Coronavirus: Rival States Targeted UK And US COVID-19 Labs With 'Malicious Cyber Campaigns'

The UK and US have warned that state-backed cyber attackers are trying to steal data from universities, pharmaceuticals and research institutes involved in the coronavirus response.

​

Organisations trying to develop a COVID-19 vaccine are among those being targeted.

A joint advisory published on Tuesday did not name any specific country involved in the "malicious cyber campaigns", but culprits are understood to include hacking groups from China, Russia and Iran, as well as others.

Dominic Raab, the foreign secretary, called the attacks "particularly venal" given that they were targeting international and national organisations responding to the COVID-19 crisis.

"There are various objectives and motivations that lie behind these attacks, from fraud on the one hand to espionage," he said at the daily Downing Street briefing.

"We expect this kind of predatory criminal behaviour to continue and evolve over the coming weeks and months ahead, and we are taking a range of measures to tackle the threat."

Mr Raab added: "We're absolutely determined to defeat coronavirus, and also to defeat those trying to exploit the situation for their own nefarious ends."

A joint advisory published on Tuesday did not name any specific country involved in the "malicious cyber campaigns", but culprits are understood to include China, Russia and Iran, as well as others.

The UK's National Cyber Security Centre (NCSC), a branch of GCHQ, and its US counterpart, the US Cybersecurity and Infrastructure Security Agency (CISA), urged workers in healthcare and medical research to change easy-to-guess passwords.

They also advised staff in these sectors to use two-factor authentication to help fend off what the agencies called "password spraying" campaigns, which hit a target with multiple common passwords in the hope that one will work.

There is not thought to have been a successful attack on an institute in the UK, but Sky News understands attacks have had success elsewhere.

The significant rise in cyber attacks on research institutes and universities is thought to be in line with a shift in priorities of national governments in the wake of the COVID-19 pandemic.

Suddenly, access to information held by a rival nation's laboratories is of top importance.

The US-UK warning said the "advanced persistent threat" (APT) groups carrying out the cyber attacks - typically state-backed hackers - were targeting medical research and healthcare organisations as well as local government "to collect bulk personal information, intellectual property and intelligence that aligns with national priorities".

The NCSC has made protecting the UK health sector its top priority in the wake of the coronavirus crisis, according to Paul Chichester, the director of operations.

"By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it," he said.

"But we can't do this alone, and we recommend healthcare policy makers and researchers take our actionable steps to defend themselves from password spraying campaigns."

Security officials have identified targeting of national and international healthcare bodies, pharmaceutical companies, research organisations, and local government with the likely aim of gathering information related to the coronavirus outbreak, the joint US-UK statement said.

The warning followed a joint advisory from the NCSC and CISA last month about cyber criminals exploiting the coronavirus outbreak for their own personal gain.

They warned that the frequency of coronavirus-related cyber attacks will increase over the coming weeks and months.

Last month, the NCSC created the Suspicious Email Reporting Service after seeing an increase in coronavirus-related email scams.

In its first week, the service received more than 25,000 reports - resulting in 395 phishing sites being taken down.

Source