The U.S. Department of Homeland Security (DHS), the United Kingdom’s National Cyber Security Centre (NCSC), and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint statement.
Cyber attackers are on the lookout for healthcare organizations and companies that are offering essential services to respond to the COVID-19 pandemic on a national and international level. Considering the situation of cybercriminal activities, the National Cyber Security Centre (NCSC), the Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning and a joint advisory to the organizations.
Ever since the coronavirus outbreak, the risk of Advanced Persistent Threat (APT) actors trying to gain unauthorized access to these organizations’ networks and obtaining confidential COVID-19 data has significantly increased. APT actors may attempt to gather information on international and national policies for the healthcare sector or breach critical research data related to the coronavirus.
APT actors have been using password spraying for the past many years. It’s a data breaching technique where the cyber attacker attempts to obtain access by testing out a few common passwords on several organizations’ accounts, assuming that at least one account must have a common password. APT groups use this method to gain forceful access into government organizations, law enforcement agencies, research and academic organizations, telecommunication companies, financial institutions, and retail organizations.