The UK Foreign Secretary, Dominic Raab, has said he has evidence that advanced persistent threat (APT) groups are exploiting the COVID-19 pandemic to attack national and international organizations that are responding to the crisis. During the UK government’s daily coronavirus press briefing today, Raab confirmed the government is working with those organizations facing targeted campaigns to ensure they are aware of the threat and can take steps to protect themselves from such attacks.
“We know that cyber-criminals and other malicious groups are targeting individuals, businesses and other organizations by deploying COVID-19-related scams and phishing emails. That includes groups in the cybersecurity world known as APT groups; sophisticated networks of hackers who try to breach computer systems,” said Raab.
The comments follow the joint advisory published earlier today by the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) about ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses.
The advisory stated that healthcare bodies, pharmaceutical companies and research organizations have been subject to large-scale ‘password spraying’ campaigns, which cyber-criminals use to access a large number of accounts using commonly known passwords. It has advised staff working within these organizations to change passwords that could be reasonably guessed to ones created with three random words as well as bring in two-factor authentication to reduce the threat of compromises.
The report also suggested the involvement of hostile states in these attacks, explaining that these APT actors target such bodies to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.
Paul Chichester, NCSC director of operations, commented: “Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe. By prioritising any requests for support from health organizations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.
“However, we can’t do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password spraying campaigns.”
The advisory provides an update on malicious cyber-activity related to COVID-19 that was published on April 8 2020 by NCSC/CISA.