Cyber criminals, and other malicious groups are targeting individuals, businesses, and others by deploying COVID-19 related scams and phishing emails, Foreign Secretary Dominic Raab said yesterday.
“That includes groups that in the cyber security world are known as ‘advanced persistent threat’ groups – sophisticated networks of hackers who try to breach computer systems. We have clear evidence now that these criminal gangs are actively targeting national and international organisations, which are responding to the COVID-19 pandemic, which I have to say makes them particularly venal and dangerous at this time.”
The UK’s official National Cyber Security Centre (NCSC) and the United States federal Cybersecurity and Infrastructure Security Agency (CISA) published a joint warning about large-scale ‘password spraying’ campaigns against healthcare bodies and medical researchers.
Paul Chichester, NCSC Director of Operations, said: “Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe. By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.
“But we can’t do this alone, and we recommend healthcare policy makers and researchers take our actionable steps to defend themselves from password spraying campaigns.”
The official advice includes that staff change any passwords that could be reasonably guessed to one created with three random words; and use two-factor authentication (such as a code texted to the user’s known phone number, or biometric verification, besides a password) to reduce the threat of compromises.
As a sign of the sheer number of attempts, the NCSC created a Suspicious Email Reporting Service after seeing the rise in coronavirus-related email scams. In its first week, the service received more than 25,000 reports.
What is password spraying?
‘Password spraying’ is the attempt to access a large number of accounts using commonly known passwords. The NCSC last year revealed the most commonly hacked passwords which attackers are known to use to gain access to personal and corporate accounts and networks; such as qwerty, and 123456; the word ‘password’; and the likes of superman, or football team names such as Liverpool.
Comments
Jonathan Knudsen, senior security strategist at Synopsys, said: “In a time of crisis, pushing cybersecurity to the back burner might be tempting. Many believe that using strong passwords or two-factor authentication is too much trouble when you have so many other concerns. In fact, now is the very best time to evaluate and strengthen your security posture.”
And Zeki Turedi, Technology Strategist, CrowdStrike, said: “Adversaries are leveraging COVID-19 lures to launch targeted attacks against an overstretched healthcare industry. We’re in a state of high alert when it comes to information pertaining to COVID-19 and the current situation has created the perfect storm.
“To defend against these threats, it’s crucial these organisations take a proactive approach and maintain a holistic view of their IT environment, with full control and visibility of all activity happening in their network. This includes having an understanding of the broader threat landscape so organisations can quickly identify adversaries and their techniques, learn from attacks, and take action on indicators to strengthen their overall defences.”
