As leading cybercrime gangs promise not to attack healthcare organizations during the COVID-19 pandemic, can we take them at their word?

The coronavirus pandemic continues to bring out the best in so many people as individuals, communities and businesses combine in the fight against COVID-19. It has also exposed the worse sides of some, from those clearing the supermarket shelves and preventing vulnerable people from getting the supplies they need, to profiteering companies. Then there are the cyber-criminals exploiting fear and the need for information to spread malware and defraud victims. But could the criminals be having a change of heart? The cybercrime groups behind two of the most prolific ransomware threats have issued statements that they will not attack healthcare and medical targets during the coronavirus crisis. The problem with this is twofold: can you take a criminal gang at their word, and can they prevent healthcare organizations from getting caught in the attack crossfire even if they wanted to?

The COVID-19 ransomware threat

Ransomware continues to be one of the most severe threats facing organizations of all kinds, especially as attack methods continue to evolve. Like any criminal enterprise, the gangs behind the operation of ransomware will exploit current concerns to infect victims. The coronavirus pandemic is, sadly, not exempt from this. We’ve already seen COVID-19 infection distribution maps laced with malware, and the U.S. Attorney, Scott Brady, has warned people to be wary of an “unprecedented” wave of coronavirus scams.

Ransomware cybercrime gangs promise to give healthcare a free pass

Lawrence Abrams, the creator of BleepingComputer, reached out to the cybercrime groups behind the operation of some of the most prolific and dangerous ransomware threats. Abrams asked a simple question: will you continue to target health and medical organizations during the COVID-19 pandemic? At the time of writing, two had replied and their answers might surprise many readers. The first to respond were the operators of the DoppelPaymer ransomware threat, who told Abrams that they “always try to avoid hospitals, nursing homes.” When attacking local government targets, they “do not touch 911,” although sometimes emergency communications are hit due to network misconfigurations.

Interestingly, the DoppelPaymer cybercrime group has said that if a medical or healthcare organization does get hit by mistake, then it will provide a free decrypter code. “If we do it by mistake, we’ll decrypt for free,” the threat actors said, although pharmaceutical companies are not included in this ransomware amnesty. “They earn a lot of extra on panic,” the criminals said, adding that they have “no wish to support them.”

DoppelPaymer is an example of what Microsoft refers to as human-operated ransomware, causing havoc with ransom demands that use exfiltrated data as leverage. This is where the promises not to target health organizations fall a little flat; the risk to third parties remains. Ask Lockheed Martin, SpaceX and Tesla who were victims of the kind of collateral damage that DoppelPaymer can cause. Although not infected by the ransomware themselves, sensitive documents belonging to them and exfiltrated from a parts supplier, which did fall victim, were published by the cyber-criminals.

Maze ransomware criminals confirm they will stop attacking medical organizations

The operators of the Maze ransomware threat also said they would stop attacking medical organizations until “the stabilization of the situation with the virus.” The Maze actors did not confirm whether a decrypter would be available if healthcare organizations are infected unintentionally. However, security vendor Emsisoft, in partnership with incident response outfit Coveware, emailed me to confirm that it will be offering a completely free of charge ransomware recovery service to critical care hospitals and other healthcare providers. This includes the development of a decryption tool where possible.

At the time of writing, there has been no such promise from the criminals behind the Ryuk threat. Ryuk was the ransomware that recently took down North Carolina city and county government systems, and led to the City of New Orleans declaring a state of emergency as 2019 came to an end.

Self-preservation and not altruism

“If this announcement from ransomware operators, also known as cybercriminals, is accurate, it is motivated by self-preservation and not altruism,” Ian Thornton-Trump, CISO at Cyjax, says. He bases this on the fact that the law-enforcement response to any such attack during a time of crisis like this would be “overwhelming.” And that’s before even considering the military and intelligence agency resources that could be thrown at criminals attacking critical healthcare targets during a pandemic. “The last thing cybercriminals want is an APT actor’s offensive capabilities deployed against them,” Thornton-Trump told me, “a particularly spectacular and effective ransomware attack may even elicit military action up to and including a special forces mission to take out the actors responsible for the cyber-attack.”

The criminals promise could be hard to implement in the real world where external facing IP addresses will not necessarily identify a target as being a healthcare organization, or part of the critical supply chain that supports one. “The delivery of health care from drugs, lab work to medical equipment such as N-95 masks or Brew Dog’s re-tooling to produce a product like a hand sanitizer,” Thornton-Trump explains, “involves a multitude of critical supply chain relationships: I fear that the criminals lack the knowledge of how multi-faceted health care delivery is and what organizations deliver the health care services.”

Thornton-Trump has some stark advice for those cyber-criminals: “shut down operations completely for the duration of the coronavirus pandemic, lest you draw the ire of an angry nation with significant cyber capabilities of their own.”

Jake Moore, a cybersecurity specialist at ESET, warns that considering these promises, “we mustn’t get complacent as there are thousands of threat actors, each with a different level of conscience and ethics.” Even if these groups that responded, he argues, can be trusted, “that doesn’t mean the health sector should take their eye off the ball for any moment. Don’t forget that WannaCry crippled the NHS without any thought of the impact on the country and cost to the industry.” And WannaCry wasn’t even targeting healthcare; the NHS was just collateral damage.

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

News Source: https://www.forbes.com/sites/daveywinder/2020/03/19/coronavirus-pandemic-self-preservation-not-altruism-behind-no-more-healthcare-cyber-attacks-during-covid-19-crisis-promise/#7346090f252b

Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years. Cyber-criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance.

Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.

1. Click here for a cure

Researchers at the cyber-security firm Proofpoint first noticed a strange email being sent to customers in February. The message purported to be from a mysterious doctor claiming to have details about a vaccine being covered up by the Chinese and UK governments.

The firm says people who click on the attached document are taken to a spoof webpage designed to harvest login details. It says up to 200,000 of the emails are being sent at a time.

“We have seen 35-plus consecutive days of malicious coronavirus email campaigns, with many using fear to convince victims to click,” says Sherrod DeGrippo from the company’s threat research and detection team.

Proofpoint says three to four variations are launched each day.

“It’s obvious these campaigns are returning dividends for cyber-criminals,” says Ms DeGrippo.

The best way to see where a link will take you is to hover your mouse cursor over it to reveal the true web address. If it looks dodgy, don’t click.

2. Covid-19 tax refund

Researchers at cyber-security firm Mimecast flagged this scam a few weeks ago. On the morning they detected it, they saw more than 200 examples in just a few hours.

If a member of the public clicked on “access your funds now”, it would take them to a fake government webpage, encouraging them to input all their financial and tax information.

“Do not respond to any electronic communication in relation to monies via email,” says Carl Wearn, head of e-crime at Mimecast. “And certainly do not click on any links in any related message. This is not how HMRC would advise you of a potential tax refund.”

3. Little measure that saves

Hackers pretending to represent the World Health Organization (WHO) claim that an attached document details how recipients can prevent the disease’s spread.

“This little measure can save you,” they claim.

But Proofpoint says the attachment doesn’t contain any useful advice, and instead infects computers with malicious software called AgentTesla Keylogger.

This records every keystroke and sends it to the attackers, a tactic that allows them to monitor their victims’ every move online.

To avoid this scam, be wary of emails claiming to be from WHO, as they are probably fake. Instead visit its official website or social media channels for the latest advice.

4. The virus is now airborne

The subject line reads: Covid-19 – now airborne, increased community transmission.

It is designed to look like it’s from the Centres for Disease Control and Prevention (CDC). It uses one of the organisation’s legitimate email addresses, but has in fact been sent via a spoofing tool.

Cofense, the cyber-defence provider, first detected the scam and describes it as an example of hackers “weaponising fear and panic”.

It says the link directs victims to a fake Microsoft login page, where people are encouraged to enter their email and password. Then victims are redirected to the real CDC advice page, making it seem even more authentic. Of course, the hackers now have control of the email account.

Cofense says the combination of a “rather good forgery” and a “high stress situation” make for a potent trap.

One way to protect yourself is to enable two-factor authentication, so that you have to enter a code texted or otherwise provided to you, to access your email account.

5. Donate here to help the fight

This example was reported to malware experts Kaspersky. The fake CDC email asks for donations to develop a vaccine, and requests payments be made in the cryptocurrency Bitcoin.

The premise is of course ridiculous, but the email address and signature look convincing.

Overall, Kaspersky says it has detected more 513 different files with coronavirus in their title, which contain malware.

“We expect the numbers to grow, of course, as the real virus continues to spread,” says David Emm, principal security researcher at the firm.

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

News Source: https://www.bbc.co.uk/news/technology-51838468

There were nearly half a million ransomware infections reported globally last year, costing organizations at least $6.3bn in ransom demands alone, according to estimates from Emsisoft.

The security vendor analyzed submissions to the ID Ransomware identification service during 2019 and found a total of 452,121 records.

However, around half of these were related to a type of ransomware called STOP which is mainly targeted at home users, so its financial calculations are based on more like 226,000 victims.

What’s more, the firm estimated that only around 25% of organizations affected by ransomware use the ID Ransomware service, so it provided both a minimum cost based on 50% of submissions and a larger figure based on four-times that number.

With the average ransom demand around $84,000 and roughly a third of firms paying up, Emisoft estimated minimum global costs at $6.3bn and a higher figure at $25bn.

Working out downtime costs was harder, the firm admitted.

“Gartner previously put the average at more than $5600 per minute – so we have used the extremely conservative figure of $10,000 per day,” it explained. “This figure has no basis in reality and we have included it simply to illustrate the enormity of the costs. The actual costs are almost certainly much higher.”

When combined with ransom payments, downtime of 16 days would mean that globally, firms spent at least $42.4bn on ransomware last year. The higher figure, taking into account those that didn’t report incidents to ID Ransomware, is estimated at a staggering $170bn.

That’s in stark contrast to the FBI report released this week, which claimed that losses reached just $9m last year. However, the caveats are that just 2047 cases were reported to the Feds in 2019, and the FBI admitted that its calculations did not include “lost business, time, wages, files, or equipment, or any third party remediation services acquired by a victim.”

Stay up-to-date with the latest information security trends and topics by registering for Infosecurity Magazine’s next Online Summit. Find out more here.

Emisoft claimed that an accurate estimation of the scale of financial damage caused by ransomware was not the point of the exercise.

“The intention of this report is not to accurately estimate the costs, which is impossible due to a dearth of data, but rather to shine a light on the massive economic impact of these incidents in the hope that doing so will help governments and law enforcement agencies formulate a proportionate response to the ransomware crisis,” it concluded.

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

News Source: https://www.infosecurity-magazine.com/news/ransomware-costs-may-have-hit-170/

Another distinctive term for your list; this time however, it’s an essential one that you’ll need to keep in mind.

In the realm of telecommunications, ISDN, VoIP & PBX… it’s time for SIP to take the central stage, with its ability to save you a lot of time, but most significantly, money.

What’s SIP Trunking?

Session Initiation Protocol, more commonly known as SIP. An application layer protocol used to create and terminate data & voice transfers, it’s also a type of Voice over Internet Protocol (VoIP), which describes the calls delivered over an internet connection.

VoIP is built exclusively on SIP, using a Private Branch Exchange (PBX) to send and receive calls. Relieving the soon to be prehistoric Integrated Services Digital Network (ISDN), a system that communicated data and voice digitally over many copper wires.

From a business point of view, is SIP worth it?

Worst case scenario, your business is currently using ISDN & a PBX to facilitate your calls, in which you’re possibly thinking, what’s wrong with ISDN…?

When it originally launched in 1986, (yes, it’s that old), it was a brilliant opportunity for businesses to develop. The power to distribute voice and data over one line, it was a technology dream, nowadays there is a variety of good quality, enhanced options available that are even better.

If you’re considering a switch, not only is it cheaper to sustain; it’s also less high-priced on a day-to-day basis… you could save up to 50% on each line rental and up to 25% or more on call costs alone. With a lot of SIP suppliers proposing free internal calls, which is very handy for medium-sized businesses.

We highly recommend SIP to any business, take the leap

With its unending opportunities and ease of growth, SIP offers you reliability within your business. No more concerns about possible interruption or outgrowing your current premises, SIP Trunking supports growth in a natural manner.

SIP Trunking isn’t the only substitute option out there, in which you’re perhaps thinking – If you don’t have a PBX, Cloud Hosting Telephony is an exceptional option, which could very well be the future of communications throughout your business.

With ISDN terminating in 2025, as declared by BT themselves, the benefits of SIP can change the way you move forward as a business. It won’t hold you back.

We’re Cloudscape.

We believe you should have the best backup solutions for your business.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that your data isn’t being backed up correctly, please get in touch.

Are you still using ISDN in your business?

In likeness to PSTN, (Analogue Lines), that are typically used at home for your phone & broadband line, ISDN, (Integrated Services Digital Network), blends several pairs of copper cables, allowing businesses to function with quite a few telephone calls at once. Following the pattern with all legacy forms of communication, ISDN is expensive and constraining; often seeing businesses spend more than a few hundred pounds per quarter for telephone lines & calls alone.

ISDN is the still the boss of voice communications for most businesses, but the end-of-life is already in sight for this 30-plus-year-old equipment. BT have broadcasted their plans to ‘switch off’ all these services by 2025, and therefore push the completion of VoIP (Voice-over-IP) telephony by trades up and down the country.

It’s time to change over, ISDN is old hat.

There has undoubtedly not been a greater time to assess your communications by choosing to cut your usage of ISDN whenever your contract passes. You can benefit from the immediate cost savings, while increasing your elasticity by moving to VoIP technology.

Using VoIP shouldn’t be a distressing & pricey experience – there are various services and options available, with such a cutthroat marketplace ensuring costs are kept to a minimum. Switching from older forms of telephony doesn’t mean you have to abandon your numbers; you can swiftly port these crossways onto VoIP, enabling you to carry on making & receiving calls as you always have done.

What happens to my internet connectivity?

Shifting from ISDN to VoIP means that your calls will no longer be running petrified over those sets of copper cables, but in its place across your broadband connection. Logically, this means you’ll require a moderately quick & stable internet connection to handle your volume of voice traffic, in addition to the data usage for browsing websites, sending/receiving emails and using multiple cloud tools.

In some areas this isn’t an instant possibility – if your business suffers from sluggish ADSL speeds and has yet to progress to a fibre connection of some form, you may be concerned about the prospect of doing away with the solidity of ISDN.

Nevertheless! In many cases we’ve seen the savings made from switching from ISDN to VOIP aid in the justification and financing of a dedicated fibre, (known as a Leased Line), connection. By reforming to a Leased Line, you’ll benefit from a superfast fibre connection directly from your properties to the BT Exchange and attain a much faster connection, both steady and supported by the network operator on a contractual service level agreement.

As Leased Lines are run on a dispersed basis to each premises, you are not constrained to the limitations of the current Openreach fibre rollout plans – which sees fibre run only from the Exchange to the local cabinets, (with copper still being used between your building & the cabinet as before). Leased Lines, along with a number of other connectivity options, are open to businesses wherever you may be positioned.

With the extra speed & data capacity brought with the installation of a Leased Line, any pain of switching to VoIP is eradicated. Your Leased Line would be more than suitable to carry your voice traffic over VoIP, meanwhile providing your team with a much faster & reliable connection to the internet than ever before.

We’re Cloudscape.

There are quite a few different aspects to such a project… but, we’re here to help.

We’ll get to know your business and determine the most appropriate solution to meet your technical requirements while being commercially sensible in cost and productive with time.

If you feel that you’re stuck in the dark ages with ISDN, please get in touch.