Security agencies in the United Kingdom and United States have exposed malicious cyber campaigns targeting organisations involved in the Coronavirus response – and given tips to stay safe.
An advisory for international healthcare and medical research organisations has been published, advising staff to change any passwords that could be reasonably guessed to one created with three random words and implement two-factor authentication to reduce the threat of compromises.
The UK’s National Cyber Security Centre (NCSC) and US Cybersecurity and Infrastructure Security Agency (CISA) have seen large-scale ‘password spraying’ campaigns against healthcare bodies and medical research organisations.
Zeki Turedi, Technology Strategist, CrowdStrike, said: “The NCSC is right to warn healthcare organisations involved in the Coronavirus response that they are at huge risk. A vaccine is undoubtedly the most valuable commodity in the world right now, and adversaries will stop at nothing to get access to it. In fact, we have seen a 100x increase in malicious Coronavirus-related files circulating in recent months.
“Adversaries are leveraging COVID-19 lures to launch targeted attacks against an overstretched healthcare industry. We’re in a state of high alert when it comes to information pertaining to COVID-19 and the current situation has created the perfect storm.
“To defend against these threats, it’s crucial these organisations take a proactive approach and maintain a holistic view of their IT environment, with full control and visibility of all activity happening in their network.”