OCR warns of APT actors exploiting COVID-19 pandemic

The Office for Civil Rights (OCR) issued a release May 6 to warn of advanced persistent threat (APT) groups using the COVID-19 pandemic to target healthcare organizations and other essential services.

According to the release, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s Cyber Security Centre (NCSC) are working in tandem to investigate several incidents in which APT actors targeted pharmaceutical companies, medical research organizations, and universities.

APT actors generally target large organizations with the goal of collecting personal information, intellectual property, and other intelligence. CISA and NCSC singled out “password spraying” as a common tactic among APT groups. When utilizing this technique, cybercriminals try a widely used password against many accounts, then move on to a second password, and so on. Once they have compromised an account, APT groups not only steal information, but they gain access to other contacts to target in password spraying campaigns.

CISA and NCSC are actively investigating large-scale password spraying campaigns conducted by APT groups to target healthcare entities including those in the United States and the United Kingdom, as well as international healthcare organizations.

CISA and NCSC provided the following tips to organizations as they aim to combat APT cybercrime:

• Protect the management interfaces of your critical operational systems
• Review and refresh your incident management processes
• Set up a security monitoring capability
• Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and configurations
• Use modern systems and software
• Use multifactor authentication to reduce the impact of password compromises

For more information, see CISA’s guidance on ransomware.