As the novel coronavirus known as COVID-19 continues to inflict major, widespread disruptions in essentially all areas of human society, many people and businesses are turning a blind eye to another danger: cyberattacks.
Based on conversations that I have had with multiple people responsible for managing providers of cybersecurity services to businesses, as well as with folks in charge of overseeing operations at end-user businesses themselves, it appears that there have been an increasing number of attacks in recent weeks, including some targeting specifically health care operations involved in combating COVID-19.
The United States Department of Health and Human Services, for example, was recently hit with multiple attacks, including a powerful DDoS (Distributed Denial of Service) attack launched on Sunday night; some evildoer seems intent on crippling HHS’s operations at a time when the organization is most needed. There have also been cases of ransomware targeting hospitals, and various other attacks directed at those on the front lines in the battle against Covid-19. Whether these attacks are the work of nation states, terrorist groups, or just evil people is yet to be determined.
Criminals have also been exploiting people’s concerns about COVID-19 to both perpetrate bogus donation-type scams as well as to launch phishing and other social-engineering-based cyberattacks. Criminals have even circulated copies of legitimate documents about COVID-19 into which they have inserted poisoned macros, and attached malware to emails that claim to have “attachments with valuable information about the coronavirus.”
While large organizations typically have formal business continuity plans, and are certainly addressing in real time any attacks directed their way, many individuals and small businesses lack formal plans to deal with the likes of a pandemic; such folks and organizations are today operating in ad hoc fashions in order to keep operations running, and are prone to overlooking various attacks. As such, they may be in for seriously ugly surprises about the state of their data and systems when the current pandemic ultimately winds down. It would be a terrible pity if firms manage to survive the economic fallout of the current situation only to fail as a result of coronavirus-related cyberattacks.
So, as you address COVID-19, please be sure not to forget about cybersecurity.