Security News

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting similarities in the post-exploitation process, leading the researchers to connect the two attacks to the North Korean government-linked hackers.

The advanced persistent threat known as Lazarus Group and other sophisticated nation-state actors are actively trying to steal COVID-19 research to speed up their countries' vaccine-development efforts. That's the finding from Kaspersky researchers, who found that Lazarus Group - widely believed to be linked to North Korea - recently attacked a pharmaceutical company, as well as a government health ministry related to the COVID-19 response.

The North Korea-linked threat actor known as Lazarus was recently observed launching cyberattacks against two entities involved in COVID-19 research. Active since at least 2009 and believed to be backed by the North Korean government, Lazarus is said to have orchestrated some high-profile attacks, including the WannaCry outbreak.

Several U.S. government organizations have issued warnings regarding various types of fraud and phishing schemes that use COVID-19 vaccine-related topics to lure potential victims. The alert from the FBI, HHS-OIG, and CMS reads, could take the form of ads that claim to offer early access to vaccines in exchange for a deposit or fee, requests to pay for the vaccine or enter personal information on a so-called waiting list, or offers to undergo medical testing to obtain the vaccine.

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. Many scammers have rolled out campaigns offering COVID-19 vaccines, free medical tests and testing kits, tax rebates for donation to pandemic relief funds, information on COVID-19 cases, and new job opportunities due to the economic downturn.

US federal agencies have warned about scammers exploiting the public's interest in the COVID-19 vaccine to harvest personal information and steal money through multiple ongoing and emerging fraud schemes. Potential indicators of such fraudulent activity highlight by the FBI include offers for early access to vaccines conditioned by payment in advance, requests to pay out to receive a vaccine or to get added to a waiting list, and offers to ship doses of the vaccine in exchange of money transfers.

The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. While almost perfectly cloning the contents of the real sites, the website seized by the federal government were instead used for various malicious purposes including running scams, infecting visitors with malware, and collecting sensitive info in phishing attacks.

Because many businesses began relying on distributed workforces in 2020 and broadened their footprints with SaaS applications and cloud services, threat actors will likely prioritize these targets and find new ways to exploit them. These targets will target individual consumers as well as the organizations developing, distributing, researching, and administering actual vaccines.

Enterprise Management Associates and Pulse Secure report that 60% of organizations have accelerated their zero trust projects during the pandemic, while only 15% have slowed down. Pulse Secure, a provider of zero trust secure access solutions, released a report last month stating the COVID-19 pandemic has not impacted the adoption of zero trust technology globally.

Beau Woods, a Cyber Safety Innovation Fellow with the Atlantic Council, founder and CEO of Stratigos Security and a leader with the I Am The Cavalry grassroots initiative, said that hospitals are facing widespread security threats from ransomware to data IP theft. In 2016, I led the authoring of a document called the Hippocratic Oath for Connected Medical Devices, which essentially was a translation of the ages-old Hippocratic Oath into a modern era, now that increasingly healthcare delivery is being undertaken by medical devices by electronic healthcare records and other systems that support the physicians.