APT groups attacking UK bodies critical to coronavirus response, NCSC warns

Hackers are targeting healthcare bodies and pharmaceutical companies

Businesses have been warned against a sharp rise in ‘password spraying’ attacks, with state-backed hacking groups targeting organisations critical to the COVID-19 response in the UK, US and across the world.

The well-documented rise in cyber crime has been fuelled by an uptick in activity from state-backed hacking groups targeting critical organisations like healthcare bodies and pharmaceutical companies, according to the National Cyber Security Centre (NCSC).

A joint-advisory published by the NCSC and US Cybersecurity and Infrastructure Security Agency (CISA) has warned businesses and public sector bodies against this wave of password spraying attacks. 

This brute force technique allows attackers to try a single and commonly used password against many accounts before moving on to try a second password, and so on. The nature of the attack also allows them to remain undetected by avoiding account lockouts. 

They’re successful for the most part because a large set of users are likely to share common passwords, the advisory warned.

“We know that cyber criminals, and other malicious groups are targeting individuals, businesses, and other organisations by deploying COVID-19 related scams and phishing emails,” foreign secretary Dominic Raab said at the government’s daily press briefing yesterday. 

“That includes groups that in the cyber security world are known as ‘advanced persistent threat’ groups - sophisticated networks of hackers who try to breach computer systems. 

“We have clear evidence now that these criminal gangs are actively targeting national and international organisations, which are responding to the COVID-19 pandemic, which I have to say makes them particularly venal and dangerous at this time.”

The latest advice has been published a couple of weeks after the NCSC warned against a surge in online coronavirus scams. This chimes with data from other organisations including Google, which has warned of a spike in phishing emails.

In the intervening weeks, cyber security researchers have identified malicious campaigns targeting healthcare organisations, pharmaceutical companies, research organisations, as well as various different arms of local government. 

Motives may vary, from fraud to espionage, although they largely tend to be designed to steal bulk personal data, intellectual property, and wider information that supports those aims. These groups are also connected with state actors, although the government declined to name the countries responsible.

This “predatory criminal behaviour” is expected to continue and evolve over the coming weeks and months, Raab added, so the government has reiterated the best practice advice from the NCSC to counter the threat and support businesses.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

Beyond advice, the government says it’s seeking to “counter those who conduct cyber attacks”, working in collaboration with international patterns to deter the cyber gangs and the nations backing them. 

The government is also working with the targets of these attacks, as well as potential targets, and others, to ensure these organisations aware of the cyber threat and fully prepared to stave off any attempts at intrusion.

There are several mitigating steps that organisations can take to secure themselves against potential compromise, including updating any virtual private networks (VPNs), network infrastructure devices, and devices being used to remote into work environments with patches. Using multi-factor authentication (MFA) is also a critical step that users can take to ensure their accounts benefit from an added layer of security.

Businesses have also been advised to protect the management interfaces of critical operating systems, using a browse-down architecture to prevent attackers from easily gaining privileged access to vital assets.

Various other steps that organisations can take include setting up a security monitoring capability, reviewing incident management processes, as well as using modern systems and software if not already in place.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download


How to manage people successfully from a distance
Business strategy

How to manage people successfully from a distance

27 Oct 2021
Phishing emails target victims with fake vaccine passport offer
cyber crime

Phishing emails target victims with fake vaccine passport offer

21 Sep 2021
Oracle teams with Oxford University for rapid detection of COVID-19 variants
data processing

Oracle teams with Oxford University for rapid detection of COVID-19 variants

20 Sep 2021
Podcast transcript: Digital stagnation in a post-COVID world
digital transformation

Podcast transcript: Digital stagnation in a post-COVID world

27 Aug 2021

Most Popular

What should you really be asking about your remote access software?

What should you really be asking about your remote access software?

17 Nov 2021
Jack Dorsey resigns as Twitter CEO
business management

Jack Dorsey resigns as Twitter CEO

29 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021