Over 400 New Jersey Auctions End Tomorrow 04/25 - Bid Now
Over 1650 Total Lots Up For Auction at Four Locations - MA 04/30, NJ Cleansweep 05/02, TX 05/06, NJ 05/08

Spanish Spanish

COVID responders attacked by state-sponsored hackers: UK, US report

by Thomas Dworetzky, Contributing Reporter | May 08, 2020
Cyber Security
Share
Britain’s National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that state-sponsored hackers were mounting aggressive attacks on pharmaceutical companies, research organizations and local governments to ferret out information about efforts to fight the COVID-19 pandemic.

No specific culprits were identified, but unnamed sources from both nations told Reuters that the alarm was raised in direct response to Chinese, Iranian, and Russian-linked attempts.

Such efforts “frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities,” stressed the cyber groups, noting that they “may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19-related research.”

The news agency had reported recently on similar events, including a Vietnam-linked hack over COVID against the Chinese and a number of groups, including ones linked to Iran, who had launched attacks against the World Health Organization.

“These are organizations that wouldn’t normally see themselves as nation state targets, and they need to understand that now they are,” warned one unnamed official.

A CISA spokesman told the news agency that it was “no surprise that bad actors are doing bad things right now, in particular targeting organizations supporting COVID-19 response efforts.”

Of special note is that working from home, as many staffers now do, makes security even more challenging for organizations.

So much so that in April, Microsoft warned several dozen hospitals to take precautions against gateway and VPN appliance attacks during the pandemic.

It expressed concern specifically about REvil — also known as Sodinokibi — a ransomware campaign that actively exploits gateway and VPN vulnerabilities to access organizations.

“During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances,” it advised. “Unfortunately, one sector that’s particularly exposed to these attacks is healthcare. As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals.”
Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

 

advertisement

Cyber Security Homepage

How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
HHS opens probe into role Change Healthcare may have played in cyberattack
Ransomware attackers claim they sold Lurie Children's Hospital data for $3.4 million on dark web
AMA, AHA tell US government to do better by providers affected by Change Healthcare hack
Ukrainian man pleads guilty to cyberattack that left US hospital out $65 million and offline for two weeks
Five Minutes in Healthcare - Devon Bream
Off-site Minnesota radiology provider offline for a week following cyberattack
How GE HealthCare puts IT security in the Cath and EP Labs top of mind
FBI probes cyberattack that has left Lurie Children's Hospital offline for over a week
Montefiore to pay $4.75 million settlement for cybersecurity vulnerabilities