IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

APT groups attacking UK bodies critical to coronavirus response, NCSC warns

Hackers are targeting healthcare bodies and pharmaceutical companies

security warning data

Businesses have been warned against a sharp rise in ‘password spraying’ attacks, with state-backed hacking groups targeting organisations critical to the COVID-19 response in the UK, US and across the world.

The well-documented rise in cyber crime has been fuelled by an uptick in activity from state-backed hacking groups targeting critical organisations like healthcare bodies and pharmaceutical companies, according to the National Cyber Security Centre (NCSC).

A joint-advisory published by the NCSC and US Cybersecurity and Infrastructure Security Agency (CISA) has warned businesses and public sector bodies against this wave of password spraying attacks. 

This brute force technique allows attackers to try a single and commonly used password against many accounts before moving on to try a second password, and so on. The nature of the attack also allows them to remain undetected by avoiding account lockouts. 

They’re successful for the most part because a large set of users are likely to share common passwords, the advisory warned.

“We know that cyber criminals, and other malicious groups are targeting individuals, businesses, and other organisations by deploying COVID-19 related scams and phishing emails,” foreign secretary Dominic Raab said at the government’s daily press briefing yesterday. 

“That includes groups that in the cyber security world are known as ‘advanced persistent threat’ groups - sophisticated networks of hackers who try to breach computer systems. 

“We have clear evidence now that these criminal gangs are actively targeting national and international organisations, which are responding to the COVID-19 pandemic, which I have to say makes them particularly venal and dangerous at this time.”

The latest advice has been published a couple of weeks after the NCSC warned against a surge in online coronavirus scams. This chimes with data from other organisations including Google, which has warned of a spike in phishing emails.

In the intervening weeks, cyber security researchers have identified malicious campaigns targeting healthcare organisations, pharmaceutical companies, research organisations, as well as various different arms of local government. 

Motives may vary, from fraud to espionage, although they largely tend to be designed to steal bulk personal data, intellectual property, and wider information that supports those aims. These groups are also connected with state actors, although the government declined to name the countries responsible.

This “predatory criminal behaviour” is expected to continue and evolve over the coming weeks and months, Raab added, so the government has reiterated the best practice advice from the NCSC to counter the threat and support businesses.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

Beyond advice, the government says it’s seeking to “counter those who conduct cyber attacks”, working in collaboration with international patterns to deter the cyber gangs and the nations backing them. 

The government is also working with the targets of these attacks, as well as potential targets, and others, to ensure these organisations aware of the cyber threat and fully prepared to stave off any attempts at intrusion.

There are several mitigating steps that organisations can take to secure themselves against potential compromise, including updating any virtual private networks (VPNs), network infrastructure devices, and devices being used to remote into work environments with patches. Using multi-factor authentication (MFA) is also a critical step that users can take to ensure their accounts benefit from an added layer of security.

Businesses have also been advised to protect the management interfaces of critical operating systems, using a browse-down architecture to prevent attackers from easily gaining privileged access to vital assets.

Various other steps that organisations can take include setting up a security monitoring capability, reviewing incident management processes, as well as using modern systems and software if not already in place.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Google rescinds mandatory vaccination policy for US staff
Business operations

Google rescinds mandatory vaccination policy for US staff

24 Feb 2022
How coronavirus has accelerated the digital transformation of Britain's public sector
public sector

How coronavirus has accelerated the digital transformation of Britain's public sector

28 Jan 2022
How to manage people successfully from a distance
Business strategy

How to manage people successfully from a distance

27 Oct 2021
Phishing emails target victims with fake vaccine passport offer
cyber crime

Phishing emails target victims with fake vaccine passport offer

21 Sep 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022