Cyber criminals target hospitals and homes in the time of lockdown

Security threats have sky-rocketed after the lockdown began

cyber_attack Representative image

If you thought a global emergency like the coronavirus pandemic would mean an instant ceasefire to all other strife—ISIS, for example, promising not to carry out any terror attacks in Europe during this crisis—perhaps a reality check is in order. In the realm of cyberspace to which most of us have been ‘locked in’ for the past few weeks, security threats have only sky-rocketed. 

What’s worse, the new favourite targets of cyber criminals are the very people on the front lines of the battle against COVID-19—hospitals and healthcare professionals.

Also in the crosshairs of the web bandits are home computers of people working from home (WFH), as they are a vulnerable points to access company networks. Number of cyber attacks on Indian companies has doubled since the outbreak, according to a recent study by PricewaterhouseCoopers.

Interpol this week issued a ‘purple alert’ to all its 194 member countries warning of possible cyber attacks of hospitals and other healthcare institutions. 

“Hospitals and other institutions on the front lines of the fight against the coronavirus…have also become targets of ransomware attacks designed to lock them out of their critical systems in an attempt to extort payments,” it said in its advisory. 

This came after its Cybercrime Threat Response Team detected an increased number of ransomware attacks against medical targets in the past few weeks — hospital functions, including vital patient files and systems are made inaccessible by hackers thus holding up critical medical treatment until a ransom is paid.

According to K7 Computing, a leading cyber security firm, hacking incidents will increase by 16 per cent by the time this month is through. As per its tracking unit, the number of blocked events, that is, hacking attempts that were not successful, had increased by 260 per cent since the lockdown started.

“There has been an increasing number of COVID-19 based cyber threat events in India and across the world ranging from phishing website campaigns, emails claiming to be sent by the World Health Organization, and even malicious Android apps, including mobile banking Trojans,” points out J. Kesavardhanan, founder and CEO of K7 Computing. “There has also been a large increase in unwanted software using deceptive means to infiltrate user devices,” he adds.

Another major area of vulnerability is that with WFH becoming the norm, many company networks become vulnerable as employees log in through their home devices which may be poorly protected against viruses and malware. “The risk is higher,” admits Kesavardhanan, “since employees working from home…are no longer behind a corporate firewall along with gateway web filtering.” The problem stems from the fact that many company IT admins have had to loosen their firewall settings to allow employees to connect to their office computers remotely. 

According to Shodan, a search engine that scans and indexes devices instead of websites, half a lakh computers in India are thus exposed. A PricewaterhouseCoopers study recently had warned how cyber-attacks on Indian companies have increased. Cybercriminals use the disruption brought about by the COVID-19 outbrak to infiltrate corporate networks and steal data, the report pointed out.

“We have seen a considerable amount of increase in cyber security threats as people are using the pandemic to dupe people by sending out false information, mails etc,” says Trishneet Arora, founder & CEO, TAC Security. Checkpoint, a leading global cyber security firm’s survey of the IT sector released on Tuesday, said 71 per centof IT professionals they surveyed reported an increase in security threats and attacks since the advent of the coronavirus outbreak.

Bitdefender, a security solutions provider, took note of the serious situation many hospitals were in, and recently made its enterprise-grade security solution free for hospitals and other healthcare organisations for the next one year. “With this move, healthcare providers (can) work at full capacity on delivering care during the pandemic, without worrying about falling victim to the ruthless, opportunistic attacks revolving around this crisis,” according to a statement by Bitdefender.