The coronavirus has exposed many of the vulnerabilities of our country and unfortunately the number of bad actors looking to exploit those vulnerabilities has only risen due to the crisis. The White House and the Department of Justice has blamed China and Russia for trying to steal research related to COVID-19 from the Department of Health and Human Services and officials based that belief due to the scale and scope of the attacks, that those nation states are the most likely culprits.
Even in a time where there is a tragic toll on human lives, hospitals, pharmaceuticals, research labs, universities, health care providers and all of the businesses that make up the supply chain for these entities have seen a surge in daily attacks. Attacks on these institutions are not just coming from nation states and the hacker groups associated with them, however, but also criminal organizations trying to cover their tracks in the wake of the nation state intrusions.
Nation State Attacks
Since 2016, the majority of attacks have been detected and reported by internal teams within an organization. In 2019, however, that trend flipped with the majority of attacks being detected by external sources. There are several factors that may have influenced that data, such as more and more companies employing third party cyber security vendors, compliance changes and increased notification by law enforcement.
The continued rise in attacks by nation states has necessitated a more robust response by law enforcement and intelligence agencies. Several dormant Chinese hacker units have reactivated in the past two years and increased attacks on the United States seems to be the reason for the resurgence of these cells. In fact, it is expected that by 2023 half of all stolen record globally will be stolen from the United States.
Below is a list of identified Chinese espionage groups that are allegedly running operations against the U.S.:
- 338 Team
- APT20 (Twivy)
- APT10 (Menupass)
- APT40 (Periscope)
- APT15 (Social Network)
- Conference Crew
In the latest spate of attacks during the coronavirus pandemic, the Chinese group designated APT41 has been primarily responsible for the broad attack campaign against American medical service targets.
While lawmakers and government officials clamor for more defense measures to protect U.S. entities from sophisticated nation state attacks, cyber security is mostly left up to the individual entity. The federal government allocates a fairly small budget of about $15 billion for national cybersecurity operations and a large part of the strategy for defense has actually been to “defend forward.” To put it another way, the U.S. Cyber Command and the NSA have committed to an, “offense is the best defense,” strategy.
What this means, unfortunately, is that the businesses and institutions that are being targeted mostly have to fend for themselves. Not only are the hospitals, labs and pharmaceuticals at risk but also the ancillary businesses that make up the supply chain for those entities. While a nation state may be looking to steal critical research and data, often times the attack may come through a vendor associated with the facility conducting the research.
Phishing attacks seem to be a primary weapon all attackers, including China, are using during quarantine to great effect. Phishing emails using COVID-19 messaging as a hook have seen a significant rise. Many of these attacks have had hackers posing as government institutions, a traditional tactic, but now many phishing messages are posing as fast food companies offering free meals or coupons and lead victims to sites disguised as online ordering portals.
Because phishing attacks are so simple and effective they will not only be sent to their primary targets but also to supply chain vendors upstream who may end up infecting the intended target. Preventing these intrusions comes down to a cyber risk and resilience review, proper training for employees, designing appropriate network security systems, and centralized cybersecurity oversight.
If you are unsure about your businesses cybersecurity, reach out to our team for a complimentary impact assessment today.