Cozy Bear’s Recent Hack Is Just One More Incident In A Troubling Trend

By Thomas Pace, vice president, global enterprise solutions, Blackberry Cylance.

Thomas Pace

Recently, hacking group Cozy Bear attempted to steal COVID-19 vaccine research from multiple organizations in Canada, the United States, and the United Kingdom. The hackers, reportedly under the employ of the Russian government, scanned targets for network vulnerabilities in an effort to infect them with network tracking and file exfiltration malware. This is not the first time research into the novel coronavirus has been a target and it is unlikely to be the last.

On some level, this news is unsurprising, as healthcare has always been an attractive target for cybercriminals.

Patient data is a valuable commodity on the black market, often containing everything one would need to know in order to commit various types of fraud. Access to critical systems can be a literal case of life and death, and these systems are often so interconnected that an attack may spread like wildfire. Finally, many healthcare agencies lack the time and resources to prioritize cybersecurity to the degree that they should.

Yet this is also a unique situation. We are currently in the midst of a global pandemic, a period of heightened sensitivity and unprecedented digitization. People in all industries are exhausted and anxious, a combination which makes them particularly susceptible to mistakes.

Moreover, vaccine research is a priority for governments across the world. Each seeks to lessen the virus’s impact on their citizenry and economy, with many employing state-sponsored actors to give themselves a leg up. Rank-and-file criminals, meanwhile, are also perfectly willing to exploit the situation for their own gain.

At all levels, phishing campaigns remain the number one attack vector. There’s no need to waste effort trying to break through an organization’s defenses if one can simply trick an employee into granting access. Agencies researching the COVID-19 vaccine are particularly susceptible to targeted phishing attacks due to the collaborative nature of their work.

And while many criminals will rely on scans to identify exploitable weaknesses in a target’s externally-exposed services and devices, nation-state actors can often find a way in even if there are no known vulnerabilities. To make matters worse, HHS and other agencies are now compiling COVID-19 data into a central database. While this cooperative, centralized approach is necessary to the process of finding a vaccine, it also significantly increases the risk that crucial data may be compromised.

Prevention and mitigation will require a concerted effort on the part of CISOs. The first step is to focus on education. To coach employees on the importance of mindfulness and train them to recognize the tactics commonly employed in phishing attacks.

Where the protection of centralized data is concerned, it’s imperative that information is properly segregated and protected. As much as possible, access must be strictly controlled and monitored, ideally with security controls that retain ownership of data as it’s shared across systems.  Multifactor authentication is a must, as is a strong privacy policy and acceptable use policy.

Fortunately, there are already many other industries that research agencies can look to for inspiration here. Banks and credit unions, public sector organizations, and law firms all routinely manage highly-sensitive data ranging from intellectual property to state secrets. Examining the methods, processes, and standards with which they protect this data is therefore an excellent starting point.

Lastly, if your organization is unable to manage the security of its systems and data internally, the task can be outsourced to a skilled third party. While this does admittedly come with its own risks, it’s still better than the alternative. Health agencies, particularly research-focused ones, typically suffer from a lack of internal resources and expertise where cybersecurity is concerned – third-party vendors can go a long way towards mitigating this weakness.

From criminals looking to make a quick buck to state-sponsored actors, criminals are targeting coronavirus research with alarming frequency. For this research to continue, the threat they represent cannot be ignored. Cybersecurity needs to be as much a part of the cure as research into the virus itself.

Write a Comment

Your email address will not be published. Required fields are marked *