26 mars 2020 | Local, C4ISR, Sécurité

All-volunteer cyber civil defence brigade assembles to fight COVID-19 hackers

All-volunteer cyber civil defence brigade assembles to fight COVID-19 hackers

Number of online attacks on health care institutions jumped 475 per cent in one month, says one report

Murray Brewster 

Civil defence used to involve air raid wardens, ambulance drivers and rescue teams.

That was at the height of the Cold War, and the hot wars of the 20th century that preceded it. These days, it means taking the fight online — against hackers and cyber criminals looking to take down or ransom critical infrastructure, such as hospitals.

The COVID-19 crisis has prompted Canadian IT professionals to form an all-volunteer cyber defence team to protect Canada's hospitals, health-care providers, municipalities and critical infrastructure from online attacks during the COVID-19 crisis.

The SecDev Group, which has pioneered advanced analytics and cyber safety, has been spearheading the recruitment effort and has asked information technology professionals to step up and provide preventative measures and remedial services.

'Preying on fear'

"Hackers are targeting hospitals and health care providers, preying on their distraction, fear and anxiety and their hope for a cure," said Rafal Rohozinski, principal and CEO of the SecDev Group

"Posing as public health officials from the World Health Organization, [the] Centers for Disease Control and UNICEF, cyber criminals are flooding hospitals, medical laboratories, vaccine testing facilities, municipalities and critical service providers with phishing emails, forcing some to shut down."

Twelve companies and associations have signed on to the initiative. Together, they plan to set up a secure online exchange to match high-tech professionals — who will volunteer their services free of charge — with agencies and institutions that need help to shore up their cyber protection, or to deal with an intrusion.

"It's both a patriotic and public service reflex," said Rohozinski. "If the internet goes down, and in particular if critical institutions that we count on — like hospitals, like cities, like utilities — start to be ransomed or start to go down because of cyber malfeasance, we're all in a lot of trouble."

The exchange website is still in the process of being built, but Rohozinski said it will launch within days.

Online attacks exploded since pandemic began

Across the globe, the number of coronavirus-related attacks on health-care institutions has increased by 475 per cent in just the past month, according to a SecDev Group assessment.

At the moment, no Canadian hospitals or institutions have reported being attacked.

Rohozinski said there have been signs of trolling by both cyber criminals and so-called "state actors" — including some of the Russian groups identified by U.S. intelligence as being behind the tampering in the 2016 presidential election.

The Communications Security Establishment (CSE), Canada's electronic intelligence service, has said it has taken down some fake websites that were posing as government departments and institutions and trying to scam people.  

The U.S. Health and Human Services Department was recently targeted and the FBI has warned that hospitals in the states with the highest rates of infection — California, New York and Washington — should be on the alert for attacks from foreign actors.

Hammersmith Medicines Research, a British company that is on standby to perform medical trials on any potential COVID-19 vaccine, was hit with an online attack last week, according to published reports.

Over the last few days, according to a Bloomberg news report, hackers targeted hospitals in Paris with a major cyberattack. A hospital in the Czech Republic was also hit last week in what is thought to have been a ransomware attack, which forced administrators to take the network offline.

Forbes Magazine reported late last week that the cybercrime groups behind the DoppelPaymer and Maze ransomware threats had promised not to target health care organizations during the COVID-19 crisis — but at least one of the groups was reportedly linked to a recent attack.

Remote work networks are vulnerable

An executive at one of the companies now volunteering for the cyber civil defence initiative said one area where institutions likely need help is in protecting the virtual private networks (VPNs) of employees who've been forced to work from home because of the crisis.

Robert Mazzolin, the chief cyber security strategist at the RHEA Group, said the VPN systems used by most hospitals, power plants and other utilities were never designed to support so many secure connections outside the workplace.

"The world is fundamentally different than it was a week ago and I don't think any large corporation or institution realistically would have been prepared to see virtually its entire workforce be working from home via remote connections," said Mazzolin, a former brigadier-general who was responsible for cyber operations in the Canadian military.

"That places a large stress on an institution's communications workforce. The threats out there, including ransomware — it's important to be able to defend VPNs that are stretched well beyond their normal capacity and limits."

He said his company and staff, who regularly work for the European Space Agency, will be able to provide insight and capability that will complement existing networks.

The mandate of CSE is to protect the federal government's electronic network and — through its cyber security centre — to provide advice and guidance to people and businesses looking for cyber security information.

Rohozinski said there's a difference between providing advice and actively helping in the defence and the initiative has CSE's support.

https://www.cbc.ca/news/politics/covid19-cyber-companies-1.5508570