415 IT Blog
We’re Seeing an Increase in COVID-19-Related Cyberattacks
Since the beginning of the COVID-19 situation in March, creating a vaccine has been a major priority. True to form, hackers have begun targeting the very organizations responsible for the vaccine trials. There’s a lesson to be learned, today we’ll discuss it.
Cozy Bear
According to the UK’s National Cyber Security Centre, a group with the moniker “APT29” (who is also known as “Cozy Bear” or as “the Dukes”) has started to relentlessly hack organizations tabbed with creating a vaccine for COVID-19. These claims have been corroborated by both US and Canadan authorities, and present a significant roadblock to the progress of COVID-19 vaccine production.
In fact, the National Cyber Security Centre released a report that goes on to describe APT29’s use of several exploits in conjunction with spear phishing attacks to gain access to CSC’s network and infrastructure. Once network security is breached the organization gets busy deploying malware known as WellMess or WellMail.
CSC has been working with software vendors to patch vulnerabilities. Software that has been patched doesn’t provide the exploitable pathways that often lead to problems.
Experts believe that this is not the first time APT29 has struck and that this threat should be taken very seriously. The organization is believed to be behind the 2016 hack that broke into the Democratic National Committee’s systems. The group has also been suspected of attacks against various healthcare, energy, government and other organizations.
Spear Phishing
We relentlessly discuss phishing in our blog, because it is one of the biggest threats to maintaining network security. Most phishing attacks are messages sent randomly, but the spear phishing attack is one that is planned and executed deliberately to target one person. Hackers look for a weak link and try to take advantage of it.
While your organization probably won’t be targeted by major hacking collectives, it is still important that you and your staff know how to identify a phishing attack and what to do if you suspect you are being attacked. Here are a few tips:
- Always check the details. Legitimate emails are sent from legitimate email addresses. Take a look at the email address of suspect emails and you’ll likely see a potential ruse.
- Proofread the message. Most business correspondence is proofread before it is sent. If the spelling and grammar looks as suspect as the email is, it’s likely illegitimate.
- Reach out. If there is any question, reach out to the organization/person sending the message. The more you know, the less likely you will fall for a scam.
Identifying phishing attacks has to be a major point of emphasis for your company. Call 415 IT today at (415) 295-4898 for help with getting the resources you need to properly train your team.
Comments