May 6, 2020

Healthcare organisations are being targeted by state-backed hackers, governments warn

By Ellen Daniel

Government agencies in the UK and US have issued a cybersecurity warning for healthcare organisations over a rise in attacks by hackers with nation-state backing.

UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory for heathcare and medical research organisations advising staff to change passwords to three random words to make them more difficult to guess, and implement two-factor authentication.

The two agencies have observed “password spraying” attacks, where attackers try to gain access to a large number of accounts using commonly used passwords, targeting healthcare organisations such as national and international healthcare bodies, pharmaceutical companies, research organisations and local government.

Although they did not disclose the origin of such attacks, the two agencies said that ‘advanced persistent threat’ (APT) groups, typically nation state or state-sponsored groups, are targeting such organisations likely with the aim of gaining information about the coronavirus outbreak.

The NCSC said that the motivation behind these attacks was collecting personal information, intellectual property and national intelligence. It is working will the NHS to help protect its systems.

Last month, the NCSC and CISA warned that cyberattackers were exploiting the coronavirus pandemic, and that coronavirus related attacks, such as scam and phishing email campaigns, will likely increase over the coming months.

“Threat groups worldwide are taking advantage of current stress”

Jonathan Knudsen, senior security strategist at Synopsys, said that it is important for cybersecurity to remain a priority at this time.

“In a time of crisis, pushing cybersecurity to the back burner might be tempting. Many believe that using strong passwords or two-factor authentication is too much trouble when you have so many other concerns. In fact, now is the very best time to evaluate and strengthen your security posture. A joint alert from DHS and NCSC shows that threat groups worldwide are taking advantage of current stress and upheaval to attack a variety of targets,” he said.

“In particular, nation-states, driven by intense competition towards COVID-19 mitigations, are employing credential spraying techniques to gain access to healthcare, pharmaceutical, research, and similar types of organisations. Credential spraying attempts to use common, weak passwords across a list of user names which are harvested ahead of an attack.

“The DHS/NCSC alert also mentions the importance of upgrading infrastructure and services. Outdated software and software components often have known vulnerabilities that can be exploited by attackers looking to gain a foothold in an organisation. The alert has a list of excellent recommendations around password security and infrastructure maintenance.

“None of this is new. The only thing that has changed is the intensity of the attacks, coupled with a shaken workforce that must work harder to make good decisions every day.”


Read more: UK government launches online cybersecurity courses for teenagers.