The National Cyber Security Centre (NCSC) last year released specific advice on how healthcare organizations should defend themselves against cyber-attacks in light of the increased digital traffic associated with the COVID-19 pandemic. The advisory, which was jointly written with the US Cybersecurity and Infrastructure Security Agency (CISA), highlights the need for advanced security measures as advanced persistent threat (APT) groups target healthcare and essential services involved in national and international COVID-19 responses.
The report identifies the key methods APTs use to perform COVID-19-related cyber-attacks, predominantly highlighting the vulnerability of pharmaceutical and research organizations and other entities with access to sensitive COVID-19 data, particularly through malicious campaigns known as password spraying. The advisory also lays out some suggestions of how healthcare organizations could mitigate these threats. These seek to minimize the risk of password compromising attacks by enforcing stricter institutional password security through, for instance, comprehensive security software, password screening and adding multi-factor authentication (MFA) to login credentials.
Since the beginning of the pandemic, there has been a slew of attacks by cyber-criminals exploiting the amplified sense of uncertainty and fear associated with the disease. The reasons for these attacks have run the gamut: commercial gain, espionage, poaching bulk personal information, response manipulation through misinformation and theft of intellectual property, to name a few. Given the primacy of the pandemic, cyber-criminals will likely be interested in gathering COVID-19-specific information, leaving organizations such as the NHS, integral to the pandemic response, particularly vulnerable to attack.
Password Spraying
One ..
Support the originator by clicking the read the rest link below.
