Cyber Threats for UK and US Healthcare Organisations: A Joint Advisory Update
By Sarah Pearce and Ashley Webber
The Advisory explains that the NCSC and CISA are continuing to see indications that APT groups (advances persistent threat groups) are exploiting the pandemic by targeting organisations involved in both national and international COVID-19 responses. These organisations include healthcare bodies, pharmaceutical companies, academia, medical research organisations, and local government.
Whilst this Advisory focuses specifically on healthcare, as was discussed in our previous
As noted above, the Advisory focuses on the APT groups. APT actors frequently target organisations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities. The outbreak of COVID-19 of course has of huge national priority to most countries globally therefore providing an opportunity for APT groups to gather even more information including, for example on national and international healthcare policy or acquire sensitive data on COVID-19 related research.
The NCSC and CISA have both expressly stated that the healthcare sector is a priority at this time: both the NCSC and CISA will prioritise requests from the healthcare sector and remain in close contact with industry organisations to help them defend the industry from cyber attacks. In expressing the priority status, Paul Chichester, NCSC Direction of Operations, also notes that “we can’t do this alone, and we recommend healthcare policy makers and researchers take our actionable steps to defend themselves from password spraying campaigns”. Whilst the NCSC and CISA will work hard to protect the healthcare sector, there are steps which organisations and individuals can take to lower the risk, as discussed below.
The Advisory focuses predominantly on “password spraying” by APT groups. Password spraying is an attack in which the ATP group tries a commonly used password against many accounts before moving on to try a second commonly used password, and so on. This technique allows the group to remain undetected by avoiding having access blocked. ATP groups will also collate names from online sources that provide organisational details and use this information to identify possible accounts for targeted institutions, such as those the healthcare organisations listed above. The ATP group will then ‘spray’ the identified accounts with lists of commonly used passwords. This may result in an account or accounts being compromised providing the ATP group an opportunity to carry out its malicious act, for example theft of data.
Advisory and other tips to stay safe
The advice from the NCSC and CISA in this respect is fairly clear: password protection is key! The Advisory provides a series of previously published articles and advice from both the NCSC and CISA which businesses and individuals can refer to for information on how to create and maintain strong password protection.
The Advisory also provides a series of other mitigation tools which will assist organisations in defending themselves against cyber attacks including ensuring VPNs, devices and other software are all kept up to date.
Further, in our recent
Whilst the joint work of the NCSC and CISA is currently focused on COVID-19 cyber crimes, pre-pandemic cyber threats are still very much prevalent and businesses should continue to develop and maintain strong security measures and protections to protect their business and information from cyber crime.