The database used to track COVID-19 by the Swedish Government, SmiNet, was forced offline last week. The team at SmiNet noticed multiple intrusion attempts which led to an investigation of the activity. Although the group does not believe any information was accessed by an unauthorized party, COVID test stastical results in Sweden could not be reported on properly for almost two days. SmiNet does not plan on giving any further updates until the investigation is finished, “More time is needed to ensure that the statistics are complete, so that a reliable assessment of the epidemiological situation can be made. Therefore, the next update of the statistics on cases of COVID-19 will be on Thursday, June 3.”
Although investigations are still ongoing, attempts at accessing information may continue. To protect against these attempts, organizations should consider actively hunting for threat activity across endpoint and network devices – it is important to not only collect detailed event logs in a centralized log aggregation server, but also to dedicate the time and energy of threat hunters and security analysts to detect anomalies in the events reported in the logs and respond quickly to stop intrusion attempts in the early stages.