Healthcare and medical research employees fighting the coronavirus pandemic are being targeted by advanced hacking groups, security officials in the US and the UK warned this week.
"Security agencies in the United Kingdom and United States have exposed malicious cyber campaigns targeting organizations involved in the coronavirus response," the UK's National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) said in a joint statement released on Tuesday.
The target? Information.AdvertisementMore specifically, the
Networking giant Cisco Systems describes APT attacks as, "a covert cyber attack on a computer network where the attacker gains and maintains unauthorized access to the targeted network and remains undetected for a significant period." These types of attacks are particularly damaging for the target because they aren't necessarily intended to shut down or damage, but to snoop surreptitiously — to spy, steal, and potentially damage.
The campaigns have primarily used a technique known as "password spraying," which employs widely-used passwords across whole networks of logins. Even if only a few accounts use those passwords, that's all the hacking groups need to gain access.
As such, US and UK security officials urged healthcare and medical research staff around the world to take two main security precautions:
- "Change any passwords that could be reasonably guessed to one created with three random words."
- "Implement two-factor authentication."
Read the original article on Business Insider