COVID-19 Notice: Thomas Carroll remain committed to putting our clients at the forefront of what we do. We are fully operational at home so that we can continue to provide the same quality service that you normally enjoy from our team. Please click here for our COVID-19 risk management updates and advice hub.

If you’re in business, we have produced a number of guides, checklists and templates to help with your return to work preparations and ensuring your workplace is safe for your employees in these challenging times.

Close

Cybercriminals Exploit Coronavirus to Attack Hospitals

20 Jul

We are all concerned about Coronavirus and there’s no doubt that the pandemic has forced us to adapt the way in which we approach our day-to-day lives, and this could continue for quite some time. This is especially true for our key workers, who have carried us through the crisis, making sure that we can still access our essential items and medical care.

Amidst the pandemic, doctors and nurses are learning how to work differently in the hope of preventing the spread of the virus and coping with the surge of cases, including wearing PPE, reprioritising routine visits, providing remote care and reducing patient contact.

On top of this enormous challenge, unfortunately the health sector is also having to deal with the threat of a cyber-attack. The Foreign Secretary, Dominic Rabb has warned that cyber criminals are targeting organisations that are researching vaccines for COVID-19 and the GCHQ have said that hackers are increasingly targeting the NHS.

How Are Cybercriminals Targeting the Health Sector?

The worst part is that cybercriminals are not using particularly different or complicated techniques to attack. They are still relying on human error, which is the leading cause of cyber breaches and other basic vulnerabilities in cybersecurity, such as weak passwords, systems that are not backed up properly and tricking people into clicking harmful links.

This is similar to the WannaCry cyber-attack in 2017, which cost the NHS £92 million through services lost during the attack and IT costs in the aftermath of the attack. The ransomware cryptoworm targeted computers running Windows operating systems by encrypting data and demanding ransom payments in Bitcoin cryptocurrency to release it.

What Impact Is the Coronavirus Pandemic Having on Your Business?

It’s not just the health sector that is vulnerable. Businesses of all shapes and sizes, within any industry are at risk of a cyber-attack if they rely on technology at all to operate. Cybercriminals have also been targeting businesses who have employees that are working from home and using the fear surrounding the virus to their advantage. Recent research found that nearly half of UK remote workers have fallen victim to cybercrime since lockdown began.

Two emerging types of malware that businesses need to be aware of include:

HARMA

HARMA is a form of ransomware used by hackers to encrypt files and demand payment for them to be unlocked. It turns file types, such as JPEG, PDF or Docx into an unreadable format, which can cause quite a headache if your business uses computers to store files, rather than in Cloud storage hosted by a reputable platform like OneDrive or Google Drive. It’s definitely worth having backup measures in place. In the event of a hack, it’s easier to buy or re-format a computer than it is to worry about the ransomware that is intended to harm important files.

SMBleed

SMBleed is a Windows bug that opens vulnerabilities in a computer’s resources to allow hackers to exploit and run code remotely, which is then used to cause the machine performance issues. It has the potential to manoeuvre across your organisation’s entire network, leaving it open for hackers to further compromise your system. The most important thing you can do is keep Windows up to date. For larger companies, it’s crucial to have a centralised update service on your network to ensure updates are passed to machines as soon as they are available.

SIGRed: A 17-Year Old Vulnerability

SIGRed is a critical vulnerability that affects Windows DNS (Domain Name System) Server versions 2003-2019. Unlike the above examples, SIGRed is wormable, which means that it can spread throughout a network without human interaction. If exploited successfully, cybercriminals are granted Domain Administrator rights, which means they can effectively compromise your entire infrastructure. Any data travelling across your network could be stolen, including personally identifiable information. Microsoft recommends implementing software patches immediately, which can be found here or alternatively, you could discuss this with an IT security provider.

Protecting Your Business From Ransomware

We asked our cyber insurance risk specialist, Emma Francis for some key steps that businesses can take to help prevent a cyber breach. Here’s what Emma recommends:

Updates

“Updates should be completed as soon as possible. Cyber Essentials, the scheme behind encouraging organisations to adopt good practice in information security, insists that this is done within 2 weeks of the update being released.”

File Back-Ups

“It’s a common misconception that if your files are stored on your computer then they are safe, which isn’t the case. Ensure your important files are backed up to a secure location, like an offsite cloud backup service.”

Antivirus Software

“Don’t underestimate the importance of Antivirus software. Install it on all of your business’ machines to protect them against viruses and malware.”

Security Measures

“Ensure security measures are installed on your business devices. Something like User Access Control, which based on the level chosen can stop a user being able to install software. Explore other security measures, such as restricting USB storage and filtering web content by blocking high-risk categories. These will all contribute to decreasing the risks that your machines are exposed to.”

Network Equipment

“It’s important that your network equipment, including firewalls, routers and switches is adequately protected with the necessary security precautions.”

Take Action With Cyber Insurance

There’s no doubt that cybercrime is causing no end of challenges for businesses, especially in the current environment. In the unfortunate event of a cyber breach, insurance will protect you and your business and help avoid business interruption, financial and reputational loss.

If we can help you, please do not hesitate to contact our Cyber Risk Executive, Emma Francis today on 01792 704317 or at emma.francis@thomas-carroll.co.uk. Emma is fully operational from home and on hand to answer any queries you have.