News, Culture & Society

Kaspersky detects fake NHS site that steals credit card data

Kaspersky Founder and CEO Eugene Kaspersky believes cyberattacks on hospitals during the COVID-19 pandemic are on par with terrorist incidents.  

In an online press conference on Wednesday, April 22, Eugene Kaspersky said that despite the current social distancing measures in place around the world, there will be very little impact on the cybersecurity landscape.  

‘Cybercriminals are very likely to stay active,’ he said. ‘They are used to working from home and their circumstances have not changed drastically.

‘They will keep trying to attack businesses and individuals and it is our job to keeping working hard and defend our customers. 

‘Any attack made on a hospital at this time can be seen as equivalent to a terrorist attack.”

Also present during the virtual meeting, Costin Raiu, Kaspersky’s Director of Global Research and Analysis Team, said he would like to see any malicious individuals or groups that carry out attacks on healthcare organisations heavily reprimanded.

‘The message must be clear to cyber criminals that anybody targeting medical institutions will be hunted down by LEAs and cybersecurity companies like ourselves to make sure they are brought to justice,’ Raiu said.  

While pressure may be on medical institutions to keep their systems secure, the current circumstances have made this a greater challenge than usual, Raiu believes.  

‘People in hospitals are understandably having to concentrate on looking after their patients and saving lives,’ he said. 

‘They are not necessarily worried about updating their systems. 

‘They may also be managing and prioritising resources differently and if they need to choose between investing in cybersecurity solutions or buying medical equipment, there is only one clear choice.’

Regarding the general threat landscape, the last months have seen a rise in opportunistic and targeted attacks, with spear phishing campaigns in particular targeting users with fake coronavirus-related advice.  

‘We are seeing a spread in COVID-19 messaging to trick people into opening malicious links or attachments and downloading malware,’ said Yury Namestnikov, Kaspersky’s Head of Global Research and Analysis Team for Russia.

‘We saw 43 per cent growth in this sort of attack between January and March 2020.’ 

Since the outbreak, social tracking applications have been developed to inform civilians if they have recently been in contact with somebody who has contracted the virus. 

While these applications are being created to benefit humanity, there are some reservations and concerns about how such technology could impact personal privacy. Yury Namestnikov said.

‘This technology should be implemented if it can save lives,’ he said.

‘But managing such large amounts of data must be done correctly and properly secured and encrypted to keep information safe. 

‘If done so correctly and transparently, authorities can check which organisations have collected and used this data.’

Costin Raiu hopes that any apps that are released are only needed as temporary measures and businesses do not see them as an opportunity to monetise personal data. 

‘We face an impossible choice,’ he said. 

‘Mobile tracking is used to tell others about who they have been in contact with and the best way to keep yourself safe is to stay at home. 

‘We must put this technology behind us when we go back to normality and hope it is not a permanent part of society.’ 

Kaspersky said that as a company it has adapted well to the outbreak, transitioning its workforce to working from home.   

‘One day, this will all be over, and everyone will want to see each other again in person,’ the founder said. 

‘Quite often, face-to-face connections are the best way for people to interact and I enjoy seeing so many people in my working life. 

‘But we can also take advantage of the technology we are benefiting from now. 

‘For instance, this year we have postponed our Security Analyst Summit but this year we can run two ‘versions’ of the same conference – a physical one and an online one. 

‘Businesses can plan now for when we go back to normal and build stronger customer relationships.’