Surprise surprise! Hostile states are hacking coronavirus vaccine research, warn UK and USA intelligence

Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning.

The National Cyber Security Centre (NCSC) and America’s Cybersecurity and Infrastructure Security Agency (CISA) cautioned of a “password spraying” campaign targeting healthcare and medical research organisations.

Hostile countries are also said to be abusing a specific Citrix vulnerability (CVE-2019-19781) that, if unpatched, permits remote code execution by an unauthenticated user. In addition, they are also abusing vulns in VPNS from Palo Alto Networks, Fortinet and Pulse Secure to snare people working from home.

Paul Chichester, NCSC director of operations, said in a statement: “Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe.”

Vietnam alleged to have hacked Chinese organisations in charge of COVID-19 response

READ MORE

The joint warning comes hot on the heels of reports from Sunday newspapers that Iran and Russia are targeting British universities in the hope of stealing insights into how to fight the deadly coronavirus pandemic.

Bryan Ware, CISA’s assistant director of cybersecurity, said in another canned statement: “The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organizations, specifically during this time as healthcare organizations are working at maximum capacity.”

A lightly detailed advisory note published [PDF] by NCSC explained: “The NCSC and CISA are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organisations, and universities…"

"Actors view supply chains as a weak link that they can exploit to obtain access to better-protected targets. Many elements of the supply chains will also have been affected by the shift to remote working and the new vulnerabilities that have resulted.”

NCSC’s Chichester warned that his agency “can’t do this alone,” and called on “healthcare policy makers and researchers” to “take our actionable steps to defend themselves from password spraying campaigns.”

Password spraying differs from common-or-garden brute-forcing by trying a single commonly used password against a list of target accounts. Having done so, attackers then try the next most common password, thereby avoiding rate-limiting or compromise detection software that locks targeted accounts against new login attempts. ®