With the onset of the global pandemic, the number of COVID-19 cases hasn’t been the only thing that’s been on the rise. The world has witnessed a significant rise in number of cyberattacks targeting healthcare related institutions and organizations, some of which have been prominent companies working on the COVID-19 vaccine and treatment.
Microsoft, today, made a blog post addressing this severe issue and shared details about the cyberattacks that it has uncovered. The blog post was titled “Cyberattacks targeting health care must stop.”
Microsoft says that it has identified three hacker groups or “actors” who have carried out several cyberattacks on seven different targets in the last few months. The targets were pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States.
Majority of the targets, Microsoft said, are vaccine makers, ones who already have COVID-19 vaccines under trails in different stages. One of the targets is also a clinical research organization involved in trials, while another one has developed a Covid-19 test. Microsoft said that attacks such as these are “unconscionable and should be condemned by all civilized society.”
The three identified hacker groups are the Russian Fancy Bear, and the North Korean Lazarus group and Cerium. The company refers to the former two groups as Strontium and Zinc.
The Russian group, Fancy Bear or Strontium, reportedly used password spraying and brute-force attacks to gain login credentials. Password spraying involves attempting to login on several accounts using commonly used passwords, while brute-forcing involves trying different character combinations until the password is found. The hacker group is also associated with spreading of disinformation and other attacks leading up to the 2016 U.S presidential election.
The other two hacker groups are from North Korea. Lazarus group or Zinc is associated with the infamous WannaCry ransomware attack in 2017. This time though, the group has mainly conducted spear-phishing attacks in order to gain access to user credentials.
Spear phishing is basically a customized and targeted version of general phishing attacks. The hacker creates messages tailored to its target with personal details like their name and contact information, trying to trick the target into thinking that it’s a legitimate message from someone who might know them. This is exactly what the Lazarus group did. Microsoft said that the group sent messages with fabricated job descriptions pretending to be recruiters.
The other North Korean group ‘Cerium’ appears to be somewhat new to the scene, as not much is known about them. According to Microsoft, they also used spear-phishing and they disguised themselves as World Health Organization representatives.
The blog post appears to be complimentary to Microsoft’s expected presence in the Paris Peace Forum. “Today, Microsoft’s president Brad Smith is participating in the Paris Peace Forum where he will urge governments to do more. Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law,” wrote the company in the blog post.
These recent developments and the news of growing cyber attacks almost sounds like a story out of a cyberpunk themed series or a novel, but it is the reality that we face now. The company said that the security features built into their products were able to prevent most of these attacks and but they have provided required support in cases in which the attacks were successful.
Microsoft has urged world leaders and nations to come together to create better cybersecurity laws surrounding healthcare and to enforce the law when necessary. The company said, “it is essential for world leaders to unite around the security of our health care institutions and enforce the law against cyber attacks targeting those who endeavor to help us all.”