COVID-19: CYBERSECURITY WATCH #40 – July 16, 2021

In light of the current health crisis, the CERT of (CERT-DS) will implement a monitoring and alert system linked to the impacts and consequences of COVID-19 on cybersecurity. This monitoring, which can be shared freely, is intended to:

  • Identify the biggest threats to computer systems;
  • Share the resources and tools necessary to grasp and prevent ISS risks;
  • Highlight the best digital practices to adopt in the face of this crisis.

In order to better understand the threats, we will also do a “threat focus” on one of the attacks reported each week. A detailed description and modus operandi of the attack will be made.

Each week’s main news items are grouped into four categories: Threats, Fraud, Useful Resources and Other News.

  • Threats” include malware, phishing and ransomware campaigns, as well as cyberattacks on major infrastructures;
  • Fraud” includes scams and fake news;
  • Useful Resources” refers to the information and tools needed to deal with this health crisis;
  • Other News” combines a variety of information such as government measures taken in the area of cybersecurity.



Attack: Cybercriminals exploit COVID-19 to spread a variant of the Buer malware-as-a-service (MaaS)
Method: Phishing campaign
Target: General public 
Publication date: 07/01/2021
Description: Researchers at the Cofense Phishing Defense Center (PDC) have uncovered a campaign delivering the Buer MaaS. The cybercriminals claim to provide a document about the side effects of the vaccine in order to trick users into downloading an attachment containing the malware with a password. Once Buer is set up, it can spread other malware such as ransomware.


Attack: Cyberattack on a Website offering COVID-19 vaccination appointments disrupts Georgia’s vaccination campaign
Method: Currently unknown 
Target: “” Website
Publication date: 07/02/2021
Description: On July 2, 2021, Georgia received one million doses of Chinese Sinopharm and Sinovac vaccines. In order to get vaccinated, Georgians were required to register on the Ministry of Health’s online registration page, “”. However, the Website was hit by a cyberattack that shut down the platform and delayed the vaccination campaign.


Attack: REvil ransomware hits a US university medical center
Method: Currently unknown 
Target: University Medical Center of Southern Nevada
Publication date: 29/06/2021
Description: The medical center which provides healthcare services to patients in four US states has been targeted by a cyberattack. The criminal group REvil has added the medical centre to its list of victims on their data leak site. Even though the criminal organization’s Websites are no longer accessible, no information related to COVID-19 had been exposed. The health organization has released a statement on the incident, saying that care services are still operational and that no evidence of compromise of clinical systems has been found.



Attack: Telegram messaging application used to sell fraudulent European vaccines and digital COVID certificates
Method: Scam
Surface/Application: Telegram
Publication date: 07/05/2021
Description: The Italian police shut down 10 channels of the encrypted messaging app Telegram that linked anonymous accounts to dark web marketplaces. The accounts were used to contact and pay sellers offering European certificates and counterfeit vaccines. The aforementioned certificate issued contained false identification data, a QR code and the number of a first and second dose of vaccine.



Type of resource: CovidTracker platform adds EuroVaccination, a tool for monitoring the vaccination campaign in Europe
Target: General public
Publication date: 07/01/2021
Description: The new platform, EuroVaccination, reports on the evolution of the vaccination campaign in the different European countries. Data from “Our World In Data” shows the number, progress and percentage of first doses injected. The website also ranks the vaccination rate of the population per country.



Country: Spain
Subject: Programming error in Spanish health ministry Website leads to data leak
Publication date: 07/07/2021
Description: A security flaw in the platform for obtaining the health pass in Madrid has exposed the data of thousands of users. Using a proxy and a random identifier, it was possible to gain access to the vaccine used, the patient’s name, telephone and social security number and address. However, sources in the Spanish Ministry of Health have indicated that no information in the database has been compromised.