COVID-19 Business Email Compromise Schemes, Ransomware Escalating

April 07, 2020 - Hospitals and other healthcare providers are increasingly being targeted with ransomware attacks amid the COVID-19 pandemic, according to Interpol. The news comes as the FBI alerts all sectors to an expected increase in business email compromise schemes tied to the crisis.

Interpol has 194 member countries, including the US. A purple notice to those members warns healthcare organizations of a spike in targeted ransomware attacks against these crucial providers currently engaged with fighting the Coronavirus.

According to Interpol’s data, the ransomware is primarily spreading through emails that frequently claim to contain information or advice about the Coronavirus from a government agency. US Federal agencies have also recently reported a surge in fraud schemes related to COVID-19.

In response, the Interpol Cybercrime Threat Response team is monitoring all COVID-19-related threats and working with cybersecurity partners to gather data and provide support to organizations targeted with the encrypting malware.

Interpol is also assisting police investigations into ransomware cases, while providing first-hand technical support to member countries and ransomware insights to help shore up the medical infrastructure.

READ MORE: FBI: COVID-19 Spurs Increase in Zoom, Video-Conferencing Hijacking

“As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” Interpol Secretary General Jürgen Stock, said in a statement.

“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths,” he added.

Interpol is currently collecting a list of suspicious Internet domains related to the pandemic, which it will analyze in order to work with relevant countries to take action against the threat.

Prevention and mitigations efforts among healthcare organizations will be crucial in preventing further attacks. Interpol urges hospitals and other providers to ensure all hardware and software are routinely kept up-to-date, while implementing backups stored separately from main systems for all essential data.

Important data backups should be done frequently and stored segmented from the system, such as in the cloud or on an external drive.

READ MORE: Microsoft Shares Health Sector COVID-19 Ransomware Insights

Interpol also recommends training employees to only open emails or download software and applications from trusted sources and not to click links in emails that they did not expect to receive or that come from an unknown sender. Research shows phishing education makes a solid impact on risk reduction.

Emails systems must also be secured to protect against spam, and providers should have the latest anti-virus software installed on all systems and mobile devices. The software should also be constantly running in the background.

Lastly, Interpol encourages the use of strong, unique passwords for all systems, and organizations should ensure they’re regularly updated.

Microsoft has also worked directly with hospitals impacted by ransomware during the pandemic, releasing insights into the threat actor and best practice mitigation.

The FBI’s Business Email Compromise Alert

In an April 6 advisory, the FBI is warning all sectors that it expects an increase in business email compromise schemes as the pandemic worsens.

READ MORE: Brute-Force Hacking Campaign Targets Microsoft SQL Servers

Barracuda Networks found BEC attacks made up just 7 percent of overall spear-phishing attacks. However, the targeted, sophisticated nature of these attacks makes them three times more successful than traditional phishing efforts.

The attack targets human nature, masquerading or impersonating a known sender, which bolsters the effectiveness of the attack method. The FBI’s alert was spurred by an increase in BEC frauds targeting municipalities that may need personal protective equipment  or other COVID-19-related supplies.

“Fraudsters will take advantage of any opportunity to steal your money, personal information, or both,” warned the FBI. “Right now, they are using the uncertainty surrounding the COVID-19 pandemic to further their efforts.”

The FBI recommends organizations look for key red flags to avoid falling victim, including unexplained urgency, last minute changes in wire instructions or recipient account information, and last-minute changes in established communication platforms or email account addresses.

Organizations should also look for communications only in email and refusals to communicate by phone or online video or voice platforms, as well as requests for advanced payment of services when not previously required, requests from employees to change direct deposit information.

BEC fraud schemes will also attempt to spark last-minute changes in wiring instructions or recipient account information. Users will need to verify any changes and information trough the contact they have on file, not by directly contacting the vendor through the number provided in the email message.

“Ensure the URL in emails is associated with the business it claims to be from. Be alert to hyperlinks that may contain misspellings of the actual domain name,” the FBI warned. “Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.”

Hackers have been relentless throughout the pandemic, targeting healthcare, virtual private networks, and even DNS routers. The Department of Homeland Security recently shared guidance on VPN cybersecurity best practices, while Europol shed light on DNS router security.