Expert Comments

Cozy Bear Hackers Target Covid-19 Research Centres in UK, US and Canada

Expert(s): Security Experts
Expert(s): Security Experts

An advisory published by the UK National Cyber Security Centre (NCSC) warns of activity by Russian hacking group APT29 and explicitly calls out efforts to target the US, UK, and Canadian vaccine research, according to CNN.  Cyber actors from the Russian hacking group, which also goes by the name “the Dukes” or “Cozy Bear”, are targeting organisations involved in coronavirus vaccine development, according to the new warning issued today. APT29 uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”, according to the NCSC, who have also assessed that the hacking group “almost certainly operate[s] as part of Russian Intelligence Services.”

Experts Comments

Dot Your Expert Comments
Jake Moore
July 17, 2020
Cybersecurity Specialist
ESET

They are quick to target vulnerabilities, wherever they may lie.
Criminal attackers revel in the weaknesses that humans offer. They are quick to target vulnerabilities, wherever they may lie. Such organisations conducting the research would not usually find themselves such a target, like financial institutions often are, but currently a coronavirus vaccine is more valuable. Research centers are the epicenter for the latest and most up-to-date information on a vaccine – therefore, threat actors from all over the world are all descending on them at once......Read More
Criminal attackers revel in the weaknesses that humans offer. They are quick to target vulnerabilities, wherever they may lie. Such organisations conducting the research would not usually find themselves such a target, like financial institutions often are, but currently a coronavirus vaccine is more valuable. Research centers are the epicenter for the latest and most up-to-date information on a vaccine – therefore, threat actors from all over the world are all descending on them at once. What is interesting here, however, is that the accusations are more heavily emphasized on Russia, rather than suggesting ‘nation-state hackers’. With the latest risks attached to home working and remote logging in, extra protection is vital for all organisations, especially when the threats are now positioned even further afield around the world. Many attacks will start with extremely well-crafted, targeted spearphishing emails, which look genuine to the untrained eye. Anyone in these research centers must remain extra vigilant to the heightened threat and urge caution with all lines of communication.  Read Less
Faiz Shuja
July 20, 2020
Co-Founder & CEO
SIRP Labs

One way organisations look to ease the strain on their SOC is to introduce automation that can respond to these alerts through a range of playbooks.
Since the start of the COVID-19 pandemic, our systems have been capturing the changing patterns of security attacks experienced in the Security Operations Centres (SOCs) of our enterprise customers. The data points to a significant increase in state-sponsored APT attacks as nations look to take advantage of the perceived weaknesses of others, or to steal or destroy their COVID research from universities, pharmaceuticals and research institutes. At the SOC-level there has been a noticeable.....Read More
Since the start of the COVID-19 pandemic, our systems have been capturing the changing patterns of security attacks experienced in the Security Operations Centres (SOCs) of our enterprise customers. The data points to a significant increase in state-sponsored APT attacks as nations look to take advantage of the perceived weaknesses of others, or to steal or destroy their COVID research from universities, pharmaceuticals and research institutes. At the SOC-level there has been a noticeable rise in alert volumes and anyone dealing with alerts manually has been overwhelmed. One way organisations look to ease the strain on their SOC is to introduce automation that can respond to these alerts through a range of playbooks – for example for phishing analysis. This playbook will stipulate that if an email looks like it contains malware it can be sandboxed for analysis and given a risk score. If that score indicates that there is malware present, the email is blocked and deleted. With automation, this only takes a few seconds to complete.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords