Further to our recently published article, the NCSC and CISA have published another joint advisory detailing the ongoing COVID-19 related criminal cyber attacks (the “Advisory”).
The Advisory explains that the NCSC and CISA are continuing to see indications that APT groups (advances persistent threat groups) are exploiting the pandemic by targeting organisations involved in both national and international COVID-19 responses. These organisations include healthcare bodies, pharmaceutical companies, academia, medical research organisations, and local government.
Whilst this Advisory focuses specifically on healthcare, as was discussed in our previous article, cyber criminal activities have reportedly been increasing since the start of the pandemic with actors looking to exploit the pandemic in a variety of malicious ways, not just limited to healthcare. The warnings come from the NCSC and CISA as many countries around the world are looking towards contact tracing as a method for lowering the spread of COVID-19. This app driven method will see the collection of large volumes of sensitive data – it would be a fairly safe assumption to make that cyber criminals will be looking to these apps as potential routes or opportunities for carrying out cyber crime. The app developers should therefore ensure that security is a foundation of the creation of the app whilst users should operate the apps as instructed and remain vigilant to suspicious activity.
As noted above, the Advisory focuses on the APT groups. APT actors frequently target organisations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities. The outbreak of COVID-19 of course has of huge national priority to most countries globally therefore providing an opportunity for APT groups to gather even more information including, for example on national and international healthcare policy or acquire sensitive data on COVID-19 related research.
The NCSC and CISA have both expressly stated that the healthcare sector is a priority at this time: both the NCSC and CISA will prioritise requests from the healthcare sector and remain in close contact with industry organisations to help them defend the industry from cyber attacks. In expressing the priority status, Paul Chichester, NCSC Direction of Operations, also notes that “we can’t do this alone, and we recommend healthcare policy makers and researchers take our actionable steps to defend themselves from password spraying campaigns”. Whilst the NCSC and CISA will work hard to protect the healthcare sector, there are steps which organisations and individuals can take to lower the risk, as discussed below.
The Advisory focuses predominantly on “password spraying” by APT groups. Password spraying is an attack in which the ATP group tries a commonly used password against many accounts before moving on to try a second commonly used password, and so on. This technique allows the group to remain undetected by avoiding having access blocked. ATP groups will also collate names from online sources that provide organisational details and use this information to identify possible accounts for targeted institutions, such as those the healthcare organisations listed above. The ATP group will then ‘spray’ the identified accounts with lists of commonly used passwords. This may result in an account or accounts being compromised providing the ATP group an opportunity to carry out its malicious act, for example theft of data.
Advisory and other tips to stay safe
The advice from the NCSC and CISA in this respect is fairly clear: password protection is key! The Advisory provides a series of previously published articles and advice from both the NCSC and CISA which businesses and individuals can refer to for information on how to create and maintain strong password protection.
The Advisory also provides a series of other mitigation tools which will assist organisations in defending themselves against cyber attacks including ensuring VPNs, devices and other software are all kept up to date.
Further, in our recent article, we also included tips for remaining vigilant to cyber threats applicable to all businesses. Taking steps such as those suggested will lower the risk of being a victim of cyber crime and will help to stop cyber criminals from exploiting the global effects of the COVID-19 pandemic. It is important for organisations to remember that no organisation is safe or immune from cyber crime, COVID-19 related or not: only this week was it reported that data from hundreds of law firms was exposed whilst an open platform.
Whilst the joint work of the NCSC and CISA is currently focused on COVID-19 cyber crimes, pre-pandemic cyber threats are still very much prevalent and businesses should continue to develop and maintain strong security measures and protections to protect their business and information from cyber crime.