[BreachExchange] Hacker 'ceasefire' gets little traction as pandemic fuels attacks

Tue Apr 7 10:19:13 EDT 2020

https://news.yahoo.com/hacker-ceasefire-gets-little-traction-pandemic-fuels-attacks-014730346.html

Washington (AFP) - Internet users have seen a surge in COVID-related
cyberattacks and fraud schemes which could add to the misery of the
pandemic, even as some hackers have called for dialing back their
criminal efforts.

A deluge of attacks has included phishing emails purported to be from
health agencies, counterfeit product offers and bogus charity donation
requests, according to security analysts.

Over the past month, at least 100,000 new web domain names were
registered containing terms like covid, corona, and virus, many of
which are considered "malicious," according to a report prepared for
the global internet registry agency ICANN.

"The pandemic has led to an explosion of cybercrime, preying upon a
population desperate for safety and reassurance," said the report
released this week by Interisle Consulting Group.

The number of "spoofed" websites used for phishing to steal people's
private credentials rose by 350 percent since January to more than
500,000, according to Atlas VPN, which provides secure connection
services.

- Stimulus fraud coming? -

These schemes could lead to unprecedented amounts of theft, identity
hijacking and ransomware to extract money from vulnerable
organizations, some analysts fear.

In just the past few weeks, US consumers have lost nearly $5 million
to coronavirus-themed scams, according to the Federal Trade
Commission.

The potential for fraud could rise further, notably as a result of the
$2 trillion economic relief package approved by Congress this month,
according to an FTC warning to watch for stimulus-related fraud
schemes.

Because of the global nature of the pandemic, hackers are taking
advantage of all the attention being paid to the health crisis to lure
people into opening malicious emails and links.

The security firm Proofpoint said this week it is seeing a wave of
email scams themed around stimulus payments, Australian government
"coronavirus tax relief" or even a fictitious "relief offer" from the
World Health Organization and the International Monetary Fund.

"More than 80 percent of all the attacks Proofpoint now intercepts
have something to do with the pandemic, a level that is
unprecedented," the company said.

"These attacks appear to be working, and now they are leveraging news
of the stimulus package to ensnare more victims."

But even with the unprecedented opportunity, some hackers are
considering pulling back on their attacks on people during the crisis,
according to researchers who monitor "dark web" forums.

"There seems to be an even split. I wasn't expecting so many people
expressing concern," said Alex Guirakhoo, a threat researcher with the
security firm Digital Shadows who monitors hacker forums globally.

"There are some people (in hacker forums) saying 'I'm really concerned
for my family,' or 'I can't see my girlfriend.' This is a situation
affecting everyone."

After some reports indicated hospitals had been hit by ransomware,
some hacker groups pledged to avoid hitting health care organizations,
according to researchers.

One hacker group known as Maze promised to halt attacks on hospitals
and provide encryption keys to ones that have been hit, according to
Filip Truta of the security firm BitDefender.

"Perhaps they want to avoid provoking the white-hot rage of an already
wounded public," Truta said in a blog post. "Or, just possibly, some
black hats do have a smidgen of ethics. At least in grim times like
these."

The security firm Emsisoft, which specializes in ransomware, made an
unusual plea to hackers last month to spare health care firms.

"We also know you are humans, and that your own family and loved ones
may find themselves in need of urgent medical care," the group said in
a blog post.

"We ask for your empathy and cooperation. Please do not target
healthcare providers during the coming months and, if you target one
unintentionally, please provide them with the decryption key at no
cost."

But Emsisoft spokesman Brett Callow said the plea may not be working.

"Any claims that these ransomware groups make should be taken with a
grain of salt," Callow told AFP, noting that ransomware attacks are
continuing against health organizations.

"These groups have attacked hospitals in the past. They have put lives
at risk and it would be a mistake to assume they wouldn't do so
again."