As hackers and cybercriminals dial up the vile attacks against healthcare, these are the volunteer cyber-protectors out to thwart them.
Cybercriminals are doing all they can to exploit the fear and confusion that the COVID-19 pandemic has brought with it. This exploitation does not stop at the hospital, medical facility, or healthcare service entrance. Staying on top of their cybersecurity game might not be the highest priority within those organizations right now, but it is nonetheless vital. It only takes one successful ransomware attack to have a life and death impact on patient care potentially.
With attacks on medical facilities that are on standby to test coronavirus vaccines already underway, and the news that healthcare workers are being targeted by a dangerous new Windows ransomware campaign, the need to protect those working hard to protect us cannot be overstated.
One newly formed group of information security professionals, including company CISOs, penetration testers, security researchers, and more, have vowed to do all they can to help provide cybersecurity support to healthcare services across the U.K. and Europe.
What is CV19?
Cyber Volunteers 19 (CV19) was started after a discussion between three prominent members of the information security community regarding what they could do to help during the coronavirus crisis. That discussion was only a week ago, and things have moved very fast indeed. CV19 now has an official online presence in the form of a website, a LinkedIn group and on Twitter as Cv19Cyber.
I’ve been speaking to the CV19 founders to find out more
Lisa Forte is a social engineering and insider threat expert, and a partner at Red Goat Cyber. I asked her about the motivation to establish CV19. “We started CV19 to create a community of skilled cyber professionals willing to volunteer their valuable time to organizations on the front line of the fight,” Forte says. Within the space of a single week, CV19 now has more than 3,000 volunteers, as well as being the inspiration for other groups to start similar projects in Australia and the Middle East. “We are putting aside our differences to form a united group who want to a message to healthcare organizations,” Forte says, that message being “we have your backs.”
Radoslaw Gnat, a veteran information security professional, has a very personal motivation for being involved: two of his children were recently diagnosed with virus-unrelated pneumonia, and healthcare practitioners are helping them. Radoslaw sees this as an opportunity to contribute back. “We are just a group of people that is using our skills and contacts to help people that are the first line of defense against COVID-19,” Gnat says. Those skills cover incident response, research, risk management and training services, among other things.
Daniel Card, a self-proclaimed “Cyber Ninja Warrior” and founder of the PwnDefend capture the flag games, has issued a call for more people to help CV19 with its work. Alongside the enormous amount of work that is going into enabling technology solution providers and infosec professional volunteers, Card says that CV19 “must ensure that the work we do is conducted in line with our mission to help, not hinder.” To facilitate this, CV19 has published a code of conduct that provides a shared understanding of how everyone should work together during this time of crisis. The too long, didn’t read (although you really should read all of it if you want to get involved) can be summed up in five working principles:
1. Be honest and supportive
2. Always act with integrity
3. Be kind and respectful to other volunteers
4. Be flexible and collaborative
5. Trust and use everyone’s expertise
What one CV19 volunteer is doing
I also spoke to Ian Thornton-Trump, CISO at threat intelligence specialists Cyjax and a CV19 volunteer. “I knew immediately how much help the NHS Trusts needed from all my research on WannaCry and being a very outspoken voice on the healthcare attack surface at a recent conference. When Dan and Lisa reached out, I was all in as they say, and my team was 100% behind this effort.” As Cyjax is in the threat intelligence business and already works with organizations such as law enforcement, it was natural for the company to apply analyst and dark web research teams to threat model attacks on the healthcare sector. “The result was our ‘TLP Amber’ report, bespoke produced for the healthcare attack surface released through CV19.” TLP refers to the traffic light protocol created to facilitate information sharing, amber meaning the information can be shared with members of the organization and those clients who need to know to prevent further harm. “During this pandemic, it’s clear cybercriminals are looking to profit, and APT actors are looking undermine our governments and the services they are delivering to an anxious public,” Thornton-Trump says, “as a result of this, we are releasing a ‘TLP Green’ version of this report today.” This means it can be distributed without restriction, subject to standard copyright rules, of course.
How can you help CV19 protect healthcare services?
If you, or your organization, would like to help with the CV19 volunteer effort to support the healthcare sector, then you can “join the LinkedIn group and register your interest there,” Forte says, adding “you can also follow our Twitter account or visit the website for updates.”
Using threat intelligence to fight hackers intent on exploiting COVID-19 for personal gain
Another volunteer group, this time consisting of some 200 cyber professionals, has started with the aim of fighting those hackers and cybercriminals that are exploiting the coronavirus pandemic. The community group was started by Ohad Zaidenberg, the lead cyber intelligence researcher at Clearsky Cyber Security, and Nate Warfield, an information security professional who does threat intelligence research in his spare time. “Threat actors that leverage this crisis can cause death,” Zaidenberg says, “I thought a lot about how I could contribute to the global community in this crisis and understood that this is my way to give back.” Within the space of a week, this community has grown to 200 strong with people from Europe, Israel, North America and Japan among its number. “We have only just started,” Zaidenberg says, “but have already found a few vulnerabilities in the medical sector.” The group also shares skills, hunting methods and engages in discussions with a view to creating a “huge database of threat indicators,” according to Zaidenberg. If you want to get involved, then you should contact either Zaidenberg or Warfield on Twitter using the links above.