Britain and the United States warned Tuesday of a rise in cyber attacks against health professionals involved in the coronavirus response by organised criminals “often linked with other state actors”.
The transatlantic allies’ cybersecurity agencies issued a joint warning to healthcare and medical research staff, urging them to improve their password security amid the threat.
Britain’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) said they had seen “malicious cyber campaigns targeting organisations involved in the coronavirus response”.
Read more: Pandemic fuels cyber attacks: Who will save us from hackers?
The two agencies added they had detected large-scale “password spraying” tactics — hackers trying to access accounts through commonly used passwords — aimed at healthcare bodies and medical research organisations.
British Foreign Secretary Dominic Raab echoed the warning at the daily Downing Street coronavirus press conference, noting perpetrators had “various objectives and motivations” — from fraud to espionage.
“But they tend to be designed to steal bulk personal data, intellectual property and wider information that supports those aims.
“And they’re often linked with other state actors,” he said.
UK and US warn of a rise in cyber attacks against health professionals involved in the coronavirus response by organised criminals "often linked with other state actors".— Randa HABIB (@RandaHabib) May 6, 2020
The transatlantic allies cyber security urged them to reset their password security https://t.co/cM9b7Yr87L
In their joint warning, the NCSC and CISA said they had identified targeting of national and international healthcare bodies, pharmaceutical companies, research organisations, and local government.
They added “the likely aim” was gathering information related to the pandemic.
The report also suggested the involvement of hostile states in the attacks, they mentioned that these APT actors target organisations to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.
The agencies advised healthcare staff to change any passwords that might be guessed to one created with three random words, as well as implementing two-factor authentication to reduce the risk of being hacked.
Paul Chichester, NCSC Director of Operations, said his agency was “prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response”.
Read more: Work from home jeopardised after upsurge in COVID-themed cyberattacks.
“But we can’t do this alone, and we recommend healthcare policy makers and researchers take our actionable steps to defend themselves from password spraying campaigns.”
Increased cyber attacks by state-backed hackers
The cyberattacks against the health workers by state-backed hackers pose a serious threat to the security of these workers.
These malicious actors “frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities,” according to the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
AFP with additional input by GVS News Desk