Categories
Quick Analysis

China Targets Western COVID Research

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning to about China’s threat to COVID-19-related research.

The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by China’s spies. Beijing’s agents are attempting to obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research. According to the Bureau, “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”

The FBI and CISA have cautioned all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to deter the PRC’s cyberspies.

Both agencies have outlined how weakness in security may occur, and what to do about the challenge.  They note that press attention affiliating an organization with COVID-19-related research will lead to increased interest and subsequent cyber activity. To deter the illicit activity, they urge researchers to strengthen all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data. Web applications should be scanned for unauthorized access, modification, or anomalous activities. Credential requirements should be upgraded against possible intrusion. When suspicious activity is spotted, the questionable users should be blocked and suspended. And of course, report dangerous activity to the FBI.

A joint U.S.-U.K. international effort to deter Chinese COVID-19 espionage is also raising an alarm. A joint alert from the United States Department of Homeland Security (DHS) , the Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) warns that there areindications that advanced persistent threat groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations.”

According to officials of the two nations,  Anglo-American healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments are specifically targeted. The cyberspies collect bulk personal information, intellectual property, sensitive information and related intelligence.

There have been a number of suspected incidents in which threat actors are targeting these organizations in order to steal sensitive research data and intellectual property for commercial and state benefit.

Toxic substances from cigarettes poison the body leading to liver cancer viagra price australia and many other diseases. Horny goat weed has traditionally been used by Chinese medicine for centuries as a generic viagra discount cure for erectile dysfunction. As a result, nerves can hold more blood and help to enjoy enhanced sexual pleasure in copulation. canada pharmacy viagra This prescription is a phosphodiesterase (PDE) inhibitor and generic levitra pills will increase the blood flow to the penis as stimulation occurs.

These organizations’ global reach and international supply chains increase exposure to malicious cyber actors. Beijing’s agents are exploiting weaknesses in supply chains, a noted security weak link, to achieve their goals.  That weakness has grown worse as the pandemic has resulted in the shift to remote working, which has considerably increased vulnerability.  Specifically,

Recently cyberspies have scanned the external websites of targeted companies, looking for vulnerabilities in unpatched software. Known targets include Citrix vulnerability CVE-2019-19781,  vulnerabilities in virtual private networks, and products from Pulse Secure, Fortinet, and Palo Alto.

International investigators are reviewing  large-scale password spraying campaigns conducted by malicious foreign actors.

These actors are using this type of attack to target healthcare entities in a number of countries—including the United Kingdom and the United States—as well as international healthcare organizations. In the past, they have used password spraying to target a range of organizations and companies across sectors—including government, emergency services, law enforcement, academia and research organizations, financial institutions, and telecommunications and retail companies.

Password spraying is a commonly used style of brute force attack in which the attacker tries a single and commonly used password against many accounts before moving on to try a second password, and so on. This technique allows the attacker to remain undetected by avoiding rapid or frequent account lockouts. These attacks are successful because, for any given large set of users, there will likely be some with common passwords. Malicious cyber actors, collate names from various online sources that provide organizational details and use this information to identify possible accounts for targeted institutions. The actors will then “spray” the identified accounts with lists of commonly used passwords.

Once the malicious cyber actor compromises a single account, they will use it to access other accounts where the credentials are reused. Additionally, the actor could attempt to move laterally across the network to steal additional data and implement further attacks against other accounts within the network.

In previous incidents investigated by CISA and NCSC, malicious cyber actors used password spraying to compromise email accounts in an organization and then, in turn, used these accounts to download the victim organization’s Global Address List (GAL). The actors then used the GAL to password spray further accounts.