The Sunday cybersecurity attack was designed to slow down the agency's systems as it tries to grapple with the spread of COVID-19.
The U.S Department of Health and Human Services was the victim of a cyberattack on Sunday as the federal government attempts to deal with the coronavirus crisis, according to a report from Bloomberg. Citing three people familiar with the matter who wished to remain anonymous, Bloomberg said that the attack was intended to slow down the agency's servers by overloading them with millions of hits over a period of several hours.
In a statement released Monday, HHS confirmed that a cyber incident did occur on Sunday.
"HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities," Caitlin Oakley, HHS spokesperson, said in the statement. "On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter. Early on while preparing and responding to COVID-19, HHS put extra protections in place. We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure."
Just before midnight after the attack, the Nation Security Agency posted the following tweet: "Text message rumors of a national #quarantine are FAKE. There is no national lockdown. @CDCgov has and will continue to post the latest guidance on #COVID19. #coronavirus"
The tweet was related to the hacking and to the release of disinformation after the government learned of the cyberattack and the circulation of false information, one of the sources told Bloomberg. As such, the tweet was partly intended to respond to the hacking, which involved multiple incidents. Secretary of State Michael Pompeo and other Trump administration officials are aware of the incident, one of the sources added.
The attack didn't appear to actually slow down HHS' systems in any "meaningful way," according to the report, nor does it appear as if the hackers stole any data. Further, HHS officials assume the attack was carried out by a hostile foreign actor, though there is no proof of that at this point. Paul Nakasone, who heads the National Security Agency and U.S. Cyber Command, is looking into the situation, one of the sources told Bloomberg.
"The U.S. Health & Human Services (HHS) fell victim to a Distributed Denial of Service (DDoS) attack yesterday when several endpoints controlled by a nation-state attacked their networks," Stephen Boyce, principal consultant at risk management and digital forensics firm Crypsis Group, said.
"DDoS attacks are not sophisticated, but the timing of the attack and potential motive raises significant concern," Boyce added. "The goal of these attacks is to prevent legitimate users from accessing HHS websites and systems. These attacks could also be a precursor for a larger attack that may result in data access and or exfiltration. The most prominent targets of such attacks are institutions that are providing information to the public regarding COVID-19. These institutions include: local, state, federal, and tribal government agencies, media outlets, pharmaceuticals companies, and healthcare industries. We should expect more DDoS attacks on the institutions mentioned above and an increase in spear-phishing attacks as well."
However, without more information available, one security expert cautioned against making certain assumptions.
"We should not jump to conclusions and assume the attack was nation state affiliated," Rick Holland, CISO and vice president of strategy at digital risk protection provider Digital Shadows, said. "Incident response takes time, and as this just occurred last night, more time for investigations will be required. Based on reporting, this appears to be some sort of denial of service attack and the barrier to entry for DOS attacks is low."
As the coronavirus outbreak ramps up, hackers and cybercriminals have been taking advantage of the crisis for their own malicious reasons. Cybercriminals have been discovered spreading malware through emails and links related to the coronavirus. Phishing emails claiming to be from the Centers for Disease Control and Prevention and the World Health Organization have arisen in an attempt to steal email credentials and other sensitive information.
"As we hunker down and try to fight coronavirus, we should expect cyberattacks to continue, and to be seen as more and more opportunistic," Thomas Hatch, CTO and co-founder at intelligent IT automation software firm SaltStack.
"There are a number of attackers and motivations that can be fulfilled," Hatch said. "A nation state hostile to the US will want to damage our response times to coronavirus. Petty thieves will assume that classical attacks are going to be more effective because cyber defense staffing is likely distracted right now dealing with the influx of issues that come from a demand shift for specific services. Organized groups are likely empowered by the situation and will want to take advantage of it. They can attack specific services, particularly financial institutions because of the overall distracted nature of the defenders."
The UK's National Cyber Security Centre (NCSC) has issued warnings about criminals exploiting the coronavirus through phishing emails, malware, and other threats.
This story has been updated with a statement from HHS and responses from security experts.
- The latest cancellations: How the coronavirus is disrupting tech conferences worldwide (TechRepublic)
- The tech pro's guide to video conferencing (TechRepublic download)
- Coronavirus domain names are the latest hacker trick (TechRepublic)
- Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
- As coronavirus spreads, here's what's been canceled or closed (CBS News)
- Coronavirus: Effective strategies and tools for remote work during a pandemic (ZDNet)
- How to track the coronavirus: Dashboard delivers real-time view of the deadly virus (ZDNet)
- Coronavirus and COVID-19: All your questions answered (CNET)
- Coronavirus: More must-read coverage (TechRepublic on Flipboard)