COVID-19: CYBERSECURITY WATCH #35 – April 29, 2021

In light of the current health crisis, the CERT of (CERT-DS) will implement a monitoring and alert system linked to the impacts and consequences of COVID-19 on cybersecurity. This monitoring, which can be shared freely, is intended to:

  • Identify the biggest threats to computer systems;
  • Share the resources and tools necessary to grasp and prevent ISS risks;
  • Highlight the best digital practices to adopt in the face of this crisis.

In order to better understand the threats, we will also do a “threat focus” on one of the attacks reported each week. A detailed description and modus operandi of the attack will be made.

Each week’s main news items are grouped into four categories: Threats, Fraud, Useful Resources and Other News.

  • Threats” include malware, phishing and ransomware campaigns, as well as cyberattacks on major infrastructures;
  • Fraud” includes scams and fake news;
  • Useful Resources” refers to the information and tools needed to deal with this health crisis;
  • Other News” combines a variety of information such as government measures taken in the area of cybersecurity.



Attack: A British university hit by a cyberattack
Method: Currently unknown
Target: The University of Hertfordshire
Publication date: 04/16/2021
Description: A cyberattack affected all of the university’s IT systems including the cloud, Microsoft Teams and Zoom, making online teaching inoperable. The institution, which is also conducting research related to COVID-19, said there is no evidence of data compromise at this time. This is the third English educational facility targeted by cybercriminals since March, following the attack on the University of Northampton and the Harris Federation reported in our previous bulletin.


Attack: A cyberattack targeting the Hopale Foundation causes the closure of the vaccination center in Berck-sur-Mer
Method: Currently unknown
Target: The Hopale Foundation
Publication date: 04/15/2021
Description: Cybercriminals broke into the institution’s IT system, paralyzing e-mail boxes and some shared servers. The organization announced that medical and hospital activity was not impacted. However, the Berck vaccination center, which the foundation manages online booking slots, has been closed as a precautionary measure. This is the fifth French health structure to be the victim of a cyber attack since February, after the one at the Saint-Gaudens hospital reported in a previous bulletin.


Attack: New elements discovered in spear-phishing campaign targeting cold chain organizations involved in COVID-19 vaccine storage
Method: Spear-phishing campaign
Target: Transport, healthcare and Information Technology & Electronics sector
Publication date: 04/14/2021
Description: This spear-phishing campaign reported in our previous bulletin has been discovered in December 2020 by IBM researchers. They recently revealed additional files related to the sectors targeted by the attackers who impersonated a Haier Biomedical company executive. The new report also provides details on the spear-phishing techniques used against employees.


Attack: Australian health service provider hit by cyberattack 
Method: Ransomware
Target: UnitingCare of Queensland, Australia
Publication date: 04/26/2021
Description: The cyberattack paralyzed the entire computer systems of four hospitals, including St. Andrew’s War Memorial Hospital conducting research on COVID-19. According to UnitingCare, most care activities are operational except for internal employee e-mails and scheduling of surgeries.


Attack: National Cyber Security Center (NCSC) report alerts on cybercriminals impersonating a package delivery company to distribute Flubot malware
Method: Smishing campaign (text messages phishing)
Target: General public in the UK
Publication date: 04/26/2021
Description: Taking advantage of the pandemic’s delivery boom, cybercriminals have been sending fraudulent text messages asking users to install software to track a package. Once Flubot is installed, it can steal banking information and intercept one-time passwords from banks as well as victims’ contact lists.



Attack: Webroot reports an increase in new malicious COVID-related domains
Method: Domain names spoofing
Surface/Application: Internet
Publication date: 04/12/2021
Description: In the first three months of 2021, threat intelligence firm Webroot has seen an increase in malicious domains using the word “travel” or “passport.” Cybercriminals are looking to take advantage of the deployment of vaccine campaigns and the gradual implementation of vaccine passports to attract new victims and conduct phishing campaigns.



Type of resources: Europol presents a threat and cybercrime assessment report
Target: General public, practitioners and decision-makers
Publication date: 04/12/2021
Description: This report evaluates the evolution of the cyber threat and organized crime. It also identifies the main attacker groups involved in criminal actions within the European Union. COVID-19 is presented as a threat accelerator with a major impact on cybercrime as the pandemic has caused cybercriminals to change their modus operandi and take advantage of the scarcity of some vital goods.


Type of resources: CERT Santé proposes a preventive action plan to reduce the risk of massive compromise in case of ransomware attacks
Target: General public and health structure
Publication date: 04/22/2021
Description: CERT Santé has observed that many healthcare organizations are not enough prepared to counter this type of attack. With this plan, the alert center seeks to strengthen the security of strategic points of the information system (IS), especially the backup and management of environments, system administration, remote access via VPN and the proxy. The objective is to limit the impact of an attack and to slow down the attacker’s progress on the IS.



Country: France
Subject: Implementation of the TousAntiCovid-Carnet tool certifying of a test and vaccination against COVID-19
Publication date: 04/19/2021
Description: The French Ministry of Solidarity and Health has deployed a new “carnet” functionality integrated into the TousAntiCovid application that allows the digital storage of test results and vaccination certificates. The government is responding to the European Commission’s proposal to secure travel between European Union countries. Before its full deployment, the French Data Protection Authority (CNIL) has reminded that this system must guarantee the protection of personal data and privacy of individuals.


Country: France
Subject: Public and private actors collaborate through an online marathon (Hackaton) to contribute to the containment of the pandemic
Publication date: 04/27/2021
Description: Initiated by governmental actors, including the Interministerial Directorate of Public Transformation, the Hackaton has generated 15 projects, including the programming tool PyCoa and the applications ZeroHour and MyLongCovid. The former proposes an open source program containing scientific data of COVID-19. The second proposes a virtual queue to limit the number of people in public places and the last one seeks to ensure the self-monitoring of patients with “long last COVID”.