The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

FBI, CISA Say China Is Targeting COVID-19 Research

by Chris Brook on Thursday May 14, 2020

Contact Us
Free Demo
Chat

In a PSA on Wednesday, the FBI and CISA warned healthcare and pharmaceutical orgs that Chinese hackers are seeking valuable IP and health data regarding COVID-19 treatment.

The U.S. government warned last week that APT groups have been zeroing in on healthcare preanies with the aim of extracting sensitive COVID-19 intelligence and research.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) - part of the Department of Homeland Security - doubled down on those claims this week in a joint public service announcement (.PDF) unmasking the enemy as hackers working for the People's Republic of China.

It's the latest instance of the U.S. government formally attributing a cyberattack to Chinese-affiliated hackers – something that was once a rarity but become more common over the last several years.

The government agencies are encouraging organizations that are working on a response to COVID-19 to be aware they're being targeted and in some instances, compromised. Research institutions, pharmaceutical companies, and healthcare companies especially should remain on high alert, the agencies say.

“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research, the PSA reads, “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”

While neither agency released additional details around the attribution, a FBI press release accompanying the news promised that “additional technical details regarding the threat will be released in the coming days.”

To combat the threat, the agencies are making the following recommendations:

  • Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity.
  • Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
  • Actively scan web applications for unauthorized access, modification, or anomalous activities.
  • Improve credential requirements and require multi-factor authentication.
  • Identify and suspend access of users exhibiting unusual activity

CISA has had its hands full these past several weeks. Earlier this week, the agency, also working with the FBI, recapped the top 10 vulnerabilities it saw exploited from 2016-2019.

Last week, the group, in a joint warning alongside the United Kingdom's National Cyber Security Centre (NCSC) first cautioned healthcare companies working on COVID-19 treatments that they were being targeted.

"APT actors are actively targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments," the groups said at the time.

In that advisory the groups said that APT groups were carrying out large-scale password spraying campaigns to infiltrate organizations and companies, then looking to get into as many accounts as possible, using that access to download email lists and password spray further.

Tags: Healthcare, Industry Insights

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.