Australia’s health insurance sector has been a prime target for cyberattacks by malicious criminals throughout the pandemic, according to Palo Alto Network’s research.
The company’s study, conducted by Unit 42, a threat intelligence team, revealed the government and energy sectors were next in line when it came to cyberattacks, predominantly exploited through Business Email Compromise (BEC).
“The most striking revelation from the study is that cyber criminals never waste an opportunity when a crisis comes around,” said Sean Duca (pictured), vice president, regional chief security officer – Asia-Pacific & Japan, Palo Alto Networks.
“They will typically leverage any crisis – in this case, COVID-19 – because they know that people just have this thirst for knowledge and information.”
In what has become one of the world’s most lucrative crimes, amounting to $1.77 billion in losses last year, Duca says cybercriminals have created more than 1.2 million fraudulent domains focusing on COVID-19 in the last few weeks alone.
“Some of them may have actually contained content, some could have malicious content, and some of them were just simply set up so they could be used for some other nefarious activity in the future,” Duca explained. “… cyber criminals are just basically trying to leverage that we are hungry for information, so they’ve created fake applications that help us map out where people who are infected with COVID-19 are and how you can start to track this in real time.”
One example is emails containing malicious attachments or links, with subject lines ranging from: “COVID:19 - FACIAL MASKS NEW ORDER”, to “latest vaccine release for coronavirus”, to “COVID-19 Supplies”.
On March 23 this year, a campaign was discovered with several phishing emails sent to an Australian health insurance provider. The subject and attachment were meant to portray an order form for new face masks.
Throughout these attacks, cybercriminals’ main objective has been to steal information from their victims, prevent them from gaining access to it, or to compromise it altogether.
“They’re using phishing techniques, which can be used later on for identity theft,” Duca explained. “We’ve seen [BEC] attacks, where you could be someone in accounts payable and a cybercriminal can send you an email and say: ‘Hey, we’ve actually updated our bank account details. Rather than sending your invoices or your payment to this bank address, please actually update this through *insert account name* over here.’”
This common attack often leads the company’s money straight into the pockets of the criminals.
“They’re relentless in their position of trying to get access to our information and a lot of it is actually financially motivated as well,” Duca said. “That’s pretty much the crux of it.”
Cybercriminals are also targeting the insurance industry by exploiting customers with fake products.
“There’s no reason why someone can’t actually create fake insurance information or an insurance website saying ‘do you actually have coverage for COVID-19?’ They could literally sell a fake product, a fake insurance policy as well,” Duca said.
“There’s a multitude of different ways that they can sort of tailor something to really just create that sort of pressure cooker situation, where they go ‘act now before this sale or introductory offer ends’.
“Your mind can go far and wide in coming up with ideas, but these are things that cyber criminals do – they just sit there and they’re going to find innovative ways to try and trick us.”
The most efficient way to combat cybercriminals and cyberattacks, according to Duca, is simple – raise awareness and educate and train people.
“We need to raise awareness with people about what’s going on and then at the same time we need to ensure we’ve got a process,” he said. “Think about when you go to a bank where maybe you’re withdrawing a large amount of money, you need a cheque or there’s some sort of application… There’s usually two people that get involved.”
Another fundamental problem is people reusing old passwords regularly. Duca says having the same password across multiple accounts is one of the biggest vulnerabilities for an employee.
“If you work in payroll, you should not be using the same username and password because someone could actually change or steal that username and password and use it to access every single application that you use in payroll,” Duca explained.
By creating multi-factor authentication, whereby three separate and unrelated pieces of information or even fingerprints are used to log in to accounts, Duca says the risk of an attack can be substantially reduced.
Moving into a cybersafe future will require change, however. Duca says over the past 20-years the world has repeated the same measures to try and counter cybercriminals with little success in stamping them out.
“The big thing I want to stress is ‘do different’,” he said. “Because whatever we’ve done over the last 20-years to protect our customers and to secure our organisation, is probably that same playbook.
“Take the quote from Albert Einstein ‘the definition of insanity is doing things over and over again and expecting a different outcome’. And I think now, more than ever, we need to think about doing things differently.”