Sophisticated hackers are targeting healthcare and medical research organizations to gain information about the novel coronavirus, according to U.S. and U.K. cybersecurity agencies.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency and the U.K.'s National Cyber Security Centre in a joint alert issued Tuesday said they have found evidence that "(advanced persistent threat) actors are actively targeting organizations involved in both national and international COVID-19 responses."
APT groups typically comprise hackers backed by a nation state. The CISA and the NCSC did not say whether the attacks they've identified were linked with specific countries.
Hospitals have already seen an uptick in cyberattacks trying to take advantage of the COVID-19 outbreak to spread malware. But the attacks warned of by the U.S. and U.K. cybersecurity agencies this week differ in that APT groups are frequently looking to steal intellectual property or sensitive data related to COVID-19 research.
Hackers affiliated with APT groups have looked to exploit healthcare organizations' weak password practices, according to the agencies.
The CISA and the NCSC are in the midst of investigating "large-scale password spraying campaigns" that have targeted healthcare entities in the U.S. and the U.K., as well as international healthcare organizations. In a password spraying campaign, a hacker will try to enter different commonly used passwords into many accounts to try to break in to them.
"These attacks are successful because, for any given large set of users, there will likely be some with common passwords," the alert reads.
Hackers have also been taking advantage of the shift to remote work by searching out vulnerabilities in virtual private network, better known as VPN, products.
The CISA and the NCSC warned that they're investigating multiple attacks against organizations involved in COVID-19 research, including against pharmaceutical companies, medical research organizations and universities. Those attacks may have been perpetrated to "steal sensitive research data and intellectual property for commercial and state benefit," the agencies said.
To protect against cyberthreats, the CISA and the NCSC recommended organizations implement multi-factor authentication, update VPNs and set up security monitoring capabilities, among other mitigation tactics.