Cybercrime Doesn’t Stop, Even During a Public Crisis
Recent evidence suggests that some cybercriminals are seizing the opportunity to take advantage of the COVID-19 health crisis. This week, a distributed denial of service (DDoS) attack was launched against the website of Takeway/ Lieferando, an online food delivery service in Germany that services more than 15,000 restaurants. Because of recommended social distancing procedures, many residents of Germany are ordering delivery of takeout food instead of going out to restaurants. As a result, that attack affected tens of thousands of restaurants and their customers.
According to BleepingComputer.com, the cybercriminals hit the website of Takeaway with a DDoS attack and then demanded a ransom payment of two Bitcoins (about $11,000) to stop the siege. The criminals tried to cash in on the situation, betting that the company would acquiesce by paying the ransom, but there is no report that the company did so. As of March 19 Takeaway reported via Twitter that its services were back online.
Most readers will agree that any DDoS attack is criminal, but it is deplorable that hackers would seek to cripple a company providing an important service to the community during a public health crisis. Another recent example of despicable cybercrime was the DDoS attack on the Health and Human Services agency website on March 15-16, as reported by the New York Times and other publications. Fortunately, the agency’s cyber defenses were strong enough to fend off the attack, but this incident underscores the fact that some cybercriminals never rest, and will show no moral compass in their agenda to exploit organizations, even if those organizations provide an important service to the public in a time of crisis.
These incidents also raise the specter of attacks on critical infrastructure, which now more than ever includes hospitals. The sad reality is that DDoS attacks can be launched relatively easily and inexpensively, so it is important that organizations — especially those that provide critical infrastructure — strengthen their cybersecurity postures to ensure business continuity.
One way that a bad situation can be made worse is by heaping a cybersecurity crisis on top of it. DDoS attacks can cause not only service degradation or stoppage, but also loss of revenue, customer trust, and brand reputation. Whether they are private or public, organizations cannot afford to let down their guard when it comes to protecting their networks and business applications.
Another important factor to keep in mind is that many people around the world are online at home because of the global pandemic, and they are relying on the Internet more than ever, whether for entertainment or teleworking. They may be more exposed than usual to predatory cybercriminals who are seeking ways to exploit them via phishing emails, ransomware, and other nefarious methods. Let’s hope everyone stays physically healthy during this terrible pandemic, and that they practice good cyber hygiene as well.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.
Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.