by Thomas Dworetzky
, Contributing Reporter | May 08, 2020
Britain’s National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that state-sponsored hackers were mounting aggressive attacks on pharmaceutical companies, research organizations and local governments to ferret out information about efforts to fight the COVID-19 pandemic.
No specific culprits were identified, but unnamed sources from both nations told Reuters
that the alarm was raised in direct response to Chinese, Iranian, and Russian-linked attempts.
Such efforts “frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities,” stressed the cyber groups, noting that they “may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19-related research.”
The news agency had reported recently on similar events, including a Vietnam-linked hack over COVID against the Chinese and a number of groups, including ones linked to Iran, who had launched attacks against the World Health Organization.
“These are organizations that wouldn’t normally see themselves as nation state targets, and they need to understand that now they are,” warned one unnamed official.
A CISA spokesman told the news agency that it was “no surprise that bad actors are doing bad things right now, in particular targeting organizations supporting COVID-19 response efforts.”
Of special note is that working from home, as many staffers now do, makes security even more challenging for organizations.
So much so that in April, Microsoft warned several dozen hospitals
to take precautions against gateway and VPN appliance attacks during the pandemic.
It expressed concern specifically about REvil — also known as Sodinokibi — a ransomware campaign that actively exploits gateway and VPN vulnerabilities to access organizations.
“During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances,” it advised. “Unfortunately, one sector that’s particularly exposed to these attacks is healthcare. As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals.”