5 big questions about cyber attacks under COVID-19

Kemptville Hospital. The transit network in Gatineau. City Council of Clarence-Rockland.

These are just a few of the organizations in the Ottawa area that have fallen victim to cybercriminals in recent weeks, encouraged as the COVID-19 pandemic forces people to work from home and more and more businesses are being run online.

The healthcare industry in particular has proven to be a juicy target: just this month, the Rideau Valley Health Center also experienced a “cybersecurity incident” that took its IT network down.

And it doesn’t just happen locally, where criminals carry out a devastating attack on Newfoundland and Labrador’s health network and steal personal information associated with both employees and patients.

So how bad is the situation? Why is the pandemic making things worse? And what can organizations do to protect themselves? We asked that kind of question to a couple of cybersecurity experts, and here’s what they had to say.

What kind of attacks do organizations face?

Two of the most common attacks are phishing scams and covert installation of ransomware, according to It. Sgt. Vern Crowley with the Ontario Provincial Police’s Cybercrime Investigation Team.

Phishing attacks generally involve someone somewhere trying to entice people to provide personal information such as passwords or banking information.

This week, a man from Ottawa was one of three people arrested in connection with an alleged phishing scam that broke the province’s COVID-19 immunization system.

On the other hand, ransomware is malicious software that – once installed – encrypts data, forcing users to pay a ransom, usually in the hundreds of thousands of dollars, in exchange for the tools to regain access.

Kemptville District Hospital temporarily closed its emergency room in October after falling victim to a cyberattack. (Francis Ferland / CBC)

Have they really become more common during the pandemic?

The broad consensus seems to be that yes, the COVID-19 pandemic is contributing to an increase in cybercrime.

The Canadian Center for Cyber ​​Security (CCCS) has said crimes are being reported more frequently, especially lucrative ransomware attacks on the country’s frontline health and medical research facilities.

Federal government employees working from home on virtual private networks (VPNs) were also warned in the early days of the pandemic to be on guard against phishing attacks.

Crowley said his team “absolutely” has seen attacks increase under COVID-19, as many organizations pay ransom to get their data back, and cybercriminals realize they can make money fast.

“A lot of criminals are just moving to the online world,” he said. “It’s taken place across the board. Every sector we see is affected.”

Why is healthcare so attractive a goal?

According to iSecurity Consulting Raheel Qureshi, whose firm works with dozens of Canadian hospitals and other healthcare organizations, there are two major reasons.

The highly integrated nature of the sector, with hospitals and clinics sharing patient records and survey results back and forth, means criminals can exploit vulnerabilities and encrypt data without anyone noticing, Qureshi said.

“The more complex your ecosystem is, the harder it’s for you to discover and manage and track, right? Not that it’s not feasible, [but] there is a lot of investment required, “he said.

“They are not concerned with cybersecurity. They are concerned with providing patient care.”

What’s more, when IT networks in the healthcare field go offline, it can endanger people’s lives – and ransomware attackers know they’re in a hurry.

“The healthcare sector pays when needed,” Qureshi said. “It’s been a very lucrative business for these threatening actors.”

A graph from a report from the end of 2020 from the Canadian Center for Cyber ​​Security shows that ransomware payments have increased steadily. Qureshi says the organizations he helps generally face claims ranging from $ 500,000 to $ 1 million, though negotiations could bring the final ransom down to a few hundred thousand dollars. (Canadian Center for Cyber ​​Security)

So how can organizations stay safe?

The best thing many organizations can do, Qureshi says, is get a company like his to carry out a simulated ransomware attack: a two- to three-week exercise that will locate their IT vulnerabilities and offer solutions to correct them.

Individuals should also be tested, perhaps with a fake phishing attack, so they know how to spot danger signs and react properly, he adds.

Crawley says it is a good idea for organizations to ensure that all important data is backed up offline. Those who use VPNs should implement multifactor authentication to gain access – a password combined with e.g. a one-time code sent via text message.

He says it’s also important to stay on top of the latest hacks and trends in cybercrime, whether it’s by monitoring CCCS’s warnings and advice or checking for malicious websites through the non-profit Canadian Internet Registry.

Ultimately, groups should always have a game book to both prevent attacks and respond if there has been a breach, said Crawley – one who involves notifying police. Various police forces can then collaborate on investigation to track down the perpetrators across the country and around the world.

Raheel Qureshi, a partner and co-founder of iSecurity, says the highly integrated nature of the healthcare sector makes it a particularly juicy target for cybercriminals. (Posted by Raheel Qureshi)

If they get ransomware, do they have to pay?

It is a complicated question and there is no easy answer.

Many perpetrators are “very professional in an unethical way,” Qureshi says. Organizations that submit to the ransom requirements generally receive complete instructions for decrypting their files, 24-hour service, and sometimes even text files that explain how to strengthen their online defenses.

Qureshi’s theory is that “ingenious” hackers in developing countries can only turn to cybercrime because they lack the legitimate options in places like North America or Europe and carry no malice to their targets.

“Deep down, they feel bad that it’s a hospital. But they do not feel bad, because in the end, they think of it as a professional transaction,” he said. “It’s a different world.”

Still, police would never tolerate paying a ransom, Crawley says – after all, you can not trust criminals to do what they say they will do, and that just encourages them to keep breaking the law. But he also understands why someone might decide that it’s best to just cough up the money to make the problem go away.

“If you’re at that level of danger and have to do it, it’s a business decision,” Crawley said.

“Everything we say [from the] The law enforcement side is, please make sure you keep all digital evidence related to the financial transactions or communications so we can get hold of these guys. “

Leave a Comment

Advertise