Expert Comments On State-Backed Hackers Targeting Coronavirus Workers, UK And US Warn

By   ISBuzz Team
Writer , Information Security Buzz | May 06, 2020 04:18 am PST

It has been reported that a joint warning from UK and US agencies says government-backed hackers are attacking healthcare and research institutions in an effort to steal valuable information about efforts to contain the new coronavirus outbreak.

Britain’s National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said the hackers had targeted pharmaceutical companies, research organizations and local governments. The NCSC and CISA did not say which countries were responsible for the attacks. But one U.S. official and one UK official said the warning was in response to intrusion attempts by suspected Chinese and Iranian hackers, as well as some Russian-linked activity.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jonathan Knudsen
Jonathan Knudsen , Senior Security Strategist
InfoSec Expert
May 6, 2020 12:20 pm

In a time of crisis, pushing cybersecurity to the back burner might be tempting. Many believe that using strong passwords or two-factor authentication is too much trouble when you have so many other concerns.

In fact, now is the very best time to evaluate and strengthen your security posture. A joint alert from DHS and NCSC shows that threat groups worldwide are taking advantage of current stress and upheaval to attack a variety of targets.

In particular, nation-states, driven by intense competition towards COVID-19 mitigations, are employing credential spraying techniques to gain access to healthcare, pharmaceutical, research, and similar types of organisations. Credential spraying attempts to use common, weak passwords across a list of user names which are harvested ahead of an attack.

The DHS/NCSC alert also mentions the importance of upgrading infrastructure and services. Outdated software and software components often have known vulnerabilities that can be exploited by attackers looking to gain a foothold in an organisation. The alert has a list of excellent recommendations around password security and infrastructure maintenance.

None of this is new. The only thing that has changed is the intensity of the attacks, coupled with a shaken workforce that must work harder to make good decisions every day.

Last edited 3 years ago by Jonathan Knudsen

Recent Posts

Would love your thoughts, please comment.x