The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning of likely targeting and compromise of U.S. COVID-19 research organizations by the People’s Republic of China (PRC).
In response to the threat, the FBI and CISA urge all organizations conducting COVID-19 research “maintain dedicated cybersecurity and insider threat practices to prevent.”
The FBI and CISA described the threat in a public service announcement:
“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research. The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”FBI and CISA
Earlier this month, CISA and the United Kingdom’s National Cyber Security Centre (NCSC) released a similar alert of bad actors targeting Coronavirus Disease 2019 (COVID-19) response organizations.
In those attacks, APT groups used large-scale password spraying campaigns to target healthcare entities in a number of countries, including the United Kingdom and the United States.
In addition, a large Snake ransomware campaign recently targeted healthcare companies worldwide. One of the victims included Fresenius, Europe’s largest private hospital operator and leading healthcare company based out of Germany.
As part of the recent alert, the FBI and CISA issued recommendations to combat attackers looking to exploit COVID-19 research organizations, such as:
- Be aware that press attention related to COVID-19 relate research will likely lead to increased interest and cyber activity from bad actors.
- Actively scan and patch vulnerabilities on your systems (with priority of internet-connected servers and critical vulnerabilities).
- Monitor systems for unauthorized access, modification or anomalous activities.
- Require multi-factor authentication and use strong passwords.
- Identify and suspend user access that exhibits unusual activity.
Readers can also check out additional cybersecurity best practices at the CISA Coronavirus site.