Oct 20
2020
Cozy Bear’s Recent Hack Is Just One More Incident In A Troubling Trend
By Thomas Pace, vice president, global enterprise solutions, Blackberry Cylance.
Recently, hacking group Cozy Bear attempted to steal COVID-19 vaccine research from multiple organizations in Canada, the United States, and the United Kingdom. The hackers, reportedly under the employ of the Russian government, scanned targets for network vulnerabilities in an effort to infect them with network tracking and file exfiltration malware. This is not the first time research into the novel coronavirus has been a target and it is unlikely to be the last.
On some level, this news is unsurprising, as healthcare has always been an attractive target for cybercriminals.
Patient data is a valuable commodity on the black market, often containing everything one would need to know in order to commit various types of fraud. Access to critical systems can be a literal case of life and death, and these systems are often so interconnected that an attack may spread like wildfire. Finally, many healthcare agencies lack the time and resources to prioritize cybersecurity to the degree that they should.
Yet this is also a unique situation. We are currently in the midst of a global pandemic, a period of heightened sensitivity and unprecedented digitization. People in all industries are exhausted and anxious, a combination which makes them particularly susceptible to mistakes.
Moreover, vaccine research is a priority for governments across the world. Each seeks to lessen the virus’s impact on their citizenry and economy, with many employing state-sponsored actors to give themselves a leg up. Rank-and-file criminals, meanwhile, are also perfectly willing to exploit the situation for their own gain.
At all levels, phishing campaigns remain the number one attack vector. There’s no need to waste effort trying to break through an organization’s defenses if one can simply trick an employee into granting access. Agencies researching the COVID-19 vaccine are particularly susceptible to targeted phishing attacks due to the collaborative nature of their work.