Google warns of govt-backed cyber groups targeting health care organizations

Google reported Wednesday that it had tracked at least a dozen foreign government-backed groups attempting to use information around the COVID-19 pandemic to target cyberattacks at the health care sector and the public.

Shane Huntley, a member of Google’s Threat Analysis Group, wrote in a blog post that his team had seen these threat groups “using COVID-19 themes as lure for phishing and malware attempts—trying to get their targets to click malicious links and download files.”

Major targets of these attempted attacks are international and national health care organizations and their staffers, with the threat groups in some cases sending emails with fake links to the login page of the World Health Organization (WHO). Google traced some of this activity to a cyber crime group known as Packrat, which is based out of South America.

Huntley wrote that while Google was adding additional security protections to higher-risk accounts as a result of its findings, it was clear that “health organizations, public health agencies, and the individuals who work there are becoming new targets as a result of COVID-19.”

But health care groups are not the only targets as hacker groups attempt to benefit from the COVID-19 crisis.

“Our security systems have detected examples ranging from fake solicitations for charities and NGOs, to messages that try to mimic employer communications to employees working from home, to websites posing as official government pages and public health agencies,” Huntley warned.

One cyber campaign watched by Google involved targeting U.S. government employees with coronavirus-themed emails from popular fast-food franchises, including offering coupons or even free meals. No Google accounts were successfully compromised as a result of this effort.

Huntley noted that Google had seen a slight decrease in attempted email phishing attacks between January and March but attributed it not to government-backed cybercrime groups losing interest but rather to changing tactics and to dealing with delays caused by many countries effectively shutting down.

The company’s findings were made public a week after Google announced that it was seeing around 18 million coronavirus-related malware and phishing emails sent daily through its services in addition to around 240 million coronavirus-related spam emails sent every day.

Cyber threats to health care groups and to the public have spiked as the COVID-19 pandemic has spread around the world. Groups including the WHO and the Department of Health and Human Services have been targeted, and hospitals in particular have been seen as an easy target for hackers to make money.

International police organization Interpol warned earlier this month that hospitals were likely to be targeted by ransomware attacks, in which hackers lock up systems and demand payment, putting lives at risk.

Interpol Secretary General Jürgen Stock said during a webinar on Wednesday that the organization’s 194 member countries were reporting a “significant surge” in cyberattacks.

“Several member countries are reporting an increase of 100 percent in cyber incidents,” Stock said. “This is not going away for a long time, I assume, and we will see more attacks in terms of numbers, and I think we will see more sophisticated attacks as the criminal side is getting experience.”

―The Hill