Over the last few months, we’ve addressed the ways in which the COVID-19 pandemic has brought with it new threats to organizations: From malware campaigns to the rise in remote work. The most important fight, however, is still in the field of medicine. Nevertheless, this sector is far from exempt from cybersecurity threats.

The World Health Organization has already registered 10 candidate vaccines in clinical trials, and another 121 in preclinical evaluation on COVID-19. Of those that are in clinical trials, several belong to organizations in the USA, and others in China, the first country to suffer the effects of the disease.

Although there tends to be a high level of collaboration between countries and organizations, being the first country to obtain a viable vaccine seems to be a question of national prestige that some countries consider to be a scientific race between world powers. Zuoyue Wang, professor at the University of California, believes that Chinese scientists and experts are under great pressure from the government to find a vaccine.  This could explain the Chinese attempts to carry out cyberespionage on the vaccine research, something that the FBI and CISA recently reported.

Password Spraying_

 The statement issued by the FBI indicates that “These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments,   and testing from networks and personnel affiliated with COVID-19-related research. The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”

While this statement does not go into detail about how this cyberespionage happened, another warning issued by the CISA and the UK National Cyber Security Centre (NCSC) at the start of May, mentioned that they had detected password spraying campaigns targeting health organizations. That is, brute-force attacks on passwords that use hundreds or thousands of possible combinations employing the terms and numbers most commonly used by users. This is why it is vital that organizations have a robust password policy that takes into account requirements such as length, special characters, or phrases and compound words.

More cybersecurity recommendations_

In addition to password security, the CISA and FBI also recommend that organizations researching COVID-19 follow these guidelines:

  • Assume that media attention on the organization due to its COVID-19 research will draw the attention of cyberattackers and will increase risks.
  • Update all systems to ensure there are no critical vulnerabilities, prioritizing known vulnerabilities in servers and software connected to the internet.
  • Identify and suspend any users who display suspicious activity.
  • Proactively scan web applications and programs to detect unauthorized access, changes, or abnormal activities.

The last point means that healthcare organizations must have cybersecurity solutions. However, traditional solutions can be ineffective. This is especially true considering the kind of cyberattacks that are carried out by government-backed groups with the experience and the resources to use advanced malware and techniques such as fileless attacks and Living-off-the-Land. This is why Cytomic offers its Zero-Trust Application Service, which stops any binary from running until it can be classified as trustworthy. This service is present in solutions such as Cytomic EDPR, which prevents, detects, and responds to any kind of known and unknown malware.

Investigation and rapid incident response_

But beyond healthcare organizations, these cases of industrial cyberespionage may also require states to intervene in the investigation and mitigation, given that, like in cyberwarfare, other powers always seem to be indirectly involved.  Because of this involvement, government agencies and organization tend to take responsibility for the effects that these incidents have and the possible ways they can respond to them. However, in some cases, the cyberattacks are highly advanced and are carried out by groups that are hard to identify.

In response, government organizations can rely on Cytomic Orion, an advanced proactive Threat Hunting and incident Response solution that allows SOCs to reduce the time they need to identify the exact source of advanced cyberattacks and remedy them as quickly as possible.  This way, they will be able to investigate, remediate, and get ahead of future campaigns that may endanger the most sensitive research, the research that is important for everyone, as is the case with the COVID-19 vaccine.