5 big questions about cyberattacks during COVID-19

The hospital in Kemptville. The transit network in Gatineau. The municipal government in Clarence-Rockland.

These are just some of the organizations in the Ottawa area that have fallen victim to cybercriminals in recent weeks, emboldened as the COVID-19 pandemic forces people to work from home and more and more business is done online.

The health sector, in particular, has proven to be a juicy target: Just this month, the Rideau Valley Health Center also suffered a “cybersecurity incident” that shut down its IT network.

And it’s not just happening locally, with criminals launching a devastating attack on Newfoundland and Labrador’s healthcare network, stealing personal information related to both employees and patients.

How bad is the situation then? Why is the pandemic worsening things? And what can organizations do to protect themselves? We put those kinds of questions to a few cybersecurity experts, and here’s what they had to say.

What attacks are organizations facing?

Two of the most common attacks are phishing and stealth installation of ransomware, according to Det. Sergeant Vern Crowley with the Ontario Provincial Police Cybercrime Investigation Team.

In phishing attacks, someone, somewhere, tries to trick people into giving out personal information such as passwords or bank details.

Just this week, an Ottawa man was one of three people arrested in connection with an alleged phishing scam that violated the county’s COVID-19 immunization system.

Ransomware, on the other hand, is malicious software that – once installed – encrypts data, forcing users to pay a ransom, usually in the hundreds of thousands of dollars, in exchange for the tools to regain access.

Kemptville District Hospital temporarily closed its emergency department in October after it fell victim to a cyberattack. (Francis Ferland/CBC)

Have they really become more common during the pandemic?

The broad consensus seems to be that the COVID-19 pandemic is indeed contributing to an increase in cybercrime.

Crimes are reported more frequently, especially lucrative ransomware attacks on the country’s primary health care and medical research facilities, according to the Canadian Center for Cyber ​​Security (CCCS).

Federal government employees working at home on virtual private networks (VPNs) were also warned to be on the lookout for phishing attacks in the early days of the pandemic.

Crowley said his team has “absolutely” seen attacks increase during COVID-19 as many organizations pay ransoms to get their data back and cybercriminals realize they can make quick money.

“A lot of criminals just move into the online world,” he said. “It’s happening across the board. Every sector we see is being affected.”

Why is healthcare such an attractive target?

According to Raheel Qureshi of iSecurity Consulting, whose company partners with dozens of Canadian hospitals and other healthcare organizations, there are two main reasons.

The highly integrated nature of the industry, with hospitals and clinics sharing patient records and research results, means criminals can exploit vulnerabilities and encrypt data without anyone noticing, Qureshi said.

“The more complex your ecosystem is, the harder it is for you to detect, manage and track, right? Not that it can’t, [but] a lot of investment is needed,” he said.

“They don’t deal with cybersecurity. They provide patient care.”

What’s more, when healthcare IT networks go offline, it can put people’s lives at risk – and ransomware attackers know that urgency gives them leverage.

“The healthcare sector pays when it is needed,” Qureshi said. “It has been a very lucrative venture for these threat actors.”

A chart from a late 2020 report from the Canadian Center for Cyber ​​Security shows that ransomware payments have been steadily rising. Qureshi says the organizations he helps generally face demands of $500,000 to $1 million, although negotiations could reduce the final ransom to a few hundred thousand dollars. (Canadian Cybersecurity Center)

So how can organizations stay safe?

The best thing many organizations can do, Qureshi says, is have a company like his run a simulated ransomware attack: a two- to three-week exercise to identify their IT weaknesses and provide solutions to address them. to help.

Individuals should also be tested, perhaps with a fake phishing attack, so they can spot signs of danger and respond appropriately, he adds.

Crawley says it’s a good idea for organizations to ensure that all important data is backed up offline. Those who use VPNs must implement multi-factor authentication to gain access – a password combined with, say, a one-time code sent via SMS.

He says it’s also important to stay on top of the latest cybercrime hacks and trends, whether that’s by checking CCCS’s warnings and advisories or checking for malicious websites through the Canadian Internet Registry Authority without profit motive.

Ultimately, groups should always have a playbook for both preventing attacks and responding if there’s been a breach, Crawley said — one in which police are notified. Different police forces can then work together on investigations to track down the perpetrators across the country and around the world.

Raheel Qureshi, a partner and co-founder of iSecurity, says the highly integrated nature of the healthcare sector makes it a particularly juicy target for cybercriminals. (Submitted by Raheel Qureshi)

Do they have to pay if they are hit by ransomware?

It’s a complicated question, and there’s no easy answer.

Many offenders are “highly professional in an unethical way,” Qureshi said. Organizations that submit to ransom demands generally receive full instructions on how to decrypt their files, 24-hour service, and sometimes even text files explaining how to bolster their online defenses.

Qureshi’s theory is that “brilliant” hackers in developing countries can only turn to cybercrime because they don’t have the legitimate opportunities in places like North America or Europe, and have no ill will toward their targets.

“Deep down they feel bad that it’s a hospital. But they don’t feel bad because in the end they see it as a professional transaction,” he said. “It’s a different world.”

Still, the police would never condone paying ransom, Crawley says — after all, you can’t trust criminals to do what they say they’ll do, and it just encourages them to keep breaking the law. But he also understands why someone might decide it’s best to just cough up the money to make the problem go away.

“If you’re in that risk and have to do it, that’s a business decision,” Crawley said.

“Everything We Say” [from the] If it’s law enforcement, make sure you keep any digital evidence related to the financial transactions or communications so we can catch these guys.”

Leave a Comment