Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers

A bipartisan group of senators sent a letter to both the Department of Defense and Department of Homeland Security on Monday urging them to take more action to defend the U.S. healthcare sector against hackers that have been exploiting the coronavirus pandemic.

The senators warned that if Gen. Paul Nakasone, the commander of U.S. Cyber Command, and Christopher Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA), don’t take more action to deter hackers, they will continue to pummel the U.S. healthcare sector will continue to get pummeled with coronavirus hacking campaigns.

“Unless we take forceful action to deny our adversaries success and deter them from further exploiting this crisis, we will be inviting further aggression from them and others,” Sens. Richard Blumenthal, D-Conn.; Tom Cotton, R-Ark.; Mark Warner, D-Va.; David Perdue, R-Ga.; and Edward Markey, D-Mass. write. “The cybersecurity threat to our stretched and stressed medical and public health systems should not be ignored.”

To deter these attacks, the group wants Cyber Command to take a page from its philosophy on going after nation-state hackers. The senators recommend that the unit “[e]valuate further necessary action to defend forward in order to detect and deter attempts to intrude, exploit, and interfere with the healthcare, public health, and research sectors.”

Cyber Command is responsible for defending the nation against cyberattacks and for defending U.S. military networks. In recent years, it has gained authorizations that make it easier for it to disrupt foreign hackers before they reach U.S. networks, a strategy commonly known as “defending forward.” CISA is responsible for coordinating and growing cyber resiliency among critical infrastructure providers.

And although some criminal groups claimed weeks ago they would avoid hacking healthcare organizations during the pandemic, there is a list of incidents that prove that promise was hollow. Nation-state hackers and criminal groups alike have seized on opportunities to distribute applications that appear benign and helpful, but which actually infect victim machines with malware and surveillance tools. Many more have sent spearphishing emails to victims purporting to have more information about the coronavirus, only to try stealing victims’ data or credentials.

In recent weeks, medical research entities that are studying the coronavirus or developing a vaccine have become targets, according to the FBI. The U.S. defense industrial base and DOD networks have also recently been targeted, according to the Pentagon.

Cyber Command declined to comment for this story.

Help, in any form

In light of the attacks, senators also want CISA and Cyber Command to provide more technical assistance to states, local emergency management agencies, and the National Guard on preventing breaches against critical infrastructure that may impact the healthcare sector.

The senators urged Krebs and Nakasone to publicly release threat intelligence related to pandemic-focused hacker activity, such as indicators of compromise.

“During this moment of national crisis, the cybersecurity and digital resilience of our healthcare, public health, and research sectors are literally matters of life-or-death,” the letter states.

CISA and Cyber Command should be conducting more public outreach to Americans to better explain coronavirus-related hacking and disinformation that is spreading online about the pandemic, the senators said.

The senators also suggest the agencies coordinate with the Federal Trade Commission and the FBI on spreading awareness about disinformation schemes — as well as cyber-espionage and cybercrime operations — that leverage COVID-19 themes. In recent weeks, China has been spreading the false narrative that the U.S. Army or Italy may be responsible for the origin of the virus, when evidence points to China as the location where the virus originated.

“Disinformation, disabled computers, and disrupted communications due to ransomware, denial of service attacks, and intrusions means critical lost time and diverted resources,” the senators warned. “Consider issuing public statements regarding hacking operations and disinformation related to the coronavirus for public awareness and to put adversaries on notice.”

The full letter can be read below.

[documentcloud url=”http://www.documentcloud.org/documents/6845797-Cyber-Command-CISA-Coronavirus-Hackers.html” responsive=true]