Virtual army rising up to protect healthcare groups from hackers

As the world continues to grapple with the COVID-19 pandemic, a related crisis has emerged. 

Hackers are taking advantage of the increased reliance on networks to target critical organizations such as healthcare groups and members of the public, stealing and profiting off sensitive information and putting lives at risk. 

But cyber criminals are increasingly coming up against an army of information security professionals worldwide, who have come together over the past months to fight a quiet daily war online to block the efforts of hackers.

One network of these white hat hackers is the non-profit COVID-19 CTI League, which is made up of over 1,400 volunteers in 76 countries and 22 different time zones from sectors including information security, telecommunications and law enforcement. 

The group’s goal is to thwart efforts by criminal organizations to dismantle critical systems, including those that overworked hospitals rely on to ensure treatment for patients suffering from COVID-19. 

Marc Rogers, the executive director of cybersecurity at software group Okta and one of the leaders of the CTI League, told The Hill that the mobilization of internet security professionals during the pandemic made him optimistic about fighting back. 

“There is a literal army of infosec people out in the community who are working to protect these establishments,” Rogers said. “We haven’t seen any catastrophic situations yet, and I’m quietly hopeful that that’s because of the proactive work that all of these groups are doing.”

The group was only established in early March but has grown by leaps and bounds as members have quickly joined in the effort to defend vulnerable systems from attack. 

According to an initial progress report published by the group this week, members have assisted law enforcement in taking down almost 3,000 cybercriminal assets online, and identified more than 2,000 cyber vulnerabilities at hospitals, healthcare groups, and supporting facilities.

The CTI League is not the only new group formed in order to address increasing cyber threats. 

C5 Capital helped bring together and form the Cyber Alliance to Defend Our Healthcare last month. The group was formed after cybersecurity portfolio groups managed by C5 began reporting spikes in cyberattacks on both the United Kingdom's and Sweden’s health systems, and is currently made up of over a dozen top cybersecurity groups lending their skills to defend these networks. 

“We were beginning to get calls from all over Europe in particular that there was a significant escalation in cyberattacks from March onward,” C5 Founder Andre Pienaar told The Hill. “We decided we had to do something to help, and launched the Cyber Alliance to Defend Our Healthcare as part of a transatlantic effort to protect the crucial care provided by hospitals and clinics.”

And healthcare organizations, where IT staffers are overworked and on the frontlines of the COVID-19 pandemic, desperately need these protections. 

The World Health Organization and the Department of Health and Human Services were among health agencies targeted by hackers in March, while an FBI official said last week that the agency was receiving between 3,000 and 4,000 cybercrime reports every day, up from a usual average of 1,000 per day. 

Ransomware attacks have increasingly become a method of choice for hackers, who according to Pienaar and other officials include both cyber criminal organizations and those backed by nation states. 

Ransomware attacks, which involve locking up a system and demanding payment, hurt operations at the second largest hospital in the Czech Republic and an Illinois health agency in recent weeks. International police agency INTERPOL issued a formal alert this month warning hospitals in its 194 member states that these attacks may increase. 

“We have seen a significant escalation in the size or ransom,” Pienaar said. “Before it was in the range of $5 million, and have seen a significant increase to more like $15 million.”

Rogers described the current situation as a bonanza for hackers looking to make money, but emphasized that cyber criminals were now going up against those intent on blocking them. 

“I would say the only comparable analogy in my head is during world wars, we saw the same kind of civilian army rising to defend their country,” Rogers said. “This led me to calling this World War Cyber, everyone sees the same threat, everyone realizes they have to put aside their differences, they need to break down barriers.”

The civilian information security groups are not alone in their fight against cyber criminals. 

A key feature of the work of these groups is maintaining contact with law enforcement, working hand-in-hand to fight and block hackers, including working with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security. 

CISA Director Chris Krebs told The Hill in a statement on Tuesday that there will only be an increase in cyberattacks connected to the pandemic, and that he “looked forward” to continuing to work with groups like CTI in the fight to defend against hackers. 

“We have seen, and are likely going to continue to see, an increase in bad guys taking advantage of the COVID-19 pandemic to target businesses, governments and individuals alike. CISA is working around the clock with our public and private sector partners to combat this threat,” Krebs said. 

Krebs praised the CTI League, saying its work “has helped disseminate indicators of compromise to network defenders, improve vulnerability management in the nation’s medical infrastructure, and manage supply chain risks in the medical sector.”

And Capitol Hill has taken notice of threats posed to healthcare groups and other critical organizations.

Democratic Sens. Mark WarnerMark Robert WarnerBipartisan Senate report reaffirms intelligence findings that Russia meddled in 2016 elections Hillicon Valley: Hackers increasingly target hospitals during pandemic | Stay-at-home protests could qualify as misinformation on Facebook | Tech groups push Congress to send states cyber funding Schiff, Nadler call on DOJ watchdog to investigate Barr's remarks about firing of intelligence community IG MORE (Va.), Edward MarkeyEdward (Ed) John MarkeyHillicon Valley: Senate report backs intel findings on Russia | GOP senator ramps up pressure on Apple, Google | Facebook grapples with coronavirus protests House Democrat introduces bill to ensure students have internet access amid pandemic Democrats warn against pausing WHO aid: Coronavirus not time to 'upend our relationship' MORE (Mass.), and Richard Blumenthal (Conn.), along with Republican Sens. David Perdue (Ga.) and Tom CottonThomas (Tom) Bryant CottonTrump immigration vow stirs serious blowback The Hill's 12:30 Report: Washington nears coronavirus relief deal Trump says he will sign executive order temporarily suspending immigration into US MORE (Ark.), sent a joint letter on Tuesday to both CISA and U.S. Cyber Command urging the agencies to take action to prevent cyberattacks on hospitals and research groups involved in fighting the spread of COVID-19. 

“During this moment of national crisis, the cybersecurity and digital resilience of our healthcare, public health, and research sectors are literally matters of life-or-death,” the senators wrote. 

Pienaar saw the dual focus on cyber threats by government, law enforcement, and the private sector as key to addressing cybersecurity vulnerabilities. 

“I think it’s crucially important from a national security point of view, from a law enforcement point of view, to combat the pandemic that cybersecurity of the healthcare sector gets properly attended to and that we build a strong public-private partnership behind it, and the private sector does it all it can to protect our governments,” Pienaar said. 

Regardless of when the COVID-19 pandemic ends, both Rogers and Pienaar were optimistic about the future of the virtual army built to defend critical networks, with Rogers saying it could be used to help defend elections or during other potential crises. 

“What we’re thinking about is ‘how do we keep this going,’ because we have achieved so much,” Rogers said. “It would be so amazing if we could put together this group...good guys could come together and counterattack, I think if we could achieve that we would make the internet a much safer place.”

Comments are closed.