Hackers crossed a line last week when they struck the computer network of the Czech Republic’s second largest hospital as it was testing people for the novel coronavirus.
It was also a tipping point for Ohad Zaidenberg, an Israel-based cyberthreat researcher. “If anyone is sick enough to use this global crisis to conduct cyberattacks, we need to try to stop them,” he said.
And so Zaidenberg stepped up his effort to assemble an ad-hoc group of malware hunters to gather data on COVID-19-related hacking.
By day, they are cybersecurity professionals at well-known companies in Israel, Europe, and North America. By night, they are sending threat data to health organizations and those in other sectors strained by the pandemic.
It’s still a nascent project: there are about 70 people in the group, and Zaidenberg wants to expand it to cybersecurity specialists from all parts of the world. Others are following suit: Joshua Saxe, chief scientist at antivirus firm Sophos, started a similar initiative on Wednesday.
Zaidenberg is one of many cybersecurity hands trying to help out in a time of need. The pandemic is also prompting anti-ransomware experts to do pro bono work.
Cybersecurity companies Coveware and Emsisoft announced this week that they would offer free ransomware recovery services to any hospital or health care organization dealing with COVID-19. They also appealed to ransomware gangs: Stand down, because your family might need treatment for the respiratory disease, too.
Threat intel for those who need it
The Health Information Sharing and Analysis Center (H-ISAC), whose members include big health care providers, has already received threat alerts from Zaidenberg’s volunteer group. Nate Warfield, a security specialist at Microsoft working with Zaidenberg, said he has sent data on a software vulnerability affecting three dozen medical organizations to the H-ISAC.
H-ISAC has in turn been sending its members regular alerts on COVID-19-related scams, which have included a surge in phishing activity against a variety of sectors. The threat-sharing hub is also looking to provide more free cybersecurity tools to members, said H-ISAC chief security officer, Errol Weiss.
“In times like this, we really want organizations to focus on securing their own environments,” Weiss said, adding that the free cybersecurity tools can “help secure a lot of organizations that don’t necessarily have the resources to do that.”
Health industry associations say they are in close touch with federal officials on COVID-19-related hacking threats.
“We are in high-tempo interaction with HHS, DHS and FDA as questions come in about things like what types of organizations are essential for COVID-19 response that might have a higher susceptibility to cyberattacks,” said Greg Garcia, executive director for cybersecurity at the Health Sector Coordinating Council.
The more that volunteer groups can feed their data into those discussions, the more effective cyberdefenses will be against the next miscreant who tries to exploit the pandemic.