A Volunteer Cyber Group Formed To Protect Hospitals During the Pandemic Releases Its First Report

An organization founded by vigilantes seeking to protect healthcare workers from digital threats during the COVID-19 pandemic has released its first report, which details cybercrime activity against global healthcare entities since pandemic lockdowns began in March of last year. 

The report by the CTI League, a global non-profit, drew on intelligence collected within the deep and dark web to parse trends across four categories of threat activity: ransomware, disinformation, phishing, and fraud. In line with previous reports on the sector, it found that cybercrime had accelerated during the pandemic as criminals exploited the rapid transition to remote work and the psychological pressures produced by the global health crisis.  

“As we continue to adjust to our new reality, threat actors are doing what they do best and taking advantage of fear and uncertainty,” said Shawn Richardson, a CTI Volunteer who spoke at a Wednesday press briefing for the report. “Threat actors have increased their attacks against healthcare organizations, hospitals, and medical research facilities at a time when they are most under duress and fatigue.” 

The report joined a growing chorus of cybersecurity experts and policymakers in ringing the alarm bell on the rising threat of ransomware, in particular. 

Citing a “dramatic uptick” in ransomware attacks during the last three months of 2020, the report warned that the malware will continue plaguing the sector into the new year, in part due to the growing market for initial access brokers, who establish a foothold in healthcare IT systems and then sell access to the highest bidder. 

It also found that weak passwords and unpatched software in remote connectivity systems represented the most common entry point for ransomware attacks in the healthcare sector—a finding it deemed “surprising” in light of prevailing wisdom that most ransomware attacks stem from phishing or social engineering. 

In issuing the report, the CTI League took another step in its transition from a loosely organized, ad-hoc grouping of volunteer cybersecurity experts to a trusted resource for overworked healthcare, intelligence, and law enforcement officials. 

In a press release, Ohad Zaidenberg, executive director of the CTI League, hailed the organization’s global community of volunteers who stepped up to defend those on the front-line of the pandemic. 

“This report is a product of an extensive joint effort by our darknet team of experts—volunteers from around the world that dedicated their free time contributing and prioritizing efforts for protecting the medical sector, hospitals in particular, and other life-saving organizations,” said Zaidenberg. 

The CTI League counts 1,400 members across 76 countries, including representatives from law enforcement, cybersecurity and technology companies, hospital IT teams, Computer Emergency Response Teams (CERTS), and government, according to the group’s website. 

The organization has worked closely in the past with the Department of Homeland Security and its Cybersecurity and Infrastructure Security Agency. Last October, after CISA warned of an imminent attack against the U.S. healthcare sector, the CTI League formed a 28-member emergency task force to assist the government and affected healthcare entities.