Hackers affiliated to China are targeting U.S. organisations conducting COVID-19-related research to gain access to valuable intellectual property, and data related to vaccines, treatments, and testing, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned.
In a press release published Wednesday, the two agencies said that they are presently investigating "the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors". The main motive driving the hacking campaign is to illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.
The agencies warned that the potential theft of COVID-19-related research data and public health data could jeopardise the delivery of secure, effective, and efficient treatment options. Therefore, organisations conducting COVID-19-related research have been advised to maintain dedicated cyber security and insider threat practices to prevent surreptitious review or theft of research data.
The two agencies have advised research firms to patch all systems to remove critical vulnerabilities, prioritise timely patching for known vulnerabilities in internet-connected servers and software that process Internet data, actively scan web applications for unauthorised access, modification, or anomalous activities, implement multi-factor authentication, and identify and suspend access to users who exhibit unusual activity.
Earlier this month, the UK's National Cyber Security Centre and the U.S. Department of Homeland Security also issued a joint advisory, warning organisations about ongoing activity by APT groups to target organisations involved in both national and international COVID-19 responses, such as healthcare bodies, pharmaceutical companies, and medical research organisations.
The primary motive of such APT groups is to collect bulk personal information, intellectual property and intelligence that aligns with national priorities. NCSC observed that "actors may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19 related research".
Countries should avoid doing geopolitical brinksmanship in this period of crisis
Commenting on the FBI and CISA warning about Chinese hackers targeting organisations conducting COVID-19-related research, Sam Curry, chief security officer at Cybereason, said that this latest move by China is an act of war. The attacks in a time of pandemic on the healthcare and research infrastructure are diabolical. In any other theater besides cyber, they would be a clear act of war and subject to diplomatic, economic and potentially military reprisals.
"Some nation-states are treating the COVID crisis as a continuation of the age-old game of tit-for-tat, and it’s shameful. Even though things are incontrovertibly provable online, Occam’s Razor still applies and the preponderance of circumstantial evidence makes it clear what the real actions of a country are regardless of rhetoric.
"We might have disinformation and misinformation wars in the propaganda sphere, but cyber-brinksmanship at this time is a whole different game and could render any short term gains by belligerents moot in a world where they become pariahs once the crisis clears. Beware playing existential games at a time like this to all cyber nations," he added.
According to Nicolas Fischbach, Chief Technology Officer at Forcepoint, we're operating in a "heightened environment where nation-states – as well as cybercriminals acting for financial gain – can exploit the associated human stressors with our current situation to get to money or valuable intellectual property by exploiting the work-from-home model or hiding in the noise generated by all these on-going changes in the infrastructure."
"It’s therefore critical for organisations to understand the context behind user interactions with data and systems – for instance, security teams can respond faster if they knew someone was acting outside of their normal work routine or were trying to access files they typically don’t interact with. Having the ability to observe behaviours and adapt protection to changing levels of risk is critical to preventing and mitigating cyberattacks," he added.