The U.S. Department of Homeland Security’s cyber agency joined with the United Kingdom’s top cybersecurity agency May 5 to unveil malicious campaigns targeting the health care industry as it responds to the coronavirus pandemic.
DHS’ Cybersecurity and Infrastructure Security Agency and the U.K.'s National Cyber Security Centre revealed “large-scale” password spraying campaigns targeting health care institutions, medical research organizations, pharmaceutical companies and local governments, “likely” in an attempt to collect information related to the COVID-19 pandemic.
Password spraying campaigns attempt to log into accounts using commonly known passwords. The two agencies warned that advanced persistent threat groups were targeting the health care groups to collect intellectual property, bulk personal information and intelligence “that aligns with national priorities.”
“CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to COVID-19,” Bryan Ware, CISA’s assistant director for cybersecurity, said in a statement.
CISA also released tips to defend against password spraying campaigns, urging health care professionals to change easily guessed passwords to one “created with three random words” as well as implement two-factor authentication.
This is CISA and the NCSC’s second joint alert in a month. On April 8, the two agencies published an advisory warning that cyber criminals were exploiting the coronavirus pandemic in malicious campaigns. They also predicted the amount of coronavirus-themed cyberattacks would increase over the next few months.
“The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organizations, specifically during this time as healthcare organizations are working at maximum capacity,” Ware said.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.