An all-volunteer force of roughly 1,500 technology professionals has teamed up to fight the thousands of cyberattacks on hospitals and the medical sector during the coronavirus pandemic.
Since springing into action last month, the Cyber Threat Intelligence League says it has taken down more than 2,800 cybercriminal assets online, including counterfeit sites designed to look like the World Health Organization, the United Nations and U.S. government organizations.
Marc Rogers, a freelance technology researcher who helped create the CTI League, said the pandemic has been a veritable “gold rush” for bad actors looking to exploit people’s fears.
“I’ve been using the phrase ‘world cyber wars’ because it’s literally the largest volume of cyberattacks I have ever seen at any one time,” Mr. Rogers said. “We’ve seen these kinds of attacks happen in the past whenever there’s a major global event, something like the Olympics.”
Mr. Rogers, who heads security for the DEF CON hacker conference in Las Vegas, said many of the bad actors appear to be amateurs. They are using old techniques or unsophisticated methods, but they recognize an unprecedented level of uncertainty that can be leveraged against vulnerable people everywhere.
CTI League began as a small outfit of Mr. Rogers and his IT security-minded colleagues Ohad Zaidenberg, Nate Warfield and Chris Mills. They didn’t expect the group to grow beyond their circle of friends.
But the group’s membership swelled to span 76 countries and includes members from government, law enforcement, the medical sector and nonprofits around the world.
“You’d imagine getting info-sec professionals and hackers and law enforcement to all work together would be hard, but it’s not. It’s just worked out really well,” Mr. Rogers said. “Everyone has the same goal in mind, which is we need to protect the medical sector during this troubling time and so everyone’s getting on with it.”
The attackers come from nearly every country and are speaking nearly every language, according to the group. The CTI League does not disclose the names of victims.
In its first report on the cyberattacks it has fought, the CTI League detailed a handful of cybercriminals impersonating the Centers for Disease Control and Prevention and the Department of Health and Human Services.
The CTI League said it notified the FBI about companies compromised by cyberattackers.
The FBI also has reported a spike in cybercrime.
Complaints of cybercrime to the FBI nearly tripled since the outbreak of the coronavirus, said Tonya Ugoretz, FBI cyber division deputy assistant director.
Some attackers had impersonated the Treasury Department, she said.
Mr. Rogers said he hoped that the increased collaboration created by the CTI League to tackle cybercrime should continue after the coronavirus crisis ends.
“Just like we’ve seen during other major threats like during world wars when all the citizens of the world come together and push against something, we can make real differences,” he said.