Advertisement 1

Canadian coronavirus response workers targeted in ransomware attack, says U.S. cybersecurity report

Increase seen in phishing attacks in which criminals use the pandemic as a hook to trick people into opening an attachment or clicking a link

Article content

Two Canadian organizations involved in work on COVID-19 — one a government body — have been the targets of recent ransomware attacks, according to a report from U.S. cybersecurity giant Palo Alto Networks Inc. that highlights the increased opportunities the pandemic is creating for cyber-criminals.

The new research, published Tuesday by Palo Alto’s Unit 42 threat intelligence team, centered on an attack aimed at encrypting the computer files of “several individuals associated with a Canadian government health organization actively engaged in COVID-19 response efforts, and a Canadian university conducting COVID-19 research.”

Advertisement 2
Story continues below
Article content

The company did not say which university or which public health agency was targeted, but said that the attacks were unsuccessful.

Article content

Jen Miller-Osborn, deputy director of threat intelligence with Palo Alto, said they’re seeing an uptick in phishing attacks in which criminals use the pandemic as a hook to trick people into opening an attachment or clicking a link.

In one of the attacks described in the report, targets received an email with a file attachment named “20200323-sitrep-63-covid-19.doc” that if opened would encrypt files on their computer until a ransom had been paid.

Recommended from Editorial
  1. Hospitals are turning to technology to help them cope with an onslaught on coronavirus patients.
    Surge in health-tech innovation could be silver lining in COVID-19 crisis
  2. Prime Minister Justin Trudeau speaks during a news conference at Rideau Cottage about efforts to slow the spread of COVID-19.
    Terence Corcoran: We are at the mercy of two data problems with COVID-19 response
  3. An economic downturn could actually be good for e-commerce companies such as Shopify.
    Startups shift focus to survival as COVID-19 uncertainty looms

Miller-Osborn said the targeting of front-line health-care providers was particularly troubling.

“Right now, going after people who are on the front lines is just really despicable. So we really want to call attention to the fact that that is happening to make sure those people on the front lines have as much awareness as they can,” she said.

Article content
Advertisement 3
Story continues below
Article content

But she added that the pandemic was creating a much broader set of opportunities for criminals as well.

For one thing, she said, it’s extremely useful that the same issue is affecting so many countries around the world at the same time, so putting “COVID-19” or some other pandemic terminology in the email subject line or attachment file name can trick a lot of people.

“They don’t need to put as much work into lures for different regions. You can literally take the same theme or the same file, and use it more broadly now,” she said. “The same kind of lures will now work on all of their targets.”

Going after people who are on the front lines is just really despicable

Jen Miller-Osborn, deputy director threat intelligence, Palo Alto Networks

Miller-Osborn said there’s also a larger issue at play: with so many businesses facing upheaval due to social distancing measures, cybersecurity protocols have in many cases been upended.

With companies unprepared for most of their employees working from home, IT systems are strained.

“It’s not something they’re used to, right? So they don’t necessarily have best practices for working from home, because it’s something they might do only occasionally,” she said.

Miller-Osborn said that most cyber attacks rely on manipulating users to click a link or open a file, and the simple mistakes that come with heightened stress can be a major factor.

Advertisement 4
Story continues below
Article content

“Any business should be looking out for this phishing — emails and links to things, and even text messages,” she said.

She said a good cybersecurity practice can simply be to take a deep breath and not allow yourself to give in to the feeling that every email needs to be tackled instantly.

“It’s difficult to have the kind of awareness you need for security on top of taking care of your two kids that are at home, and your dog is going crazy, and your spouse is in another room on a call,” she said.

“The only way to really do anything about that is for people to establish good behaviours while they’re working from home, like following those kinds of guidance and best practices, and whenever possible taking a break just to walk away.”

• Email: jmcleod@nationalpost.com | Twitter:

Article content
Comments
You must be logged in to join the discussion or read more comments.
Join the Conversation

Postmedia is committed to maintaining a lively but civil forum for discussion. Please keep comments relevant and respectful. Comments may take up to an hour to appear on the site. You will receive an email if there is a reply to your comment, an update to a thread you follow or if a user you follow comments. Visit our Community Guidelines for more information.

This Week in Flyers