APT groups attacking UK bodies critical to coronavirus response, NCSC warns

Hackers are targeting healthcare bodies and pharmaceutical companies

Businesses have been warned against a sharp rise in ‘password spraying’ attacks, with state-backed hacking groups targeting organisations critical to the COVID-19 response in the UK, US and across the world.

The well-documented rise in cyber crime has been fuelled by an uptick in activity from state-backed hacking groups targeting critical organisations like healthcare bodies and pharmaceutical companies, according to the National Cyber Security Centre (NCSC).

A joint-advisory published by the NCSC and US Cybersecurity and Infrastructure Security Agency (CISA) has warned businesses and public sector bodies against this wave of password spraying attacks. 

This brute force technique allows attackers to try a single and commonly used password against many accounts before moving on to try a second password, and so on. The nature of the attack also allows them to remain undetected by avoiding account lockouts. 

They’re successful for the most part because a large set of users are likely to share common passwords, the advisory warned.

“We know that cyber criminals, and other malicious groups are targeting individuals, businesses, and other organisations by deploying COVID-19 related scams and phishing emails,” foreign secretary Dominic Raab said at the government’s daily press briefing yesterday. 

“That includes groups that in the cyber security world are known as ‘advanced persistent threat’ groups - sophisticated networks of hackers who try to breach computer systems. 

“We have clear evidence now that these criminal gangs are actively targeting national and international organisations, which are responding to the COVID-19 pandemic, which I have to say makes them particularly venal and dangerous at this time.”

The latest advice has been published a couple of weeks after the NCSC warned against a surge in online coronavirus scams. This chimes with data from other organisations including Google, which has warned of a spike in phishing emails.

In the intervening weeks, cyber security researchers have identified malicious campaigns targeting healthcare organisations, pharmaceutical companies, research organisations, as well as various different arms of local government. 

Motives may vary, from fraud to espionage, although they largely tend to be designed to steal bulk personal data, intellectual property, and wider information that supports those aims. These groups are also connected with state actors, although the government declined to name the countries responsible.

This “predatory criminal behaviour” is expected to continue and evolve over the coming weeks and months, Raab added, so the government has reiterated the best practice advice from the NCSC to counter the threat and support businesses.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

Beyond advice, the government says it’s seeking to “counter those who conduct cyber attacks”, working in collaboration with international patterns to deter the cyber gangs and the nations backing them. 

The government is also working with the targets of these attacks, as well as potential targets, and others, to ensure these organisations aware of the cyber threat and fully prepared to stave off any attempts at intrusion.

There are several mitigating steps that organisations can take to secure themselves against potential compromise, including updating any virtual private networks (VPNs), network infrastructure devices, and devices being used to remote into work environments with patches. Using multi-factor authentication (MFA) is also a critical step that users can take to ensure their accounts benefit from an added layer of security.

Businesses have also been advised to protect the management interfaces of critical operating systems, using a browse-down architecture to prevent attackers from easily gaining privileged access to vital assets.

Various other steps that organisations can take include setting up a security monitoring capability, reviewing incident management processes, as well as using modern systems and software if not already in place.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Website problems slow coronavirus vaccine rollout
hacking

Website problems slow coronavirus vaccine rollout

6 Jan 2021
Upskilling a remote workforce
training

Upskilling a remote workforce

15 Dec 2020
The IT Pro Podcast: The power of disinformation
social media

The IT Pro Podcast: The power of disinformation

11 Dec 2020

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
BT faces £600m class-action lawsuit for 'overcharging'
Policy & legislation

BT faces £600m class-action lawsuit for 'overcharging'

18 Jan 2021