Security Attacks on COVID-19 research facilities

We’re seeing a substantial increase in the number of attacks against the COVID-19 supply chain, with a significant focus placed on those producing vaccines. A recent report by the UK National Cyber Security Centre (NCSC) provides advisories on identifying and mitigating the attack vectors used to compromise systems for data exfiltration.

Investigation by NCSC and Canada’s Communications Security Establishment (CSE) have suggested that, based on their findings, the attack may have been conducted by espionage APT29, and are targeting UK research facilities to steal information regarding vaccines for COVID-19.

The foothold for the attack is simplistic by nature, and further reconnaissance and exploitation is primarily based on compromising further hosts that handle the same processes and information. Our team have outlined remediation guidance below to help mitigate the risks associated with the foothold. This guidance is not limited solely to the COVID-19 supply chain but is also applicable to all organisations responsible for key data that they are hoping to keep secure.

Remediation Guidance

We strongly advise that organisations follow standard security best practice here. To remediate the below:

1. Exploitation of Vulnerable System(s) – Ensure that you apply the latest patch available and supported onto your systems. With these attacks against the supply chain, this is primarily successful due to widespread vulnerability assessment

2. Account Compromise – We strongly recommend the implementation of Two-Factor Authentication whenever possible. By doing so, the risk of account compromise via weak credentials is significantly reduced.

3. Staff Awareness – As with all security-related incidents, our team recommend comprehensive staff awareness training using a variety of methods including:

a. Security Awareness training – often available as a training or refresher course, designed to improve the security understanding and etiquette of team members

b. Campaigns – engaging staff using internal campaigns to boost awareness and promoting ongoing improvements to awareness are all beneficial. This may include posters, short sessions by respective IT Department members

c. Simulation – Providing comprehensive phishing simulation internally, or via an external provider, can lead to valuable insight into weaknesses within your team. By introducing a security supplier into this, you’re able to identify, remediate and prevent attacks from occurring in advance.