Cybersecurity experts have warned that cybercriminals are launching attacks on healthcare and medical research organisations during the COVID-19 outbreak.
Officials from the US and the UK have both seen an increase in the number of attacks on medical bodies, in particular those on the frontline of the response to the coronavirus pandemic. According to the UK’s National Cyber Security Centre (NCSC) and the US’ Cybersecurity and Infrastructure Security Agency (CISA), password spraying has been the most common attack seen. This method attempts to access a large number of accounts using commonly known passwords.
The malicious attacks are designed to collect bulk loads of personal information, data, intellectual property and intelligence that are considered to be a national priority. The NSCS and the CISA have advised healthcare organisations to improve password security in response. A password using three random words, with two-factor authentication on accounts, will reduce the risk.
It is thought that the attacks are taking place as the organisers of the attacks hope to gather information relating to the outbreak of COVID-19. This follows on from the recent leaks of approximately 450 email addresses and passwords at WHO last month. Thousands of workers battling the coronavirus also had details leaked online.
In a bid to combat the number of COVID-19-related email scams, the NCSC launched a suspicious email reporting service last month. People can forward suspicious emails directly to the NCSC when they suspect a scam. This led to 25,000 reports in the first week, with 395 websites being taken down for scams.
NCSC’s director of operations, Paul Chichester, said: "Protecting the healthcare sector is the NCSC's first and foremost priority at this time, and we're working closely with the NHS to keep their systems safe.
"By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.
Speaking at the daily Downing Street coronavirus press conference, British Foreign Secretary Dominic Raab warned that cybercriminals had various objectives and motivations, ranging from fraud to espionage. He added “They tend to be designed to steal bulk personal data, intellectual property and wider information that supports those aims. And they're often linked with other state actors,"