According to the U.K.’s National Cyber Security Centre (NCSC) July 2020 advisory, hackers are using phishing tools and spear-phishing tactics in an attempt to steal coronavirus (COVID-19) vaccine data and intellectual property assets from a number of medical research companies.
In the combined effort with the NCSC, the U.S.’s Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (DHS-CISA) and the National Security Agency (NSA), and Canada’s Communications Security Establishment (CSE) have accused a Russian intelligence group, APT29 a.k.a. “Cozy Bear” of initializing the hack. The fraudulent emails and other malware tools (“WellMess” and “WellMail”) that APT29 have used for the hack are often rife with trojans and extraction tools that can steal information without one’s permission. Currently, these counter-intelligence groups who utilize these mechanisms are targeting the pharmaceutical organizations that conduct and store research for COVID-19 vaccine trials.
While these allegations have been vehemently denied by the accused and no information have been hindered by the attempt, the hacking threat on information remains a high possibility.Other hacker groups who feel emboldened by this event can target your company’s information in the same manner. For more information on combating phishing tactics and securing your information, take a look at “Ways to Mitigate Social Engineering-based Cyber Attacks” and “Strategies to Combat the Rise of APTs.”
Organizations and federal agencies should always be aware of the hacking threats that exist in the cybersecurity space. Noted in the NCSC advisory, phishing and spear-phishing are two common ways that APT groups gain information unbeknownst to the organizations. Definitions are as follows:
As an innovative, global cybersecurity and information technology consulting firm, Wilson Consulting Grouprecognizes that security is a top priority for businesses and government agencies. We offer staff training on the appropriate use of information assets and access control, and effective solutions that help protect a company’s assets from exploitation by APT Groups. The following services we provide can identify vulnerabilities, detect potential threats, and successfullyprotect your information are:
The fight against APTs, and other cybercrime is a continuous effort. Organizations need to become more aware with the nature of these attacks and the types of effective practices and technologies that can help to combat these attacks. There is no doubt that APT attacks and other cybercrime continue to evolve, and the defense strategies adopted and implemented by organizations should too. A top-down approach is essential for effectiveness, longevity, and agility in this fight.
Connect with our experts. WCG is an innovative global cybersecurity consulting firm that aims to provide companies with solutions to keep their systems secure. We offer Cyber Security Assessment, Penetration Testing, Application Security Assessment, and Vulnerability Assessment services to evaluate any threats that your organization may face and provide solutions to combat them.