Last month, some of the usual cast of online scammers and malware miscreants promised to refrain from attacking healthcare organizations or exploiting them during the COVID-19 crisis, showing a sense of honor unexpected from ransomware attackers and cryptocurrency thieves.

However, this ceasefire turned out to be a head-fake. Within a week of those vows, malware purveyors and con artists rushed to send out phishing emails while masquerading as healthcare organizations and even launched attacks against hospitals and other critical facilities. Last week, Google alone was blocking 18 million COVID-19 phishing or malware-delivery emails per day.

One group of esteemed hackers and cybersecurity experts couldn’t stand idly by and watch cybercriminals take advantage of this unprecedented crisis or, even worse, damage overtaxed and much-needed healthcare facilities. So, Marc Rogers, head of sec ops for DEF CON and VP of cybersecurity strategy for Okta; Nate Warfield, senior security program manager at Microsoft; Chris Mills, also a key security player at Microsoft; and Ohad Zaidenberg, lead cyber intelligence researcher at Clearsky Cyber Security, formed the COVID-19 Cyber Threat Intelligence League (CTI League).

Early success at disrupting threat actors

This invitation-only group, which one industry publication called a cyber version of the Justice League, began work about a month ago seeking to mitigate threats and protect the digital well-being of the global healthcare system during the pandemic. Since March 14, the League’s ranks of volunteers has skyrocketed with more than 1,400 vetted members in 76 countries spanning 45 different sectors, including cybersecurity, healthcare, technology, telecommunications, computer emergency response teams (CERTs), government, and law enforcement.

The organization’s members have helped to lawfully take down 2,833 cybercriminal assets on the internet, including 17 designed to impersonate government organizations, the United Nations, and the World Health Organization. Moreover, the League has identified more than 2,000 vulnerabilities in healthcare institutions in more than 80 countries, notifying those organizations directly or through escalation to appropriate government or industry bodies, according to its just-released inaugural report.

“I knew I had to do something to help” Zaidenberg tells CSO. ”There is a really strong appetite for doing good in the community,” Rogers said during a webinar hosted by the Aspen Institute. “If we can’t go out and have a beer, the next best thing is opening our laptop.”

Hospitals are a particular worry for the group. “After WannaCry and NotPetya, we realized hospitals were vulnerable to malware,” Rogers said during the webinar. “Our idea was to find these vulnerabilities …using tools like Shodan.”

Coordination with healthcare, law enforcement

League members work through healthcare organizations’ CISOs and suppliers and other key players as channels to the institutions to inform the hospitals of what they’ve discovered. Some of the vulnerabilities, however, are serious enough to get kicked up to the FBI or the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Copyright © 2020 IDG Communications, Inc.

Source Article