Threat groups are looking to steal Covid-19 research, NCSC and CISA warn

The organisations being targeted include healthcare bodies, medical research institutions, pharmaceutical firms and others

The US Cybersecurity and Infrastructure Security Agency (CISA) and Britain's National Cyber Security Centre (NCSC) have urged healthcare organisations to strengthen their cyber security measures to spoil attempts from threat actors looking to steal confidential information on Covid-19.

In a joint alert issued yesterday, CISA and NCSC said that they have seen a large number of cyber incidents in the US and UK in recent weeks, in which advanced persistence threat (APT) groups actively targeted organisations involved in both national and international responses to coronavirus pandemic.

These organisations included healthcare bodies, medical research institutions, pharmaceutical firms, academia, and local governments.

Specifically, security experts observed hackers employing "password spraying" tactics in hopes of gaining access to user accounts through commonly used passwords.

Password spraying is a type of brute force attack in which the hackers try a commonly used password against a large number of accounts. After trying the first password, they move on to second password, and so on. The technique helps hackers to remain undetected by avoiding frequent account lockouts.

The agencies say they are also seeing an increased use of coronavirus themes via spear-phishing emails and efforts to distribute malicious software via illegitimate apps claiming to offer information about the disease.

APT groups are also scanning the websites of targeted organisations to find out security bugs in unpatched software.

In past months, actors have been observed taking advantage of a Citrix security vulnerability CVE-2019-19781 as well as bugs in VPN products from Palto Alto, Fortinet and Pulse Secure.

While the alert doesn't name the group behind these cyber campaigns, they are thought to include threat actors from Russia, China and Iran - the countries that have seen major outbreaks of the pandemic in recent months, but continue to deny previous claims of their involvement in those activities.

The cyber security agencies have also predicted a surge in the severity and frequency of Covid-19-related cyber attacks over the coming weeks.

"CISA has prioritised our cybersecurity services to healthcare and private organisations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to Covid-19," Bryan Ware, CISA Assistant Director of Cybersecurity said.

"The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organisations, specifically during this time as healthcare organisations are working at maximum capacity."