APT groups attacking UK bodies critical to coronavirus response, NCSC warns

Hackers are targeting healthcare bodies and pharmaceutical companies

Businesses have been warned against a sharp rise in ‘password spraying’ attacks, with state-backed hacking groups targeting organisations critical to the COVID-19 response in the UK, US and across the world.

The well-documented rise in cyber crime has been fuelled by an uptick in activity from state-backed hacking groups targeting critical organisations like healthcare bodies and pharmaceutical companies, according to the National Cyber Security Centre (NCSC).

A joint-advisory published by the NCSC and US Cybersecurity and Infrastructure Security Agency (CISA) has warned businesses and public sector bodies against this wave of password spraying attacks. 

This brute force technique allows attackers to try a single and commonly used password against many accounts before moving on to try a second password, and so on. The nature of the attack also allows them to remain undetected by avoiding account lockouts. 

They’re successful for the most part because a large set of users are likely to share common passwords, the advisory warned.

“We know that cyber criminals, and other malicious groups are targeting individuals, businesses, and other organisations by deploying COVID-19 related scams and phishing emails,” foreign secretary Dominic Raab said at the government’s daily press briefing yesterday. 

“That includes groups that in the cyber security world are known as ‘advanced persistent threat’ groups - sophisticated networks of hackers who try to breach computer systems. 

“We have clear evidence now that these criminal gangs are actively targeting national and international organisations, which are responding to the COVID-19 pandemic, which I have to say makes them particularly venal and dangerous at this time.”

The latest advice has been published a couple of weeks after the NCSC warned against a surge in online coronavirus scams. This chimes with data from other organisations including Google, which has warned of a spike in phishing emails.

In the intervening weeks, cyber security researchers have identified malicious campaigns targeting healthcare organisations, pharmaceutical companies, research organisations, as well as various different arms of local government. 

Motives may vary, from fraud to espionage, although they largely tend to be designed to steal bulk personal data, intellectual property, and wider information that supports those aims. These groups are also connected with state actors, although the government declined to name the countries responsible.

This “predatory criminal behaviour” is expected to continue and evolve over the coming weeks and months, Raab added, so the government has reiterated the best practice advice from the NCSC to counter the threat and support businesses.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

Beyond advice, the government says it’s seeking to “counter those who conduct cyber attacks”, working in collaboration with international patterns to deter the cyber gangs and the nations backing them. 

The government is also working with the targets of these attacks, as well as potential targets, and others, to ensure these organisations aware of the cyber threat and fully prepared to stave off any attempts at intrusion.

There are several mitigating steps that organisations can take to secure themselves against potential compromise, including updating any virtual private networks (VPNs), network infrastructure devices, and devices being used to remote into work environments with patches. Using multi-factor authentication (MFA) is also a critical step that users can take to ensure their accounts benefit from an added layer of security.

Businesses have also been advised to protect the management interfaces of critical operating systems, using a browse-down architecture to prevent attackers from easily gaining privileged access to vital assets.

Various other steps that organisations can take include setting up a security monitoring capability, reviewing incident management processes, as well as using modern systems and software if not already in place.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

Google Cloud unveils AI contact center focused on vaccine equity
artificial intelligence (AI)

Google Cloud unveils AI contact center focused on vaccine equity

16 Apr 2021
Assessing your cloud strategy after COVID
cloud computing

Assessing your cloud strategy after COVID

16 Apr 2021
Neo digital transformation
digital transformation

Neo digital transformation

9 Apr 2021
Akamai’s Vaccine Edge offers rapid access to COVID-19 vaccine appointments
sales & CRM

Akamai’s Vaccine Edge offers rapid access to COVID-19 vaccine appointments

30 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021