20 March 2020

IRM Weekly Cybersecurity Roundup: COVID-19 cyber impact and more

Cybercriminals ‘promise’ not to attack healthcare organisations during COVID-19 outbreak

Two cybercriminal gangs behind the most prolific ransomware attacks of recent history have stated they will not target healthcare organisations whilst COVID-19 is ongoing.

Operators of the DoppelPaymer ransomware threat said they will “try to avoid hospitals, nursing homes” and if they do accidentally target one due to a network misconfiguration, they will provide a “free decrypter code”.

The operators of Maze ransomware also confirmed they would stop attacking organisations of this kind until “the stabilisation of the situation of the virus”.

This is despite the fact that the COVID-19 outbreak has already seen cybercriminals take advantage, including infection distribution maps laced with malware.

You can read more here.

US Health Department suffers cyber-attack

Contrary to the above news, the U.S. Health and Human Services (HHS) Department has suffered a cyber-attack on its computer system.

The attack involved overloading the HHS servers with millions of hits over several hours. It didn’t succeed in slowing the systems significantly as intended. Luckily, due to the anticipation of increased cyber-attacks due to COVID-19, HHS had put in extra protections in place.

It’s thought the attack is linked to a text message scam which occurred on the 16th March and told recipients of a support national quarantine (see warning message from the National Security Council below)

Fake Text Messages COVID-19

You can read more here. 

Princess Cruises confirms data breachCruise Liner

Princess Cruises has recently halted operations due to COVID-19, but they have now confirmed a data breach which may have compromised passenger data.

Suspicious activity was identified in late May 2019 and forensic experts were hired to find out how access was gained. It discovered unauthorised employee account access between April and July 2019.

These accounts contained personal data about Princess’ employees, crew and guests, including passports, credit card information and health data.

You can read more here.

British printing company responsible for confidential document leak

A cybersecurity research team has uncovered a S3 Bucket belonging to a British printing company with 270,000 records and over 343GB in size.

The company in question is Doxzoo, a document printing and binding production company in the UK. They have customers including universities, US and UK military units, Fortune 500 companies and more. Doxzoo shows ISO accreditation for security on its website, despite the downfall in protection of this information on the Amazon server.

Doxzoo has now closed the data leak. Information seen by the researchers included complete scripts/screenplays, full-length books, paid wellness plans and internal military handbooks.

You can read more here.

IRM offers free COVID-19 business continuity resources

Over the last two weeks, we have been able to release various guidance papers and resources to help our customers and contacts with business continuity. Paul Sexby, one of IRM’s Principal Risk Consultants, has contributed some fantastic advice in two guidance papers, detailed below.
1. Practical Pandemic Planning³ – An introduction on how to ‘jump-start’ a business continuity plan – https://bit.ly/2wcJ03U
COVID-19 Business Continuity Checklist2. Data Protection & Cybersecurity – An overview of the significant data protection challenges faced with increased remote working – https://bit.ly/392dAub
3. Rapid Business Continuity Checklist – Combines the advice and guidance in the two above guidance papers to create a simple-to-follow checklist – https://bit.ly/2J10Mts



Quick-Fire Updates

Industry supports University maritime lab set-up: Various organisations have offered support to the University of Plymouth to enable them to set up the Cyber-SHIP Lab – a new research facility aimed at improving global shipping security. Read more here.

Illinois college suffers data breach: The personal and tax information of 1,755 staff has been comprised, including tax forms from 2018. The college is now offering credit monitoring and identity protection services to current and format employees free of charge. Read more here.

Czech hospital halts COVID-19 tests due to cyber-attack: The hospital’s computers had to be shut down on Saturday 14th March, meaning the hospital could not carry out tests. Read more here.