State-Backed Hackers Are Trying To Steal Coronavirus Research

May 5, 2020 TH Author headline,hacker,government,virus,science

State-backed hacking groups are targeting healthcare and other organisations involved in national and international responses to coronavirus pandemic, the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have warned.

Advanced Persistent Threat (APT) groups — sophisticated hacking groups generally linked to a nation-state –are looking to get hold of information about national COVID-19 responses, healthcare research or other sensitive data related to coronavirus and are targeting organisations in sectors including healthcare, pharmaceuticals, academia, medical research and local government, says the joint advisory.

Cyber attacks against these targets – particularly those relating to coronavirus research – are useful for state-backed operations because they could potentially provide an avenue for aiding their own domestic research into coronavirus-related medicine.

SEE: Coronavirus: Business and technology in a pandemic

One area that’s particularly being targeted as entry point for attacks, the security agencies have warned, is international supply chains.

“Actors view supply chains as a weak link that they can exploit to obtain access to better-protected targets,” the advisory warns. “Many elements of the supply chains will also have been affected by the shift to remote working and the new vulnerabilities that have resulted”.

A previous joint warning from the NCSC and DHS warned how cyber attackers scanning for vulnerable VPNs in order to launch attacks against remote workers, and this appears to have continued.

Unpatched software is a particularly appealing target for these attacks and the advisory notes that Citrix vulnerability CVE-2019-197811 is something that hacking groups associated with nation-states have looked to take advantage of.

APT groups targeting healthcare and other essential services are also attempting to use large-scale “password spraying” campaigns, deploying brute force attacks using common passwords against healthcare providers in the UK, US and other countries. These attacks are being investigated by both NCSC and CISA.

“APT actors will continue to exploit COVID-19 as they seek to answer additional intelligence questions relating to the pandemic,” says the advisory.

SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

To help protect accounts from password spraying attacks, the NCSC recommends the use of a strong – and importantly, unique – password.

And to mitigate more advanced attacks, the joint advisory recommends that VPNs, network infrastructure and devices being used in remote work environments are updated with the latest security updates so that attackers can’t exploit known vulnerabilities as a means of entry.

Organisations are also advised to get up multi-factor authentication as an additional layer of defence, so if an account or network is compromised, the attack can’t do as much damage.

READ MORE ON CYBERSECURITY