With the country in the midst of a developing pandemic and in need of accurate information and resources, government agencies like the Centers for Disease Control (CDC) and the U.S. Department of Health and Human Services (HHS) are vitally important. Criminals will always endeavor to exploit these types of events for their own malicious purposes. Vigilante was recently alerted to a self-described “researcher” who claimed they discovered a vulnerability on HHS’s site that exposes the personal information of individuals associated with HHS. The actor who alleges this uncorroborated discovery has a track record of finding data leaks and harassing HHS and other government entities about his findings and is known within a small circle of threat actors and “grayhat” researchers.

  • This individual has so far unsuccessfully tried to get media to report on specifics of the unpatched vulnerability, which if widely broadcast would put HHS and its mission at greater risk to more malicious actors and more damaging attacks.
  • In a possibly connected event, Vigilante was also alerted to a separate actor in January who shared the exposed information of HHS employees on a Deep and Dark Web forum, which suggests that some threat actors were already probing HHS for some time and may have also found a data leak months ago.

This potential exposure of an HHS vulnerability comes right on the heels of another cyber threat to HHS systems earlier this same week. This Sunday, threat actors launched what appeared to be a DDoS (Distributed Denial-of-Service) attack on HHS that started a media frenzy.

  • A DDoS attack can disrupt an organization’s functioning by flooding the service or network with so much traffic that normal activities and traffic cannot continue, but it does not usually do any lasting or major damage if the organization knows what it is doing.

    Organizations can recover from a DDoS attack, but it does take some time and finesse. For example, as you begin to bring your network devices back up, there is a chance that pent up traffic could overload your systems again and make it appear as if you are once again under attack. In short, as long as you have an ordered way to bring your systems back online, the fallout will be minimal.”                       — Adam Darrah, Vigilante’s Director of Intelligence.

  • Unfortunately, a major news outlet hyped the story about a “cyberattack” on HHS with “multiple incidents of hacking,” starting a media frenzy. The hysteria about a “breach” and “multiple hacks” was somewhat understandable, as earlier in the week, a Czech hospital involved in treating patients with COVID-19 had been attacked with ransomware. For added dramatic measures, some sources started speculating that the attack on HHS was by Iran. But as more facts emerged, it appeared that HHS had noted some increased activity on its network that was likely a DDoS attack, but there had been no evidence of any breach or serious attack.

During times of uncertainty, chaos, and heightened geopolitical tensions, threat actors of all stripes step up to make a name for themselves at the expense of common decency. This is who they are. And in the background, there are imperfect but very competent professionals who are standing the watch to safeguard critical systems.