An ordinary company could try and get their systems back up and running in a day or two but hospitals don’t have that luxury.”
Interpol recently said it detected a rise in the number of ransomware attacks on institutions involved in responding to the virus across the world.
Ransomware attacks typically take the form of malicious software that stops organisations accessing important data until money is paid.
“Hospitals can find themselves having no choice but to pay it because the data that’s being blocked could be the difference between life and death,” Mr Wueest said.
“They need access to their medical records every minute of every day.”
Hospitals typically do not have the same level of online security as other institutions, such as banks, he said.
“Machines like respirators and breathing apparatus are essential and are often connected to the internet,” he said.
“Criminals target those machines because they see them as having vulnerabilities and weak passwords.”
Aster Healthcare, one of the country’s largest providers, told
The National it had experienced a rise in staff being bombarded with suspicious emails.
“People are so reliant on digital technology for information it leaves them vulnerable and makes them easy prey for criminals,” said chief information officer Veneeth Purushotaman.
He said a combination of security networks and the diligence of staff had prevented Aster from falling foul of the cyber scams.
However, he said it was important to remain alert to the dangers posed by cyber criminals, whose methods were constantly evolving.
“It is difficult to defend against these attacks even with the best security measures in place,” he said.
“That’s why it’s important to keep upgrading and updating security tools.”
Criminals hoping to exploit the global pandemic are also trying to extort money from people working from home.
A recent report from tech security company McAfee said there was a surge in cyber crime since March, as crooks tried to capitalise on the uncertainty caused by the Covid-19 crisis.
This came as little surprise to Maher Yamout, senior security researcher at global tech-security company Kaspersky.
“Because so many people are working from home and therefore online, there’s a bigger catchment area for cyber criminals than ever,” he said.
“One of the scams they are doing is sending out phishing emails claiming to contain information about deliveries people are waiting on.
“Because so many people are actually waiting on deliveries, the likelihood of them clicking the link is higher.”
He said many of the fake emails and links appear convincing, with the criminals pretending to be from major international companies like Amazon or Netflix, service providers that are experiencing high usage during the crisis.
“I would advise anyone waiting on an order to just go to the company’s website and type in the tracking number to get updates there,” he said.
“I would avoid clicking on the email altogether.”
Tarek Kuzbari, from the Cybereason security consultancy, opened the company’s new Middle East office in Dubai last month.
He said criminals were training their sights on the UAE because they felt it was an affluent country, where the rewards could be high.
“Employees used to be working in offices with expensive security systems to protect them from cyber attacks,” he said.
“Now they find themselves working from home and not everyone has been equipped for such an environment.
“Criminals are ramping up the targeting of people at home with fewer capabilities to protect themselves.”
He said there were even instances where websites had been created by the cyber criminals with statistics about Covid-19, in the hope of exploiting people’s desperation for information about the coronavirus.
“Every time someone accesses those types of sites it will trigger an attack,” he said.
Criminals are ramping up the targeting of people at home with fewer capabilities to protect themselves TAREK KUZBARI Cybereason