Cybersecurity Must Not Be Forgotten With State-sponsored Attacks Rising Amid COVID-19 Pandemic, Experts Warn

Government-backed hackers are attacking healthcare and research institutions in an effort to steal valuable information about efforts to contain the new coronavirus pandemic, the United Kingdom and the United States have said in a joint warning. In a statement on Tuesday, the UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) said the hackers had targeted pharmaceutical companies, research organisations and local governments.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jonathan Knudsen
Jonathan Knudsen , Senior Security Strategist
InfoSec Expert
May 8, 2020 2:59 pm

In a time of crisis, pushing cybersecurity to the back burner might be tempting. Many believe that using strong passwords or two-factor authentication is too much trouble when you have so many other concerns.

In fact, now is the very best time to evaluate and strengthen your security posture. A joint alert from DHS and NCSC shows that threat groups worldwide are taking advantage of current stress and upheaval to attack a variety of targets.

In particular, nation-states, driven by intense competition towards COVID-19 mitigations, are employing credential spraying techniques to gain access to healthcare, pharmaceutical, research, and similar types of organizations. Credential spraying attempts to use common, weak passwords across a list of user names which are harvested ahead of an attack.

The DHS/NCSC alert also mentions the importance of upgrading infrastructure and services. Outdated software and software components often have known vulnerabilities that can be exploited by attackers looking to gain a foothold in an organization. The alert has a list of excellent recommendations around password security and infrastructure maintenance.

None of this is new. The only thing that has changed is the intensity of the attacks, coupled with a shaken workforce that must work harder to make good decisions every day.

Last edited 2 years ago by Jonathan Knudsen
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
May 8, 2020 2:58 pm

This joint UK and US advisory highlights how important it is that organisations do not ease on cybersecurity investment or controls during the pandemic. Criminals and state-sponsored actors are just as active as ever and will use this time where the focus is on the pandemic to gain access to organisations and critical infrastructure.

Last edited 2 years ago by Javvad Malik
Tim Erlin
Tim Erlin , VP of Product Management and Strategy
InfoSec Expert
May 8, 2020 2:57 pm

Pandemic or not, cyberattacks continue.

It’s vitally important that these organizations have a good handle on their vulnerabilities. It may not be possible to fix every single vulnerability, but you have to know you have them before you can effectively prioritize remediation activities.

Nation-state attacks can be harder to understand because the motivation isn’t always financial in nature.

Last edited 2 years ago by Tim Erlin
3
0
Would love your thoughts, please comment.x
()
x