U.S. Health Agency Suffers Cyber-Attack – Expert Reaction

By   ISBuzz Team
Writer , Information Security Buzz | Mar 17, 2020 01:53 am PST

The U.S. Health and Human Services Department suffered a cyber-attack on its computer system, aimed at undermining the response to the coronavirus pandemic.

Notify of
6 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Vahid Behzadan
Vahid Behzadan , Ph.D, Assistant Professor
March 18, 2020 1:26 pm

It appears that a Distributed Denial of Service (DDoS) attack was launched against the HHS web infrastructure. These attacks aim to overload their targets and slow down their operational capacities. The attack occurred around the time when a disinformation campaign was started to disseminate false information about a country-wide lockdown due to COVID-19. Some have speculated that the DDoS attack might have aimed to slow down the response of HHS and CDC to this campaign. The level of sophistication involved in this attack is low, and could have been the work of either activists or nation-state sponsored actors. Regardless of the motivations behind this attack, it serves as a warning for the potential of more sophisticated and coordinated attacks on official sources of information, which can lead to even more widespread chaos and economic damages in these fragile circumstances.

Last edited 4 years ago by Vahid Behzadan
Adam Laub
Adam Laub , CMO
March 17, 2020 10:14 am

We’d like to think that in a world where everyone is effectively in the same boat, a sense of togetherness, an unwritten code of conduct, or even a sense of morality would prevent bad actors from doing bad things – even if just temporarily. This obviously is not the case and if anything should serve as a reminder to organizations that one threat hasn’t been traded for another. To the contrary, individuals and groups that prey on the weak will likely look to take advantage of this dire situation, causing more disruption to organizations already reeling from the financial distress, business disruption, and human resource nightmare the coronavirus pandemic has inflicted in just a short period of time.

What’s particularly disturbing about this latest incident at the U.S. Health and Human Services Department is that the intent of the attack appears to be driven entirely by malice, seeking only to prevent the men and women trying desperately to protect millions of American citizens from harm from doing their jobs, as well as spread false information in order to generate more panic and uncertainty. No mention of stolen data or compromised credentials. Just DDoS style attacks aimed at bringing down critical infrastructure. It’s among the more cowardly acts we’ve seen lately, especially when compared to the heroic efforts of scientists, doctors, nurses, law enforcement and other front-liners across the world.

Last edited 4 years ago by Adam Laub
Erich Kron
Erich Kron , Security Awareness Advocate
March 17, 2020 10:06 am

The current situation with the COVID-19 pandemic is already stretching resources thin, and attacks such as this are unfortunately not unexpected. This is an example of the fact that we can expect cyber attacks to occur during times of heightened emotions and significant changes within the workforce, especially as commercial and government workers look at working from home. Any time there are changes like this, especially during times of heightened fear and emotions, the risks of attacks being successful greatly increases.

The U.S. government needs to prepare for these types of issues and be ready to respond quickly when they occur. In addition, the government and large social media organizations need to be prepared to respond to misinformation and false, fear inducing posts as quickly as possible. Like it or not, social media is where a lot of Americans get their news and these providers have a responsibility to reduce panic caused by adversaries trying to spread false information.

Last edited 4 years ago by Erich Kron
Kevin Bocek
Kevin Bocek , VP Security Strategy & Threat Intelligence
March 17, 2020 10:04 am

The attack on US Health & Human Services department is a clear sign that we’ll soon face a cyber attack crisis in addition to the coronavirus pandemic. Attackers of all types – from cybercriminals seeking profits to terrorists and other seeking disruption, and even nation-states will seek to hit their targets when they are distracted, striking when governments and businesses have their hands full of the pandemic response. Every organisation, from governments and banks to payment providers, retailers or manufacturers must be on high alert for cyberattacks. Now is not the time to consider cybersecurity optional. While the business environment at the moment is challenging, a cyber attack can still be a knock out blow for businesses and governments not focusing on the threat.

It’s particularly worrying as the race for digital transformation, DevOps, and cloud use increases, and the automated machine and software-driven process become increasingly vulnerable. We’ve seen hackers make use of persistent back doors using SSH machine identities in high-profile cases such as the attack on the Ukrainian power grid, or attackers hiding in encrypted traffic to breach Equifax because of expired TLS certificates, both of which are risks because of the cloud-based, automated, remote working world that business is adopting. Security teams need to move quickly for the visibility, intelligence, and automation needed to protect machine identities and manage these threats.

Last edited 4 years ago by Kevin Bocek
Sam Curry
Sam Curry , Chief Security Officer
March 17, 2020 10:01 am

Here\’s why the reported breach of the Dept of Health and Human Services is horrendous. Damage like this at this time is not “white hat” or even “grey hat.” It’s dark as dark. It’s as bad as stealing generators, gas or food in a time of natural disaster. What breaches like this do is accelerate the virus potentially by making measures and controls not reach the people that need them. That means that this could directly lead to deaths. Hacks lead to misinformation campaigns and a lot of pain for people. This breach is effectively an attack on the United States government and every citizen. DO NOT HACK FOR ANY REASON RIGHT NOW: not politics, not profit. If martial law comes down, frontier justice can be nasty.

Overall, this looks like this breach could be the result of a DDoS attack, which means the DHHS should immediately work with their ISPs to ensure redundant bandwidth. Organisations such as DHHS, CDC, WHO, NIH, etc., should also identify critical apps and assure a content delivery network to handle volume too on the application layer if they haven’t already done so. If they have that in place and were still breached, they reach out to their ISP and assure that they are priority 1 when attacks happen — they need to be operational more than other competing applications. And they should immediately try to understand why this breach happened to try to predict where the next attack will occur. If this was a DDoS attack, the good news is that this is a sledgehammer and this attacker (not others) probably doesn’t have any finer tools to use right now.

Last edited 4 years ago by Sam Curry

Recent Posts

Would love your thoughts, please comment.x