Cyber experts warn of malicious campaigns targeting Covid-19 response.
Cybersecurity experts have warned of malicious cyber campaigns targeting healthcare organisations and policymakers involved in the Covid-19 response.
The UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Agency (CISA) have spotted large-scale ‘password-spraying’ campaigns against healthcare and medical research organisations.
Password spraying refers to an attempt to access large numbers of accounts using commonly known passwords. The ‘advanced persistent threat’ groups target such bodies to collect bulk personal information, intellectual property and intelligence that aligns with national priorities, they said.
Speaking at yesterday’s daily coronavirus brief briefing Dominic Raab urged healthcare organisations to be diligent against the threat of cybercriminals.
In an advisory for international organisations, published 5 May, the NCSC and CISA advised staff to change any passwords that could be reasonably guessed. It should be replaced with one created with three random words, they said.
A two-factor authentication model should also be implemented to reduce cyber threats, it adds.
Paul Chichester, NCSC director of operations, said: “Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe.
“By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.
“But we can’t do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password spraying campaigns.”
Pharmaceutical companies and local governments have also been targeted.
The World Health Organisation (WHO) has also seen a “dramatic increase” in the number of cyberattacks directed at staff and email scams targeting the public. Attacks are now more than five times higher than in the same period last year, it said.
In the week beginning 20 April some 450 WHO email addresses and passwords were leaked online, alongside thousands of others associated with people working on the coronavirus response.
The organisation said it did not impact security as the data was out of date and it is now working with the private sector to establish more robust internal systems and to strengthen security measures. Staff are also being given training on cybersecurity risks.
Bernardo Mariano, WHO’s chief information officer, said: “Ensuring the security of health information for member states and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the Covid-19 pandemic. We are grateful for the alerts we receive from member states and the private sector. We are all in this fight together.”
It comes as the UK’s intelligence and security organisation was granted extra powers to access information from the NHS IT system during the Covid-19 outbreak.
Under the powers, approved by health secretary Matt Hancock, GCHQ can request from the NHS anything “relating to the security of any network and information system”.
The apparent attempt to bolster NHS cybersecurity followed a stark warning from the NCSC on 8 April regarding an increase of Covid-19 related malicious cyber activity.
Both the NCSC and the US Department of Homeland Security have noted a growing use of Covid-19 themes from cyber attackers, though the overall levels of cybercrime have not increased.
Creative Commons Disclosure
Why choose LearnPac E-Learning courses?
LearnPac Systems is a leading UK provider of accredited online training courses, programmes and qualifications including the following categories:
- Business Administration and Entrepreneurship
- Health, Safety and Welfare at Work
- Health and Social Care
- IT and Cyber Security
- Leadership and Management
- Mental Health Awareness
- Microsoft Office Applications
- Personal and Professional Development
- Statutory and Mandatory Training
- Soft Skills Development
- Train the Trainer
- Workplace Diversity.
LearnPac Systems is a leading UK provider of accredited online training courses, programmes and qualifications. Contact our Support Team on 024 7610 0090 or via Email to discuss your online training requirements.