The U.S. Health and Human Services Department suffered a Distributed Denial of Service (DDoS) attack.
According to a Bloomberg news report, the cyberattack was called a campaign of disruption and disinformation that was aimed at undermining the response to the Coronavirus pandemic. The attack may also have been the work of a foreign actor. In addition, it doesn’t appear that the hackers took any data from the systems, and the hack involved overloading the HHS servers with millions of hits over several hours.
"This is an unfortunate event; cyber threat actors will play on fears and capitalize on national catastrophes and other calamities to wage their acts," adds Boyce. "At a time when nations struggle and mourn, it is not unexpected, but particularly tragic to witness.”
Thomas Hatch, CTO and Co-Founder at SaltStack, says that as we self-quarantine and combat the spread of Coronavirus, “we should expect cyberattacks to continue, and to be seen as more and more opportunistic. Those who wish to launch cyberattacks will not show mercy because of the situations that we are in, but rather this will be seen as an opportunity. There are a number of attackers and motivations that can be fulfilled. A nation-state hostile to the US will want to damage our response times to Coronavirus. Petty thieves will assume that classical attacks are going to be more effective because cyber defense staffing is likely distracted right now dealing with the influx of issues that come from a demand shift for specific services. Organized groups are likely empowered by the situation and will want to take advantage of it. They can attack specific services, particularly financial institutions because of the overall distracted nature of the defenders.”
Jack Mannino, CEO at nVisium, also maintains that the attack is proof that hostile actors "are capitalizing on the fear and frenzy generated by the pandemic. The ability to disrupt systems and increase public misinformation are viable threats while we are all adjusting to societal changes. As we continue to be impacted by changes to our way of life, people will become even more reliant on applications and software to provide them with accurate and truthful information. Eroding trust in our systems during a crisis is a perfect way to cause chaos.”
Rick Holland, CISO, Vice President of Strategy at Digital Shadows, notes, however, that, “We should not jump to conclusions and assume the attack was nation-state affiliated. Incident response takes time, and as this just occurred last night, more time for investigations will be required. Based on reporting, this appears to be some sort of denial of service attack and the barrier to entry for DOS attacks are low."
"While infectious disease experts are on the front lines of a war against COVID-19, cybersecurity professionals must be ever vigilant and keep a heightened focus on their networks to ensure hackers do not use this health emergency to cause chaos," says Rui Lopes, Engineering and Technical Support Director at Panda Security. "To this end, a zero-trust security posture has never been more essential.”