Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis
The COVID-19 Cyber Threat Intelligence League and other groups cooperate with the industry, law enforcement, and the government to prevent attacks on healthcare providers.
Last month, some of the usual cast of online scammers and malware miscreants promised to refrain from attacking healthcare organizations or exploiting them during the COVID-19 crisis, showing a sense of honor unexpected from ransomware attackers and cryptocurrency thieves.
However, this ceasefire turned out to be a head-fake. Within a week of those vows, malware purveyors and con artists rushed to send out phishing emails while masquerading as healthcare organizations and even launched attacks against hospitals and other critical facilities. Last week, Google alone was blocking 18 million COVID-19 phishing or malware-delivery emails per day.
One group of esteemed hackers and cybersecurity experts couldn’t stand idly by and watch cybercriminals take advantage of this unprecedented crisis or, even worse, damage overtaxed and much-needed healthcare facilities. So, Marc Rogers, head of sec ops for DEF CON and VP of cybersecurity strategy for Okta; Nate Warfield, senior security program manager at Microsoft; Chris Mills, also a key security player at Microsoft; and Ohad Zaidenberg, lead cyber intelligence researcher at Clearsky Cyber Security, formed the COVID-19 Cyber Threat Intelligence League (CTI League).
Early success at disrupting threat actors
This invitation-only group, which one industry publication called a cyber version of the Justice League, began work about a month ago seeking to mitigate threats and protect the digital well-being of the global healthcare system during the pandemic. Since March 14, the League’s ranks of volunteers has skyrocketed with more than 1,400 vetted members in 76 countries spanning 45 different sectors, including cybersecurity, healthcare, technology, telecommunications, computer emergency response teams (CERTs), government, and law enforcement.
The organization’s members have helped to lawfully take down 2,833 cybercriminal assets on the internet, including 17 designed to impersonate government organizations, the United Nations, and the World Health Organization. Moreover, the League has identified more than 2,000 vulnerabilities in healthcare institutions in more than 80 countries, notifying those organizations directly or through escalation to appropriate government or industry bodies, according to its just-released inaugural report.
“I knew I had to do something to help” Zaidenberg tells CSO. ”There is a really strong appetite for doing good in the community,” Rogers said during a webinar hosted by the Aspen Institute. “If we can’t go out and have a beer, the next best thing is opening our laptop.”
Hospitals are a particular worry for the group. “After WannaCry and NotPetya, we realized hospitals were vulnerable to malware,” Rogers said during the webinar. “Our idea was to find these vulnerabilities …using tools like Shodan.”
Coordination with healthcare, law enforcement
League members work through healthcare organizations’ CISOs and suppliers and other key players as channels to the institutions to inform the hospitals of what they’ve discovered. Some of the vulnerabilities, however, are serious enough to get kicked up to the FBI or the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency
“We have seen, and are likely going to continue to see, an increase in bad guys taking advantage of the COVID-19 pandemic to target businesses, governments and individuals alike,” Christopher C. Krebs, director of CISA tells CSO. “CISA is working around the clock with our public and private sector partners to combat this threat. This includes longstanding partnerships, as well as new ones that have formed as a direct result of COVID-19, including the COVID-19 Cyber Threat Intelligence League.”
The CTI League also works with other organizations to help reach out to healthcare organizations, including the Health-ISAC (Health Information Sharing and Analysis Center.) “We were involved with them very early on,” Errol Weiss, CSO for the Health-ISAC tells CSO. “We look to them for two pieces of information sharing. One is that they’re doing a great job of collecting threat actor information and indicators of compromise. We’re grabbing that information and sharing it with all our members,” Weiss says.
“Then number two is where we’ve got these small organizations who are probably running vulnerable VPNs and don’t know it or they’ve got RDP [remoted desktop protocol] open and don’t know it. So, folks on the CTI League are doing the scanning and the sharing of that information and grabbing that. We’re also notifying healthcare organizations who are not necessarily Health-ISAC members and try to convince them to take a look at that and take it seriously.”
One of the goals of the CTI League is to help law enforcement, particularly if they find malware or situations that they believe are driven by nation-states. “If we can just help our law enforcement partners by cleaning the field, removing the low-hanging fruit…then that empowers the agency to focus on the bigger threats…the really bad guys,” Rogers said during the webinar.
Nastel has created a feed with some new information on COVID-19! Click here.
This article originally appeared on csoonline.com To read the full article and see the images, click here.
Nastel Technologies uses machine learning to detect anomalies, behavior and sentiment, accelerate decisions, satisfy customers, innovate continuously. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s AutoPilot® for Analytics fuses:
- Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
- Raw information handling and analytics speed
- End-to-end business transaction tracking that spans technologies, tiers, and organizations
- Intuitive, easy-to-use data visualizations and dashboards