A consultant from the US Department of Homeland Security
(DHS), the Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre
(NCSC) warns of a coordinated attack on the
medical industry and other essential services.
APT (Advanced Permanent Threat Reduction) teams focus on several
organizations, including health authorities, pharmaceutical companies,
academics, medical research organizations and local governments, particularly
participating in national and international COVID 19 response teams.
APAs are generally groups supported by states or a de facto state
entity that attempt to disrupt services, steal data or spy on companies from
and even countries. Health organisations are often concerned because they store valuable health data in zone
. The pandemic makes it the primary target of
, as TPAs seek information for internal research on
Covid-19 related drugs.
The global reach of these organizations and international supply chains
increases the vulnerability of cybercriminals in cyberspace, according to the report.
Stakeholders see the supply chain as a weak link they can use to access safer destinations. Many parts of the supply chain are also affected by the shift to teleworking and the resulting new vulnerabilities.
One of the methods used in these attacks is the so-called
password crushing, in which malicious actors try to carry out an attack with brute force using ordinary passwords.
Since one of the main security problems is that people who do not easily and simply choose
passwords or who reuse the same password on different services, the
method generally gives results.
Even if a password works in an organization,
is sufficient, especially for APT groups that are much better prepared than normal hackers. They
can endanger the network, move to the company or institution when
is needed, and gain access to other references.
ICAR and NCSC state that as long as the Covid 19,
pandemic continues, every healthcare organization runs an additional risk. Two government officials also presented a number of possible measures to limit the damage:
- Update VPNs, network infrastructure devices and
devices used in external work environments with the latest patches and configurations of
- Use multi-factor authentication to reduce the impact of
- Protection of control interfaces for critical control systems
. In particular, the use of an overview architecture up to level
does not allow attackers to easily gain privileged access to your main
- Configure the security monitoring function to collect the
data you need to analyze network intrusions.
- Assess and update the incident management processes
- Use modern systems and software. They have the best security system in the world. If you cannot immediately give up outdated
platforms and applications, you can take short term steps to improve the position of