Cyber Volunteers 19 (CV19) to the rescue to protect Australian healthcare

‘Protect, prevent and respond’ to attacks during evolving COVID-19 crisis

Four members of Australia’s information security community have hatched the local arm of Cyber Volunteers 19 (CV19), a group of cyber security professionals eager to fight hackers and cybercriminals taking advantage and attacking the healthcare system during the Coronavirus (COVID-19) pandemic.

Inspired by the original UK group, CV19, Dan Goldberg, Jacqui Loustau, Gareth Willis, and Louisa Vogelenzang have joined forces to help provide cybersecurity support to healthcare services across Australia – and they’re looking for more cyber volunteers to come forward.

With the COVID-19 coronavirus outbreak hitting over 430,000 people globally, experts anticipate cybercriminals to ramp up activities and exploit the ongoing fear and confusion surrounding the global crisis.

“We’re a group of cybersecurity volunteers from multiple sectors/companies with different skill sets. We all want to help healthcare companies and other critical small businesses during this crisis. Understandably, cybersecurity may not be top of mind at the moment for many of these companies, but it could take just one ransomware to stop them from being able to save precious lives,” said Jacqui Loustau, AWSN founder and head of product for Cynch Security.

“The volunteers within this group want to be there and help them in their time of need. We have a great cybersecurity community in Australia, where everyone wants to play their part and assist those in the frontline.”

Sadly, Loustau said cybercriminals are already taking advantage of this crisis situation.

“People are displaced, panicking and priorities have changed. Many healthcare companies, along with other businesses, are going remote for the first time, which brings all kinds of concerns when your staff are working in a potentially insecure online environment,” Loustau said.

According to a Forbes article announcing the birth of the UK volunteer group of cyber heroes, attacks on medical facilities on standby to test coronavirus vaccines are already underway, and healthcare workers are already being targeted by a dangerous new Windows ransomware campaign.

Despite some criminal groups – particularly ransomware operators – claiming they will spare health and medical organisations during the coronavirus pandemic, already a hospital in the Czech Republic researching a vaccine has been cyber attacked and cannot be serviced.

At the same time, a hospital in Illinois in the US undergoing treatment for patients with COVID-19 has announced the system is ransomware-infected.

Meanwhile, the Australian Cyber Security Centre (part of the Australian Signals Directorate) recently warned of scams and phishing attempts, as criminals continue to try to take advantage of the global disruption.

According to Scamwatch, a website run by the Australian Competition and Consumer Commission (ACCC), it has received 94 reports of COVID-19 scams since the beginning of the year, but those numbers are expected to rise significantly.

Australian CV19 founding member, Dan Goldberg, said he’s not only inspired by the UK chapter, but also inspired by the incredible efforts of the health professionals in this trying time – and the frontlines of healthcare needs assistance the most.

“We have an amazing cybersecurity community here who genuinely want to help. It doesn’t take much of my time compared to the tireless hours our healthcare workers face ahead. It was this that inspired me to look for ways to help,” said Goldberg, Cybza principal partner.

“I was already posting and rallying our cybersecurity community here in Australia to assist. When fellow colleagues banded together for the UK initiative of CV19, it was necessary to put out the call of ‘helping in cybersecurity’ here in Australia to action.”

Asked his next steps, Goldberg said with the core group already formed, it’s now time to reach out to the cybercommunity and community at large for volunteers to come forward.

“We’ve already started to put together an infrastructure and network to reach out to and support the healthcare professionals. But it will take our cybersecurity community to step up to address the cybersecurity concerns and safety of our healthcare.

“We’re genuinely ready to hear from everyone – cyber professionals and vendors  – willing to donate their time, services and solutions.”

Echoing Goldberg’s call for cyber volunteers to step forward, Australian founding member, Louisa Vogelenzang, said her main message to the healthcare professionals at this time of crisis is to have faith in the cyber community.

“We want them to know, we have got your back. We are here to assist them in any way we can, to help reduce the impact of cybercriminals looking to profit from this health crisis,” said Vogelenzang, Associate Manager Director – Identity Theft and Breach Notification at Kroll.

Vogelenzang said the Australian chapter will be following UK CV19’s Code of Conduct, which can be summed up as: be honest and supportive; always act with integrity; be kind and respectful to other volunteers; be flexible and collaborative; and trust and use everyone’s expertise.

“We will absolutely be following these guidelines and as we are in regular contact with the UK founders, we will also be ensuring we are regularly sharing ideas with each other as well as other entities as they come onboard.”

Final founding member, Gareth Willis, said he’d like to see CISOs, penetration testers, and security researchers join the efforts – similar to the people already involved in the UK.

“We see a very similar cohort required here in Australia, but initially we need incident responders and operational security/blue team expertise.

“We want anyone with experience and expertise across the cybersecurity spectrum – they will be a valued and welcome part of the effort,” said Willis, who’s the Director of One Dot Zero, founder of Cognitive Security, Branch Chair of AISA (Australian Information Security Association) and SecTalks and Advisory Board Member at SANS.

“During this time, we all need to serve our communities as best we can. The cybersecurity community in Australia is small, tight knit, and I have no doubt it will step up during this crisis,” he said, explaining his spouse and many close friends are working on the frontline of healthcare.

“These people are the true heroes and we’ll do whatever we can to support them. Wherever possible, we will use our collective skill set to defend and recover the technology platforms that our communities rely on.”

Also lending a hand in the cybercrime fight is Source2Create (S2C), a newly hatched media and marketing services firm that joins the CV19 cyber team as the media volunteer.

“As a member of the security community for over 15 years, I know there are amazing cyber champions out there who can offer support and help protect the healthcare community,” said S2C co-founder Abigail Swabey.

“Not only do I support the volunteers coming forward, but I also want to communicate their efforts and spread the message about CV19’s efforts. Source2Create is honoured to be a CV19 media volunteer – and we want to share the important stories with the wider community.”

Volunteers with cybersecurity skills willing to donate their time to the cause can request to join the closed LinkedIn group https://lnkd.in/fHZRCAx

Vendors who would like to register their pro-bono product and service offers can reach out to any of the founders directly via LinkedIn.