Foreign hackers are trying to break through pharmaceutical and medical research agencies looking for a COVID-19 vaccine, British and American news agencies warn.
The National Cyber Security Center (NCSC) and America’s Cybersecurity and Infrastructure Security Agency (CISA) have warned of a “password spraying” campaign targeting health and medical research organizations.
Hostile countries would also abuse a specific Citrix vulnerability (CVE-2019-19781) which, if not corrected, allows remote code execution by an unauthenticated user. In addition, they are also abusing vulns in Palo Alto Networks, Fortinet and Pulse Secure VPNs to trick people working from home.
Paul Chichester, Director of Operations, NCSC said in a statement: “Protecting the healthcare sector is the top priority of the NCSC right now, and we are working closely with the NHS to keep their systems secure. . “
Vietnam reportedly hacking Chinese organizations tasked with responding to COVID-19
The joint warning comes just after reports from Sunday newspapers that Iran and Russia are targeting British universities in the hope of stealing ideas on how to fight the deadly coronavirus pandemic.
Bryan Ware, Assistant Director of Cybersecurity for CISA, said in another canned statement: “The trusted and ongoing cybersecurity collaboration that CISA has with NCSC and industry partners plays a critical role in protecting the public and organizations, especially during this time when healthcare organizations are working at peak capacity. “
Publication of a slightly detailed advisory note [PDF] by the NCSC explained: “The NCSC and the CISA are currently investigating a number of incidents in which threat actors target pharmaceutical companies, medical research organizations and universities …
“Actors see supply chains as a weak link that they can use to access better protected targets. Many parts of the supply chain will also have been affected by the shift to remote working and the resulting new vulnerabilities. ”
Chichester of NCSC warned that his agency “could not do this alone” and called on “health policy makers and researchers” to “take our concrete steps to defend against password spraying campaigns” .
Password spraying differs from brutal common or garden forcing when trying a single commonly used password against a list of target accounts. That done, the attackers then try the next most common password, thereby avoiding speed limit or compromise detection software that locks targeted accounts against new login attempts. ®
Office 365 client-to-client migration tips