Pharmaceutical companies researching treatments and vaccines for COVID-19 are being actively targeted by prominent nation state-backed hackers from Russia and North Korea, according to IT Pro. Groups including Strontium, Zinc and Cerium are launching “unconscionable” cyber-attacks against companies running trials for COVID-19 vaccines, one clinical research organisation and a company that’s developed a virus test – targeting a total of seven companies involved in researching vaccines and treatments. Strontium, allegedly linked with the Russian state, is using password spray and brute force attacks to steal login credentials, hoping to break into user accounts using millions of quickfire attempts. Zinc, meanwhile, uses spear-phishing lures for credential theft, posing as recruiters to send fabricated job descriptions to potential candidates. Cerium also engages in spear-phishing email lures themed around coronavirus, masquerading as World Health Organisation (WHO) representatives. Both are allegedly tied with North Korea.
COVID-19 research centers are inevitably going to be targeted by criminal groups from around the world over the next 12 months, and we clearly need to maximise the security of these facilities in order to protect the intellectual property and medical research. The impact of a breach of this data could not only be catastrophic, but also has the potential to delay the most important vaccine in generations. Such attacks can occur in a variety of ways, but so many have a success rate when hacking the human. Social engineering and highly-targeted phishing campaigns are still relatively successful and staff need to have measures in place to resist any misfortunate clicking or downloading. Restricted privileges and vigilance training are still key actions required to withstand such inevitable attacks.