Hackers are targeting coronavirus research, warn U.S. and UK

Hackers are targeting coronavirus research, warn U.S. and UK

Hackers are targeting coronavirus research, warn U.S. and UK

The NCSC and CISA said without naming any country that hackers are trying to steal important information related to Corona from pharmaceutical companies and research organizations.

State-sponsored cyber attacks targeting medical institutions working on treatments for coronavirus have been labelled "utterly reprehensible" by the UK's cybersecurity agency.

Bryan Ware, CISA assistant director of cybersecurity, said it was prioritising its services to healthcare organisations and other medical groups involved in fighting the coronavirus pandemic, so that those firms can focus on their response to the virus.

The organisations targeted include setups with biomedical research facilities, investigating everything from game-changing vaccines to post-infection antibody tests.

"The pandemic has likely raised additional requirements for APT actors to gather information related to COVID-19".

The well-documented rise in cyber crime has been fuelled by an uptick in activity from state-backed hacking groups targeting critical organisations like healthcare bodies and pharmaceutical companies, according to the National Cyber Security Centre (NCSC).

The advisory warns cyber-spies are targeting supply chains and taking advantage of people remotely working, with a technique called password-spraying - in which they try to use commonly used passwords to access accounts. One US official and one United Kingdom official stated the warning was in reaction to invasion efforts by believed Chinese and Iranian hackers, as well as some Russian-linked activity.

State hacking groups "frequently target organisations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities", the NCSC and the CISA said.

"These are organisation that wouldn't normally see themselves as nation state targets and they need to understand now they are", said one official.

Organisations trying to develop a COVID-19 vaccine are among those being targeted.

"Password spraying" is the attempt to access a large number of accounts using commonly known passwords, according to the joint statement released by NCSC and CISA.

"But we can't do this alone, and we recommend healthcare policy makers and researchers take our actionable steps to defend themselves from password spraying campaigns".

Last month NCSC urged the general public to report Coronavirus related email scams, and launched a "cyber aware" campaign promoting behaviours to mitigate threats. The Suspicious Email Reporting Service in its first week had received over 25,000 reports - resulting in 395 phishing sites being taken down, it said.

"Any attack against efforts to combat the coronavirus crisis is utterly reprehensible", a spokesman for the NCSC said.

Related news

[an error occurred while processing the directive]