The Volunteer Online Army Fighting Coronavirus Crime

(Bloomberg Businessweek) -- By day, Ohad Zaidenberg is a researcher for a private Israeli security firm, where he roots out sophisticated hacking attacks against major corporations. By night he’s applying those skills against all manner of criminals, and for free.

Zaidenberg is one of the founders of a rapidly growing international volunteer network that’s emerged to combat a crime wave targeting hospitals and critical infrastructure during the pandemic. The group, a team of more than 1,200 computer specialists and cyberwarriors, battles the toxic threat of phishing scams, malware hacks, and ransomware.

Hospitals and research labs have been overwhelmed with the physical challenges of treating patients for a disease that has no known cure. Online, they’re under attack in a cyber landscape that’s experiencing an unprecedented level of malicious activity. Since early February, when the coronavirus outbreak went global, IBM Corp.’s X-Force, which tracks online security threats, has seen a 4,300% increase in spam related to Covid-19. “When I saw some attacks on hospitals, I said, ‘I can’t sit on the fence anymore. I need to create something,’ ” Zaidenberg says.

He teamed up with Nate Warfield and Chris Mills, senior managers at Microsoft Corp., and Marc Rogers, executive director of cybersecurity at cloud security firm Okta Inc., to start Covid-19 CTI League in March. (“CTI” stands for cyber threat intelligence.) Although Zaidenberg didn’t give specifics about which organizations the volunteers are helping, he says they’ve neutralized ransomware and phishing attacks on hospitals and worked with law enforcement to take down malicious servers and websites.

The medical industry has always been a target for hackers looking to access sensitive personal data. Last year more than 750 health-care providers in the U.S. were hit by ransomware. Most of the recent attacks on medical centers have failed because administrators are boosting defenses, including by storing data offline and off-site, according to Wendi Whitmore, who leads the global intelligence response team at IBM.

Still, that hasn’t deterred criminals. “The attackers are becoming much more targeted,” Whitmore says. In one ransomware strike on an unnamed company, hackers demanded $25 million. “They knew exactly the value of the data that they’d encrypted,” she says. “They went after that knowing it was financially valuable but also damaging to [the company’s] reputation if it had gotten out.” Whitmore adds: “It’s only a matter of time, though, before a hospital that isn’t prepared is attacked and is forced to answer the question of whether to pay this ransom.”

The majority of the ransomware is coming from Eastern Europe, and in about 60% of the cases, the attackers are using stolen information as leverage, IBM data show. “We’re going to see larger attacks on the whole infrastructure,” Whitmore says. “Any part of the supply chain that enables us to do business as usual is a viable target right now for a ransomware attack.”

In the depths of the dark web, criminals are also coming up with new ways to make money. There’s malware tailored to the virus, and online sellers hawk allegedly resistant blood samples. Hacking tips related to Covid‑19 go for $300, according to Jon DiMaggio, a researcher at Symantec. In Italy, coronavirus-themed phishing campaigns spiked in the hardest-hit regions. “It just goes to show the current cybercriminals are trying to play on people’s fears,” DiMaggio says.

And with so many people working from home, using personal routers and messaging apps, the vulnerabilities have multiplied. The security tools that businesses use to guard online data are akin to fortresses protected by “moats and castles and high walls,” says Otavio Freire, chief technical officer at SafeGuard Cyber Inc., a cloud-based technology firm. “With Covid-19 they basically sent everyone out to the village,” Freire says. “They’re not going through the fort for their work anymore. Their email used to be protected, and now it’s not. And the hackers know this.”

CTI League isn’t alone in providing services to people experiencing cyberattacks. Some companies have offered free ransomware protection to health-care organizations, while others are holding webinars to educate employees about malicious campaigns.

In Tel Aviv, Zaidenberg fits in whatever sleep he can between his two jobs. “I believe we save lives. Anytime I see another case close or when someone sends a message saying ‘thank you,’ I finally feel less useless,” he says. “We can connect with each other, feel less lonely, and spend this horrible time doing some good.”

©2020 Bloomberg L.P.