Hackers try to meddle with the coronavirus pandemic response

In April, hackers targeted top officials who were working on the global response to the pandemic. While the World Health Organization itself wasnt hacked, employee passwords were leaked through other websites. Many of the attacks were phishing emails to lure WHO staff into clicking on a malicious link in an email that would download malware onto their device.

Users of internet forum 4chan, which is now a breeding ground for alt-right groups, circulated over 2,000 passwords they claimed were linked to WHO email accounts, according to Bloomberg. Details spread to Twitter and other social media sites, where far-right political groups claimed the WHO had been attacked in a bid to undermine the perceived veracity of public health guidelines.

There is definitely a political aspect to many [cyberattacks] and they will sometimes do it to gain a political advantage or send a message to an adversary, said Adams. Or maybe its just to put that adversary on the defensive to see how they behave.

In another example of hackers seizing upon the pandemic zeitgeist, some sent phishing emails impersonating the WHO and urging the general public to donate to a fictitious coronavirus response fund, not the real COVID-19 Solidarity Response Fund.

The FireEye attack exposed a major breach of the U.S. government

When California-based cybersecurity company FireEye discovered that over 300 of its proprietary cybersecurity products had been stolen, it uncovered a massive breach that had gone undetected for an estimated nine months. That breach extended to over 250 federal agencies run by the U.S. government, including the U.S. Treasury Department, Energy Department, and even parts of the Pentagon.

But the breach didnt start with FireEye. The attack began when an IT management software company called SolarWinds was hacked, causing some of its most high-profile customers to be breached, including Fortune 500 corporations like Microsoft, Intel, Deloitte, and Cisco. This domino effect is known as a supply chain attack, where the infiltration of one companys cybersecurity defenses renders all of its customers vulnerable to attack.

Hackers also monitored the internal emails of the U.S. Treasury and Commerce departments, according to Reuters, which broke the news of the cyberattack in mid-December. Government officials and cybersecurity experts say that Russias Foreign Intelligence Service, known as SVR, is behind the attacks. Investigators are still piecing together the details of the breach to surmise the hackers intentions.

Software companies are prime targets for cyberattacks for two reasons. First, theyre under immense pressure to release new iterations and updates ahead of their competitors, which can mean cutting corners on cybersecurity protections.

This is something that has plagued the software industry in general for the last twenty to thirty years, said Adams. If there are delays in getting that next product or update out it just doesnt look good because thats revenue sitting on the table.

Secondly, attacking a software company enables hackers to breach more victims than if they targeted a single company or government entity. When a software company is hacked and the breach goes undetected, hackers need only infect a new software update or patch to breach the companys customers. When the company unwittingly ships the infected software, all of its customers who download it inadvertently install the hackers malware onto their systems.

Hackers try to meddle with the coronavirus pandemic response Confidentiality Integrity Availability Question 4 (0.2 points) The FireEye attack exposed a major breach of the U.S. government Confidentiality Integrity Availability