HHS attack amid coronavirus scare slows systems

As the U.S. ramped up its response to the coronavirus pandemic, a cyberattack on the Health and Human Services (HHS) Sunday night aimed to slow down the agency’s computer systems.

The initiative didn’t make much of an impact. “Luckily it slowed, but didn't break or compromise anything,” said Marty Puranik, CEO of Atlantic.Net.

The attack “spread serious misinformation regarding a national quarantine, sending many officials and the public into a panic,” said Rui Lopes, engineering and technical support director at Panda Security.

“The ability to disrupt systems and increase public misinformation are viable threats while we are all adjusting to societal changes,” said Jack Mannino, CEO at nVisium. “Eroding trust in our systems during a crisis is a perfect way to cause increased chaos.”

That kind of disruption is often a hallmark of nation-state actors. But Rick Holland, CISO, vice president of strategy at Digital Shadows warned against jumping to the conclusion that the attack was affiliated with a nation state. “Incident response takes time, and as this just occurred last night, more time for investigations will be required,” Holland said. “Based on reporting, this appears to be some sort of denial of service attack and the barrier to entry for DOS attacks are low.”

The coronavirus pandemic has ratcheted up fear among the populace and put stress on cybersecurity schemes, making them vulnerable to opportunistic and nimble bad actors. “Organized groups are likely empowered by the situation and will want to take advantage of it,” said Thomas Hatch, CTO and cofounder of SaltStack. “They can attack specific services, particularly financial institutions because of the overall distracted nature of the defenders.”

It’s also too early to tell whether the attack will be an isolated one or “a precursor for a larger attack that may result in data access and or exfiltration,” said Stephen Boyce, Principal Consultant at the Crypsis Group.

“The most prominent targets of such attacks are institutions that are providing information to the public regarding COVID-19,” including local, state, federal, and tribal government agencies, media outlets, pharmaceuticals companies, and healthcare industries, said Boyce. “We should expect more DDoS attacks on the institutions mentioned above and an increase in spear-phishing attacks as well.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.