Hacking Groups Are Targeting Essential Services
The Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a joint alert identifying advanced persistent threat (APT) groups who are continuously exploiting the COVID-19 pandemic. These APT groups are targeting organizations involved in both national and international COVID-19 responses, including healthcare organizations, pharmaceutical companies, medical research organizations, local governments, and academia. The APT groups are hoping to steal sensitive research data and intellectual property for commercial and state benefit.
Organizations such as pharmaceutical companies and medical research facilities are often viewed as vulnerable in the eyes of cybercriminals because of their global reach and international supply chains; affiliations which can increase the exposure of malicious activity. Many supply chain elements have been affected by the shift to remote working and the new vulnerabilities that have resulted from this transition. As COVID-19 has forced many workers to transition into working from home, many organizations have implemented a Virtual Private Network (VPN) in order to remain secure. While VPNs provide an extra layer of security to a network, attackers are still searching for vulnerabilities within the networks of these targeted industries that can be exploited, such as unpatched software.
APT hacking groups are also utilizing a method called password spraying to target vulnerabilities within these industries. Password spraying is a style of brute-force attack that threat actors use to access a large amount of accounts without being detected. Attackers will attempt to infiltrate several accounts at once by testing a single commonly used password before continuing to attempt another password. Unlike traditional brute-force attacks which target one account at a time and often result in the account getting locked-out, this method allows an attacker to remain undetected by avoiding rapid or frequent lockouts.
Once a malicious actor has successfully compromised an account, they can reuse the same credentials to compromise other accounts on the network. Eventually, threat actors can move laterally throughout the network once they have gained access to a system.
- Implement Multi-factor Authentication. Multi-factor authentication, where users are sent a verification code via text or email, adds an extra layer of security when logging in and provides alerts when someone is trying to use your credentials. Organizations should consider employing multi-factor authentication whenever possible.
- Use unique passwords for your online accounts. Ensure that your online accounts are protected by using unique passwords for each of your individual accounts online. This can help protect your personal information by ensuring that if an attacker gains access to login credentials for one of your online accounts, they will not be able to use that information to access your other accounts. Consider using a password manager to keep track of your unique passwords and prevent credential theft. Recommended link: https://www.cnet.com/how-to/best-password-manager-for-2020/
- Security Updates for VPN and Firewalls Ensure that the VPN is updated and has all the correct configurations. Patches and the latest security updates should be implemented and installed.