Sophisticated hackers are “actively targeting” healthcare entities, pharmaceuticals, local governments, medical researchers and academics working to blunt the coronavirus (Covid-19) pandemic, the U.S. and United Kingdom (U.K) cyber agencies said in a joint alert.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warned that advanced persistent threat (APT) actors are probing for Covid-19 intellectual property on national and international healthcare policy along with sensitive research data.
Both carry high nation-state and commercial value. “CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to Covid-19,” said Bryan Ware, CISA assistant director of cybersecurity.
Organizations involved in Covid-19-related research are especially attractive targets for APT actors looking to obtain information for their domestic research efforts into Covid-19-related medicine, the cyber watchdogs said. Hackers often target inadequately fortified weak links in the supply chains of those operations rather than zeroing in on entities sporting stronger defenses. CISA and NCSC said they have recently seen APT actors scanning the external websites of targeted companies and looking for weaknesses from unpatched software.
An earlier alert from CISA and the NCSC dated April 8, 2020 detailed the exploitation of the Covid-19 pandemic by cyber criminals and APT groups running scams and phishing campaigns. This new red flag updates ongoing malicious cyber activity relating to Covid-19. Authorities at CISA and NCSC said they have uncovered “large-scale” password spraying campaigns directed at healthcare organizations. As a result, the advisory urges personnel at healthcare-related and medical research organizations to “change any passwords that could be reasonably guessed to one created with three random words and implement two-factor authentication to reduce the threat of compromises.” Hackers deploy brute force password spraying to simultaneously burgle a large number of accounts using common login credentials.
Online crimes reported to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) have roughly quadrupled since the coronavirus (Covid-19) pandemic, spiking from 1,000 daily before the pandemic to as many as 4,000 incidents in a day, officials recently said. Hackers are especially going after outfits that have publicly identified themselves as working on Covid-19-related research, the federal law enforcement agency said. While it’s not uncommon for nation state hackers to target the biopharmaceutical industry, the forays have gained steam in the crisis, authorities said.
A number of examples have surfaced in the last two months. In March, ransomware hackers hit 10x Genomics, a Pleasanton, California-based biotechnology research facility working to understand the human body’s immune response to speed development of a Covid-19 vaccine. And, in a rare alert, Microsoft told “several dozen hospitals” to immediately patch weaknesses in their VPN installations after finding evidence that a ransomware crew was probing for spots to exploit.
CISA and NCSC are recommending organizations adopt the five mitigations below:
- Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and configurations.
- Use multi-factor authentication to reduce the impact of password compromises.
- Protect the management interfaces of your critical operational systems. In particular, use browse-down architecture to prevent attackers easily gaining privileged access to your most vital assets.
- Set up a security monitoring capability so you are collecting the data that will be needed to analyze network intrusions. Review and refresh your incident management processes.
- Use modern systems and software that have strong security built in. If you cannot move off out-of-date platforms and applications straight away, there are short-term steps you can take to improve your position.