COVID-19 Response is now the State-Sponsored Hackers Turf. DIGITAL SCAMS AND phishing campaigns related to Covid-19 have been exploding since January, and it isn’t just criminal fraudsters driving the trend.
As researchers predicted, government-backed hackers around the world are exploiting the pandemic as cover for digital reconnaissance and espionage. Now Google says it has detected more than 12 state-sponsored hacking groups using the coronavirus to craft phishing emails and attempt to distribute malware.
In March, Elite hackers tried to break into the World Health Organization, sources told Reuters, part of what a senior agency official said was a more than two-fold increase in cyberattacks.
On Wednesday, Google’s Threat Analysis Group published findings of two of the state-sponsored campaigns it’s been tracking.
One notable effort, according to the researchers, targeted US government employees through their personal email accounts with phishing messages posing as coronavirus-related updates from fast-food chains.
AG says that Gmail automatically marked the vast majority of these emails as spam and blocked the malicious links.
“Hackers frequently look at crises as an opportunity, and COVID-19 is no different. Across Google products, we’re seeing bad actors use COVID-related themes to create urgency so that people respond to phishing attacks and scams. […] TAG has specifically identified over a dozen government-backed attacker groups using Covid-19 themes as lure for phishing and malware attempts—trying to get their targets to click malicious links and download files.” TAG director Shane Huntley wrote in a blog post about the findings.
In addition to the effort focused on US government workers, TAG also said it has been seeing new campaigns targeted at international health organizations, public health agencies, and the individuals who work for them. Some of the activity lines up with reporting from Reuters at the beginning of April that the Iran-linked hacking group Charming Kitten targeted the personal email accounts of World Health Organization staffers.
Coronavirus in Kenya
On Tuesday, May 5, while speaking at Afya House, Health Cabinet Secretary Mutahi Kagwe said Kenya had registered 45 new coronavirus cases, with Nairobi’s Eastleigh estate producing 29 of those new infections.
Mombasa produced 11 of the new cases, whereas Wajir recorded five new coronavirus infections. The five Wajir cases had a recent history of travel to Mogadishu, Somalia, said the CS. A Somali national was the other new carrier of the virus, said the minister. The 45 new cases were discovered in 1, 077 samples tested between Monday and Tuesday.
Kenya Airways had announced plans to repatriate citizens from three global cities. The national carrier announced the special repatriation flights via social media handles.
The first was from London (May 4th), Mumbai (May 7th) and finally from Guangzhou (May 8th). “Only Kenyan Citizens with COVID-19 test results will board,” KQ clarified.
According to a statement posted on their website, passengers were supposed to pay a one-way nonrefundable fare. All passengers must arrange their own COVID-19 tests and present proof of a negative result as a part of formalities.
“All passengers must undergo a mandatory quarantine of 14-28 days at their own cost as per government of Kenya guidelines,” it added with respect to the London and Guangzhou flights.
In the case of the Mumbai flight, passengers are: “required to present a copy of COVID-19 medical results at the check-in counter and the results must be negative. (Test to be taken max 07 days prior to departure).
“During check-in all guest must complete a declaration form in relation to 14 days mandatory quarantine in Nairobi,” the statement added.
Government Hackers
The UK and US warned on Tuesday that government-backed hackers were trying to hack healthcare and medical research bodies amid the novel coronavirus pandemic.
The joint statement was released by the UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA).
The statement said hacking attempts had been made “actively targeting organisations involved in both national and international COVID-19 responses” in order to “obtain intelligence on national and international healthcare policy or acquire sensitive data” on research related to the virus.
The two agencies said they had seen large-scale “password spraying” campaigns to collect personal information, intellectual property and other intelligence.
Password spraying is a form of cyberattack in which a large number of accounts are hacked using common passwords.
The hackers are attempting to harvest information on the coronavirus outbreak from national and international healthcare institutions, pharmaceutical companies, research organizations and local governments.
“Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe,” said NCSC Director of Operations Paul Chichester.
“By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it,” he added, according to a press release on the NCSC website.
Also quoted in the press release was CISA Assistant Director Bryan Ware who said:
“CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to COVID-19. The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organizations, specifically during this time as healthcare organizations are working at maximum capacity.”
Last week, local media reported that British universities and scientific institutions had been targeted by hackers traced back to Russia, Iran and likely China, as well.
The cyberattacks were allegedly attempting to steal coronavirus research, including on vaccines. There have been no successful attacks to date.
“Any attack against efforts to combat the coronavirus crisis is utterly reprehensible. We have seen an increased proportion of cyber-attacks related to coronavirus and our experts work around the clock to help organisations targeted. However, the overall level of cyber-attacks from both criminals and states against the UK has remained stable during the pandemic.” the NCSC said.
Since first appearing in Wuhan, China last December, the novel coronavirus, officially known as COVID-19, has spread to at least 187 countries and regions, with the US and Europe the hardest-hit areas.
More than 3.6 million cases have been reported worldwide, with the death toll nearing 253,000 and more than 1.17 million recoveries, according to data compiled by Johns Hopkins University in the US.