Government-backed hackers are attacking healthcare and research institutions in an effort to steal valuable information about efforts to contain the new coronavirus pandemic, the United Kingdom and the United States have said in a joint warning. In a statement on Tuesday, the UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) said the hackers had targeted pharmaceutical companies, research organisations and local governments.
In a time of crisis, pushing cybersecurity to the back burner might be tempting. Many believe that using strong passwords or two-factor authentication is too much trouble when you have so many other concerns.
In fact, now is the very best time to evaluate and strengthen your security posture. A joint alert from DHS and NCSC shows that threat groups worldwide are taking advantage of current stress and upheaval to attack a variety of targets.
In particular, nation-states, driven by intense competition towards COVID-19 mitigations, are employing credential spraying techniques to gain access to healthcare, pharmaceutical, research, and similar types of organizations. Credential spraying attempts to use common, weak passwords across a list of user names which are harvested ahead of an attack.
The DHS/NCSC alert also mentions the importance of upgrading infrastructure and services. Outdated software and software components often have known vulnerabilities that can be exploited by attackers looking to gain a foothold in an organization. The alert has a list of excellent recommendations around password security and infrastructure maintenance.
None of this is new. The only thing that has changed is the intensity of the attacks, coupled with a shaken workforce that must work harder to make good decisions every day.
This joint UK and US advisory highlights how important it is that organisations do not ease on cybersecurity investment or controls during the pandemic. Criminals and state-sponsored actors are just as active as ever and will use this time where the focus is on the pandemic to gain access to organisations and critical infrastructure.
Pandemic or not, cyberattacks continue.
It’s vitally important that these organizations have a good handle on their vulnerabilities. It may not be possible to fix every single vulnerability, but you have to know you have them before you can effectively prioritize remediation activities.
Nation-state attacks can be harder to understand because the motivation isn’t always financial in nature.