UK and US COVID-19 labs under cyber attack

Universities, laboratories and other healthcare organisations in both the UK and US have suffered “malicious cyber campaigns” from rival states, it has been reported.

The UK’s National Cyber Security Centre (NCSC) and US Cybersecurity and Infrastructure Security Agency (CISA) have discovered large-scale “password spraying” campaigns. This is the term given to widespread attempts to access a large number of accounts using commonly-known passwords.

In response to the threat, staff at medical research facilities and healthcare organisations have been advised to immediately change their passwords. There has not been a known successful attack on a UK institute as yet.

The joint alert released by the UK and US does not name any countries suspected of being behind the attacks but previous nation-state cyber campaigns have been attributed to countries such as China, Russia and Iran.

Speaking exclusively to International Security Journal, Andy Watkin-Child CSyP, a Chartered Cybersecurity Professional and Global CISO explained why the labs may have been targeted: “A combination of factors are making health facilities, laboratories and universities targets for hackers. It should not be a surprise when there is a need to deliver the necessary COVID-19 testing capabilities and develop a suitable vaccine that hackers will see this as an opportunity.

“The lockdown has had an adverse impact on hackers, it has reduced their ability to launch attacks as systems have been shut down and people sent home, revenue streams have dried up. With all good business models, the hackers will simply re-purpose their targets and healthcare, laboratories, and universities will contain valuable personal data and intellectual property. This can, for example, be held to ransom or be used for other forms of fraud. We must remember that historically, medical facilities like laboratories and hospitals and academic institutions have been soft targets for hackers. Mainly due to their low levels of cyber maturity.”

On the subject of trying to defend against state-sponsored attacks, Andy warned: “It’s going to be a challenge for companies to defend themselves against nation state or nation state backed hackers. There are a few quick wins which can be implemented such as cyber awareness and education, do not open emails with attachments unless you are confident of their origin, check before you click and check before you respond. Make sure all your technology is patched up to date, especially web facing assets like website and VPNs. If possible encrypt data at rest, in use and when it moves around the business and keep the sensitive data away from main corporate networks for the time being. And above all, have an incident response plan in place for when things go wrong.”

Former British Intelligence Officer, Philip Ingram MBE believes the attacks could be motivated by the potential commercial value of being the first to produce an effective COVID-19 vaccine. He commented: “Research institutions, Universities and Pharma companies researching COVID-19 treatments and vaccines for the SARS-CoV-2 virus have been on standby for some time working with the NCSC to secure their networks from initially anticipated Nation State cyber activity aimed at trying to access research and possibly steal vaccine research and intellectual property.

“Whoever develops a vaccine first will have the positive publicity around helping solve the pandemic but also the commercial potential is huge. This means that trying to get an advantage will be high in the priorities of certain nations. Whilst there has been an increase in state sponsored activity, the preparations put in place have thwarted any breaches in the UK to date. However, that will just make attackers more determined. Cyberspace is definitely an international battleground in the fight to beat the virus.”

It seems certain that these attacks will continue over the coming weeks and months, it is now down to governments and healthcare organisations to “ramp up” their response.