5 big questions about cyber attacks during COVID-19

Kemptville Hospital. The public transport network in Gatineau. The municipal government of Clarence-Rockland.

These are just a few of the organizations in the Ottawa area victimized in recent weeks by cybercriminals, emboldened as the COVID-19 pandemic forces people to work from home and more business crashes. do online.

The healthcare sector in particular has proven to be a juicy target: This month, the Rideau Valley Health Center also experienced a “cybersecurity incident” that destroyed its computer network.

And it’s not just happening locally, with criminals leading a devastating attack on Newfoundland and Labrador’s healthcare system, stealing personal information related to both employees and patients.

So how bad is the situation? Why is the pandemic making matters worse? And what can organizations do to protect themselves? We asked a pair of cybersecurity experts these kinds of questions, and here’s what they had to say.

What types of attacks do organizations face?

According to Det. Sgt. Vern Crowley with the Ontario Provincial Police Cybercrime Investigation Team.

Phishing attacks usually involve someone, somewhere, trying to trick people into providing personal information such as passwords or banking information.

Just this week, an Ottawa man was one of three people arrested in connection with an alleged phishing scam that violated the province’s COVID-19 vaccination system.

Ransomware, on the other hand, is malware that, once installed, encrypts data, forcing users to pay a ransom, typically several hundred thousand dollars, in exchange for the tools to regain access.

The Kemptville District Hospital temporarily closed its emergency department in October after being the victim of a cyberattack. (Francis Ferland / CBC)

Did they really become more common during the pandemic?

The broad consensus seems to be that yes, the COVID-19 pandemic is contributing to an increase in cybercrime.

The Canadian Center for Cyber ​​Security (CCCS) said crimes were being reported more frequently, especially lucrative ransomware attacks against frontline healthcare and medical research facilities across the country.

Federal government employees working from home on virtual private networks (VPNs) were also warned early in the pandemic to be on alert for phishing attacks.

Crowley said his team “absolutely” saw attacks increase during COVID-19, as many organizations pay ransoms to recover their data and cybercriminals realize they can make money fast.

“A lot of criminals are just heading to the online world,” he said. “It has happened in all areas. All areas that we see are affected.”

Why is healthcare such an attractive target?

According to Raheel Qureshi of iSecurity Consulting, whose company works with dozens of Canadian hospitals and other healthcare organizations, there are two main reasons.

The highly integrated nature of the industry, with hospitals and clinics sharing patient records and test results, means criminals can exploit weaknesses and encrypt data without anyone noticing, Qureshi said.

“The more complex your ecosystem, the harder it is for you to detect, manage and track, right? Not that it can’t be done, [but] there is a lot of investment needed, ”he said.

“They are not in the area of ​​cybersecurity. They are in the area of ​​patient care.”

Plus, when healthcare computer networks go offline, it can put people’s lives at risk – and ransomware attackers know the urgency gives them an edge.

“The healthcare industry pays when it counts,” Qureshi said. “It has been a very lucrative business for these threat actors. “

A graph from a late 2020 report from the Canadian Center for Cyber ​​Security shows that ransomware payments have steadily increased. Qureshi says the organizations he helps typically face demands ranging from $ 500,000 to $ 1 million, although negotiations may reduce the final ransom to a few hundred thousand dollars. (Canadian Center for Cyber ​​Security)

So how can organizations stay safe?

The best thing that many organizations can do, according to Qureshi, is to have a company like his perform a mock ransomware attack – a two to three week exercise that will identify their IT weaknesses and work on them. propose solutions to correct them.

Individuals should also be tested, possibly with a fake phishing attack, so that they know how to spot danger signs and react properly, he adds.

Crawley says it’s a good idea for organizations to make sure all important data is backed up offline. Those who use VPNs must implement multi-factor authentication to access them – a password combined with, for example, a one-time code sent via SMS.

He says it’s also important to stay on top of the latest cybercrime trends and hacks, whether that’s monitoring CCCS alerts and advisories or searching for malicious websites through the Authority. Canadian for nonprofit Internet registrations.

Ultimately, groups should always have a manual for both preventing attacks and responding to breaches, Crawley said – which involves notifying police. Different police forces can then cooperate in investigations to find the perpetrators across the country and around the world.

Raheel Qureshi, partner and co-founder of iSecurity, says the highly integrated nature of the healthcare industry makes it a particularly juicy target for cybercriminals. (Submitted by Raheel Qureshi)

If they are affected by ransomware, do they have to pay?

It’s a complicated question, and there is no easy answer.

Many writers are “very professional in an unethical way,” Qureshi said. Organizations that submit to ransom demands are usually given full instructions for decrypting their files, round-the-clock service, and sometimes even text files explaining how to strengthen their defenses online.

Qureshi’s theory is that “smart” hackers in developing countries may turn to cybercrime only because they lack legitimate opportunities in places like North America or Europe, and cannot stand any ill will towards their targets.

“Deep down they feel bad that it’s a hospital. But they don’t feel bad because at the end of the day they see it as a professional transaction,” he said. “It’s a different world.”

Yet the police would never agree to pay a ransom, Crawley says – after all, you can’t trust criminals to do what they say they will, and that just encourages them to keep breaking the law. . But he also understands why someone might decide it’s better to just shell out some cash to make the problem go away.

“If you’re in that level of danger and you have to do it, it’s a business decision,” Crawley said.

“Everything we say [from the] On the law enforcement side, please make sure to keep any digital evidence in relation to financial transactions or communications, so that we can obtain these types. “

Source link