COVID-19: CYBERSECURITY WATCH #2 – March 26th, 2020

In light of the current health crisis, the CERT of digital.security (CERT-DS) will implement a monitoring and alert system linked to the impacts and consequences of COVID-19 on cybersecurity. This monitoring, which can be shared freely, is intended to:

  • Identify the biggest threats to computer systems;
  • Share the resources and tools necessary to grasp and prevent ISS risks;
  • Highlight the best digital practices to adopt in the face of this crisis.

Each week’s main news items are grouped into four categories: Threats, Fraud, Useful Resources and Other News.

  • Threats” include malware, phishing and ransomware campaigns, as well as cyberattacks on major infrastructures;
  • Fraud” includes scams and fake news;
  • Useful Resources” refers to the information and tools needed to deal with this health crisis;
  • Other News” combines a variety of information such as government measures taken in the area of cybersecurity.

Threats

Attack: Multiple hacking attempts against the World Health Organization (WHO) site linked to COVID-19 (Early March)
Attackers: Suspicions about the DarkHotel Group
Method: Password theft and identity theft
Target: WHO staff members
Publication date: March 23rd, 2020
Description: According to WHO’s Chief Information Security Officer  Flavio Agio, multiple hacking attempts are targeting the WHO site. Since a first attack on March 13, 2020, attacks have continued to multiply.
Link(s): https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idUSKBN21A3BN

 

Attack: Cyberattack on Paris Hospitals (AP-HP)
Method: Denial of Service Attack (DDoS)
Target: Public assistance – Paris Hospitals
Publication date: March 22nd, 2020
Description: The Public Assistance servers have been victims of a denial of service leading to a saturation of their servers.
Link(s): https://www.challenges.fr/entreprise/sante-et-pharmacie/les-hopitaux-de-paris-victimes-d-une-cyberattaque-en-pleine-crise-du-covid-19_703766   

 

Attack: “Corona Antivirus” fake antivirus software against COVID-19
Method: Malware / distribution of the BlackNet administration tool
Publication date: March 23rd, 2020
Description: This fake website (antivirus-covid19[.] site) encourages users to install this digital anti-virus to counter the contamination of covid-19. The website claims that Harvard researchers have developed an AI capable of fighting covid-19 via a Windows application.
Link(s): https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/ 

 

Attack: Ransomware against a British medical research company
Attackers: Maze Group
Method: Ransomware / Denial of Service / Publication of Personal Data
Target: Hammersmith Medicines Research (HMR)
Publication date: March 22nd, 2020
Description: The Maze Group has released personal and medical patient data belonging to the HMR medical research company (which conducts covid-19 vaccine trials) because the company has refused to pay a ransom.
Link(s): https://www.computerweekly.com/news/252480425/Cyber-gangsters-hit-UK-medical-research-lorganisation-poised-for-work-on-Coronavirus 

 

Frauds

Attack: “COVID-19” or “coronavirus” special offers on malware sales
Method: False special offers to install malware
Surface/Application : Darknet
Publication date: March 19th, 2020
Description: Hackers use promo codes related to the COVID-19 theme to promote items on the darknet. These items are most often malicious software or operating tools. There are also fake online sales of computers.
Link(s): https://blog.checkpoint.com/2020/03/19/covid-19-impact-as-retailers-close-their-doors-hackers-open-for-business/ 

 

Attack: swindle of a pharmaceutical company (Cerp Rouen) by a fake company
Method: Shadow company / President scam
Target: Rouen Cerp
Publication date: March 19th, 2020
Description: More than 6.6 million euros stolen from Cerp Rouen by a fake website that claimed to sell protective masks and hydro-alcoholic gels.
Link(s): https://www-leparisien-fr.cdn.ampproject.org/c/www.leparisien.fr/amp/faits-divers/coronavirus-une-societe-pharmaceutique-escroquee-de-6-6-millions-d-euros-19-03-2020-8283636.php

 

Attack: Threat of coronavirus infection combined with data theft
Method: Scam and email ransom demand
Target: Messaging
Publication date: March 23rd, 2020
Description: Hackers threaten to infect people with the coronavirus, steal and then disclose their personal data in exchange for a ransom of $4,000 in Bitcoin.
Link(s): https://www.hackread.com/coronavirus-extortion-scam-threatens-to-infect-victims-family/

 

Useful Resources

Resource type: Call for Proposals for Innovative Solutions to Address COVID-19
Targets: Anyone able to propose a project capable of offering innovative solutions related to the fight against Covid-19 (solutions that are technological, organizational, managerial or adaptation of industrial processes).
Publication date: March 23rd, 2020
Description: The Ministry of the Armed Forces call for projects is launched by the Defence Innovation Agency (DIA) to fight the COVID-19 pandemic. Successful proposals are evaluated until April 12, 2020.
Link(s): https://www.defense.gouv.fr/aid/appels-a-projets/appel-a-projets-lutte-covid-19

 

Resource type: Provision of two interactive maps on the evolution of COVID-19 in real time (France)
Publication date: March 24th, 2020
Description: These maps are available on the French government’s “data.gouv.fr” platform. The data is updated every day.
Link(s): https://siecledigital.fr/2020/03/24/france-des-donnees-sur-lepidemie-de-covid-19-sont-disponibles-en-ligne/ 

 

Resource type: Siri is now able to assist in the screening of COVID-19 (United States)
Publication date: March 23rd, 2020
Targets: Apple users (US)
Description: Siri has received an update allowing it to answer users’ questions related to COVID-19 and especially whether they are contaminated or not. This update is only available in the United States for the moment.
Link(s): https://www.objetconnecte.net/siri-depiste-le-coronavirus-covid-19/ 

 

Resource Type: Deployment of Artificial Intelligence by Microsoft to Assist Caregivers
Publication date: March 24th, 2020
Description: Development of Healthcare Bot by Microsoft for the public to screen for COVID-19. This AI can evaluate the different symptoms of the coronavirus and report a diagnosis, which can then lead to a video consultation with a health Professional.
Link(s): https://siecledigital.fr/2020/03/24/covid-19-microsoft-deploie-son-ia-pour-aider-les-soignants/

 

Other news

Country: Iran
Topic: Application to control the COVID-19 pandemic in Iran
Publication date: March 16th, 2020
Description: The Iranian government has implemented an “AC19” surveillance application to allow the population to self-diagnose the presence of the virus in the body. A location option would also be available through the app.
Link(s): https://siecledigital.fr/2020/03/16/ac19-lapplication-pour-controler-lepidemie-de-covid-19-en-iran/

 

Back to the first newsletter of CYBERSECURITY WATCH #1: here