CybersecuritySecurity NewswireCybersecurity News

U.S. Health and Human Services Department Suffers Cyberattack

The U.S. Health and Human Services Department suffered a Distributed Denial of Service (DDoS) attack.

According to a Bloomberg news report, the cyberattack was called a campaign of disruption and disinformation that was aimed at undermining the response to the Coronavirus pandemic. The attack may also have been the work of a foreign actor. In addition, it doesn’t appear that the hackers took any data from the systems, and the hack involved overloading the HHS servers with millions of hits over several hours.

“We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly,” John Ullyot, a spokesman for the National Security Council, said in a statement. “HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks.” He added that “HHS and federal networks are functioning normally at this time," according to the Bloomberg.

Stephen Boyce, Principal Consultant at the Crypsis Group, told Security Magazine that while DDoS attacks are not sophisticated, "the timing of the attack and potential motive raises significant concern. The goal of these attacks is to prevent legitimate users from accessing HHS websites and systems. These attacks could also be a precursor for a larger attack that may result in data access and or exfiltration."

According to Boyce, "the most prominent targets of such attacks are institutions that are providing information to the public regarding COVID-19. These institutions include: local, state, federal, and tribal government agencies, media outlets, pharmaceuticals companies and healthcare industries. We should expect more DDoS attacks on the institutions mentioned above and an increase in spear-phishing attacks as well."

"This is an unfortunate event; cyber threat actors will play on fears and capitalize on national catastrophes and other calamities to wage their acts," adds Boyce. "At a time when nations struggle and mourn, it is not unexpected, but particularly tragic to witness.”

Thomas Hatch, CTO and Co-Founder at SaltStack, says that as we self-quarantine and combat the spread of Coronavirus, “we should expect cyberattacks to continue, and to be seen as more and more opportunistic. Those who wish to launch cyberattacks will not show mercy because of the situations that we are in, but rather this will be seen as an opportunity. There are a number of attackers and motivations that can be fulfilled. A nation-state hostile to the US will want to damage our response times to Coronavirus. Petty thieves will assume that classical attacks are going to be more effective because cyber defense staffing is likely distracted right now dealing with the influx of issues that come from a demand shift for specific services. Organized groups are likely empowered by the situation and will want to take advantage of it. They can attack specific services, particularly financial institutions because of the overall distracted nature of the defenders.”

Jack Mannino, CEO at nVisium, also maintains that the attack is proof that hostile actors "are capitalizing on the fear and frenzy generated by the pandemic. The ability to disrupt systems and increase public misinformation are viable threats while we are all adjusting to societal changes. As we continue to be impacted by changes to our way of life, people will become even more reliant on applications and software to provide them with accurate and truthful information. Eroding trust in our systems during a crisis is a perfect way to cause chaos.”

Rick Holland, CISO, Vice President of Strategy at Digital Shadows, notes, however, that, “We should not jump to conclusions and assume the attack was nation-state affiliated. Incident response takes time, and as this just occurred last night, more time for investigations will be required. Based on reporting, this appears to be some sort of denial of service attack and the barrier to entry for DOS attacks are low."

"While infectious disease experts are on the front lines of a war against COVID-19, cybersecurity professionals must be ever vigilant and keep a heightened focus on their networks to ensure hackers do not use this health emergency to cause chaos," says Rui Lopes, Engineering and Technical Support Director at Panda Security. "To this end, a zero-trust security posture has never been more essential.”