Following the news that Russian state-sponsored hackers (a group known as “APT29” or “Cozy Bear”) targeted Covid-19 vaccine research, cybersecurity experts commented below.
Following the news that Russian state-sponsored hackers (a group known as “APT29” or “Cozy Bear”) targeted Covid-19 vaccine research, cybersecurity experts commented below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Throughout the pandemic we have continued to see strong demand for our services from businesses, who themselves have been responding to the growing threat from adversaries hoping to capitalise on the crisis. As a result we continue to grow in the UK and have conducted many remote interviews in recent months, with most new employees starting their roles at home rather than in the office. Indeed, lockdown has certainly made many line managers rethink their recruitment approach and whether they could realistically widen their net when recruiting by including remote workers that can be based anywhere in the UK.
In addition to new recruits, we are also committed to developing our current employees and considering promotion from within, For example, in our security operations centres we are keen to progress our people through the ranks as efficiently as possible by developing their skills. This is in combination with driving entry level recruitment so that we have a constant flow of employees that are moving up – combatting the tight labour market best we can.
COVID-19 is an existential threat to every government in the world, so it’s no surprise that cyber espionage capabilities are being used to gather intelligence on a cure. The organizations developing vaccines and treatments for the virus are being heavily targeted by Russian, Iranian, and Chinese actors seeking a leg up on their own research. We’ve also seen significant COVID-related targeting of governments that began as early as January.
Despite involvement in several high-profile incidents, APT29 rarely receives the same attention as other Russian actors because they tend to quietly focus on intelligence collection. Whereas GRU actors have brazenly leaked documents and carried out destructive attacks, APT29 digs in for the long term, siphoning intelligence away from its target.
Cybercriminals perpetrate their attacks for one or more of four core motives: financial gain, political interference, creating general havoc and stealing intellectual property. Never has this last aim been more apparent than now, at a time when Russia is vying for dominance. The coronavirus vaccine, urgently coveted by all countries, can grant a significant advantage.
The Russian intelligence group suspected of deploying this attack, APT29 or ‘Cosy Bear’ has deployed malware strains to access research organisations’ systems, and social engineering attacks like phishing and spear-phishing to trick employees into handing over access credentials.
At a time when remote working has rendered everyone more susceptible to social engineering, given the lack of the common ‘safety net’, businesses, higher education and governments — especially those in possession of vital research and information — must remain hyper-vigilant. Keeping in mind that IT teams are strained and security budgets are tight, businesses and organisations need a solution that offers easy, resource-saving centralised management.
It\’s unfortunate that creating a vaccine has become a geopolitical competition rather than an opportunity for global cooperation. Surely a vaccine would have the greatest impact if shared with the whole world including Russia, whether they are friendly or not. So I\’m not sure what incentive there is for Russia to steal research, unless it\’s worried about the UK capitalizing on a vaccine and price gouging Russia for access to it.
In the midst of the darkest parts of this crisis, cyber crime hasn’t abated. Today’s announcement from the NCSC that Russian hacking groups have been targeting COVID-19 vaccine developers is not shocking but it is concerning.
While the objective of this data breach is different to most financially-motivated attacks we see, the tactics the hackers are using are exactly the same. Once again, spear phishing techniques were employed to trick employees into handing over personal information that allowed them to take over accounts. These targeted and personalised attacks are sophisticated and difficult to spot, especially in the strange circumstances we find ourselves in today, so organisations must do everything in their power to mitigate them with technology.
As always when combating phishing attacks, although it is important to educate employees on best practice so that they treat all suspicious emails with caution, organisations must take it upon themselves to protect employees from these email attacks in the first instance. Organisations need to use email security that combines algorithmic analysis, threat intelligence and executive name checking to efficiently protect themselves against these evolving attacks.