
Hackers target WHO as coronavirus cyberattacks spike - Quanttek
https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idUSKBN21A3BN
======
ogig
Spanish police reported targeted ransomware attacks to hospitals and clinics.
The lure are emails pretending to be updated covid medical information. It is
very sad somebody out there is willing to try this right now.

~~~
toxik
It would be very interesting to know where these funds end up, and whose
initiative it is. Clearly it is organized.

~~~
netsharc
If I read between the lines, you want to say "state-sponsored"?

Maybe it is, but criminals be criminalin'. A ransomware author probably has a
warped mind and is always looking to see what bait would get him the most
clicks.

------
IAmEveryone
Which domain registrars do these attackers use? Where do they host? Are they,
perhaps, helped by large CDN providers happy to anonymize their traffic?

I’m not saying that I would like to see anonymity become impossible online.
But I am predicting that if people die as infrastructure or institutions
succumb to attacks mediated by such services, they will no longer be allowed
to throw up their hands and pretend to be incapable of making the most obvious
judgements of the customers they serve.

I haven’t heard of a single service requiring anonymity for a legitimate
purpose in any democracy. Maybe there are oppositional blogs in Iran and China
with actual impact? If you believe so, that ability will soon go away if
everyone continues tolerating a situation where 99%+ of the use of this
freedom is for nefarious purposes.

The Pirate Bay and Sci-Hub haven’t survived because they are they are
technologically more sophisticated than everyone else. They are benefactors of
a certain twilight zone, where societies may have rules but not quite enough
motivation to expend their power on fully enforcing them. But if, in that
twilight zone, things are allowed to flourish that escape the niche and harm
people out in daylight, things will change almost instantly.

It’s trivially easy to detect domain names intended to mislead: whó.net, or
paypál.com. Banning those might be a good first step. There may be borderline
cases, but that doesn’t prevent anyone from acting on the obvious ones, in the
same way that I can confidently say that Yosemite is a forest and a parking
lot is not, even though I might not be able to define the exact number of
trees required for a forest.

~~~
DyslexicAtheist
> It’s trivially easy to detect domain names intended to mislead: whó.net, or
> paypál.com

I've written a linux kernel filter that let's you do blocking for this exact
case few weeks ago. no performance overhead since it uses the
NFQUEUE/NFNETLINK kernel subsystems. I was pretty sure I'd be the only one
ever using this but seems that hospitals or anyone who wants to block this on
a gateway level would benefit.
[https://github.com/DyslexicAtheist/nfq/](https://github.com/DyslexicAtheist/nfq/)

------
alialghamdi
Any idea how are other businesses affected by this? Especially business that
didn't provide WFH before this happens. My assumption is that they didn't have
enough time to tighten their VPN's security.

