Coronavirus related cyber espionage

Cyber Security Alert: Important information from the Australian Digital Health Agency

Coronavirus related cyber espionage

What’s happened?

The Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC) has advised that advanced persistent threat (APT) actors are targeting healthcare organisations and medical research facilities, seeking information and intellectual property about vaccine development, treatments, research and responses to the pandemic.

The ACSC assesses that Australian health or research sector and sectors could be at greater threat of being targeted and potentially compromised by ATP groups. [1] The USA [2] and UK [3] governments’ cyber security agencies have also published warnings.

How are attacks occurring?

Threat actors may use COVID-19 themed spear-phishing attacks, ransomware and brute force password attacks. ACSC advised that threat actors have compromised the email servers of health sector entities in Australia, which are then used to distribute COVID-19 phishing emails in an attempt to deploy malicious software, including ransomware, or to gain access to other targeted organisations.

Brute force (password spray) attacks use commonly-used passwords to guess user login credentials for webmail, remote desktop access or cloud-based services such as Office 365. Depending on the credentials and service, successful authentication can potentially lead to the actor gaining access to corporate emails, the corporate directory, global address books, remote desktop services or administrative access. [4]

What do I need to do?

1. Implement the ASD Essential Eight controls. [5]
2. Enforce strong passwords (at least 14 characters long).
3. Enforce multi-factor authentication to log on to external facing web sites and systems.
4. Refer to the ACSC advice about how to detect and mitigate password spray attacks [4] and protect web applications and users [6].
5. Refer to the ACSC cyber security guides for working from home; web conferencing; and advice to avoiding scams. [7] [8]

How could this affect me?

1. Compromise of organisation systems.
2. Theft of intellectual property.
3. Bulk compromise of personal identifying information, including health information.

Where can I get more information?

1. Advisory 2020-009: Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services. [Internet]. Available from: https://www.cyber.gov.au/threats/advisory-2020-009-advanced-persistent-threat-apt-actors-targeting-australian-health-sector-organisations-and-covid-19-essential-services.
2. Advisory: APT groups target healthcare and essential services. [Internet]. [cited 2020 May 5]. Available from: https://www.ncsc.gov.uk/news/apt-groups-target-healthcare-essential-services-advisory.
3. Advisory – 2019-130: Password spray attacks – detection and mitigation strategies. [Internet]. Available from: https://www.cyber.gov.au/threats/advisory-2019-130.
4. Australian Signals Directorate. Essential Eight Explained. Available from: https://acsc.gov.au/publications/protect/essential-eight-explained.htm.
5. COVID-19 cyber security advice. [Internet]. Available from: https://www.cyber.gov.au/COVID-19.
6. Threat update: COVID-19 malicious cyber activity. [Internet]. Available from: https://www.cyber.gov.au/threats/threat-update-covid-19-malicious-cyber-activity-20-apr-2020.

For more information on COVID-19 and your nearest testing clinics, click here. The COVID-19 health pathways can be found here.