The US and the UK Reveal Password Spraying Attacks Against Healthcare Institutions
The COVID-19 pandemic has engulfed pretty much the entire planet, and it's safe to say that there is no country that can truly claim to be unharmed by the new virus. All over the world, the biggest pharmaceutical companies and the brightest sparks in the field of healthcare are racing against time to come up with a way of treating and eliminating the disease, and fortunately, they all say that they've made some progress. Sadly, it looks like politics might be getting in the way.
Table of Contents
COVID-19 and state-sponsored hackers
Ever since it started, the coronavirus pandemic has been exploited by hackers, mostly in the social engineering part of the attacks where users must be tricked into an action that eventually results in either a malware infection or loss of personal data. Phishers, ransomware operators, and malware distributors all use the trick, but it isn't just them.
In early April, the United States Department of Homeland Security (DHS) and the UK's National Cyber Security Centre (NCSC) issued a joint alert to critical organizations according to which Advance Persistent Threat (APT) groups, hacking crews sponsored by governments, are using the COVID-19 pandemic in their operations. The alert stated that the coronavirus outbreak was extensively used as a motif in the subjects, bodies, and attachments of phishing emails, and users were urged to be more careful with the messages they interact with, even if they look like they come from legitimate sources. In these cases, COVID-19 was used as a lure, but in more recent cyberattacks, it plays a different role.
APTs set their sights on healthcare organizations tasked with researching COVID-19
A more recent alert also issued by the DHS and NCSC says that APTs are now attacking healthcare and academic organizations that are working on fighting the coronavirus. These are the institutions that are looking for effective treatment and a vaccine against the disease, and they are apparently under attack from some of the world's most elite hackers.
Unlike regular cybercriminals, APT groups are well-funded collectives that don't need to think about trivial stuff like limited resources. According to the alert, their goal when attacking healthcare organizations in the US and UK is to steal "personal information, intellectual property, and intelligence that aligns with national priorities." In other words, the governments of some countries are trying to learn how their colleagues are doing.
The alert itself stopped short of naming the states that are trying to pilfer the vital information, but according to New York Times sources, the FBI will soon point the finger at China.
APTs employ password spraying in their attacks
The attackers might be sophisticated, but the attacks themselves aren't. According to the UK and US alert, the APTs charged with the task of spying on other countries' anti-coronavirus efforts are currently using a technique known as password spraying.
In essence, password spraying is a form of brute-forcing. In a password spraying attack, the hackers take a list of commonly used passwords and try them all with usernames that are likely to be used by employees of the targeted organization. Sadly, even the people tasked with important jobs like finding a solution to a global pandemic don't pay enough attention to their passwords, which is why password spraying attacks are successful.
Good password hygiene can render the APTs' efforts completely useless, and the authorities have once again urged everyone to use complex, unique credentials and two-factor authentication when working with vital data. If people heed this advice, the APTs will need to try other techniques, and it's a pretty safe bet that they won't give up.
Unfortunately, the only conclusion that we can draw from the whole story is that even a global pandemic isn't enough to bring the world superpowers together. The crisis clearly won't stop governments from spying and attacking each other, albeit in the virtual world, and although this might not necessarily disrupt the effort to eliminate COVID-19, it won't do anything to help.