094 90 48200    Get SUPPORT

Aniar IT Services Blog

COVID-19 Vaccine Attacks Teach an Important Cybersecurity Lesson

COVID-19 Vaccine Attacks Teach an Important Cybersecurity Lesson

Since the outbreak of the COVID-19 coronavirus has wreaked havoc across the globe, there has been a lot of hope and effort put towards developing a vaccine against it. Unfortunately, just as some experiments have produced promising results, hackers have begun targeting the research centers responsible. Let’s look at this situation to see what it can teach us.

The Cozy Bear Threat

According to the National Cyber Security Centre, a government security organization based in the United Kingdom, a hacking group known as “APT29” (also referred to as “the Dukes” or “Cozy Bear”) has actively targeted the research centers conducting research into developing a COVID-19 vaccine. These claims have been supported by both the United States’ National Security Agency and Canada’s Communications Security Establishment.

In fact, the National Cyber Security Center released a report that outlined the attack that the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also endorses.

This report describes the use of various exploits in conjunction with spear phishing attacks by APT29. Both tactics give APT29 access to carry out the rest of their attacks, which often involves deploying malware known as WellMess or WellMail.

On a side note, some of these exploits have been patched, so make sure you’re also up to date on your patches as well.

Many experts also share the opinion that Cozy Bear has struck before, and that the current threat needs to be taken very seriously as a result. It is believed that APT29 was responsible for the 2016 intrusion into the Democratic National Committee’s systems, as reported by CNN. The group has also been linked to assorted attacks on healthcare, energy, governmental and diplomatic organizations, and think tanks in the past.

What is Spear Phishing?

Phishing is a form of hacking that targets the end user, rather than using software vulnerabilities, to gain access to a system. Spear phishing is a more direct form of phishing. Instead of sending a generic message to massive groups of potential targets to see who takes the bait, spear phishing is specifically directed to an individual with access to key data and resources.

While APT29 may not target your organization as a part of these efforts to steal research, it is nevertheless critical that you and your team can recognize a potential phishing attack and mitigate it before it causes significant problems. While the following is by no means a comprehensive list of warning signs, it is a good place to start educating your team:

  • Always check the details. Many phishing attacks can be identified by close-but-no-cigar “From” addresses. When in doubt, try looking up the email address that sent an email.
  • Proofread the message. While legitimate messages can contain terrible spelling and grammar mistakes, and attackers can more and more effectively mimic professional communications, many phishing messages can be rife with errors.
  • Double-check. If possible, don’t be afraid to confirm that the email is legitimate by reaching out to the supposed sender (through some non-email form of communication) to confirm that they sent the message.

For more assistance in dealing with phishing attacks, reach out to us! At Aniar IT Services, we’re motivated to help prevent a phishing attack from impacting your operations. Give us a call at 094 90 48200 to learn more.

How to Set the Tone for Workplace Collaboration
How to Host a Hamilton Party Online
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, September 21 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.aniar.ie/

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Productivity Business Computing Best Practices Email Cloud Privacy User Tips Network Security Innovation Workplace Tips Hosted Solutions Efficiency Google Internet Data IT Support Microsoft Hackers Hardware Software Collaboration Business Data Backup Communication Data Recovery Cybersecurity Managed IT Services VoIP Small Business Cloud Computing Windows 10 Tech Term Smartphones Mobile Device Computer Phishing Android IT Services Smartphone Communications Mobile Devices Malware Gadgets Users Backup Outsourced IT Business Continuity Network Browser Artificial Intelligence Saving Money Windows Information Business Management Managed Service Miscellaneous Facebook Disaster Recovery Internet of Things BDR Upgrade Spam Chrome Server Quick Tips Router Automation Office 365 BYOD Social Media Passwords How To Microsoft Office Blockchain Operating System Save Money Paperless Office Mobile Office Holiday Windows 7 Computers Data Security Wi-Fi Applications Data Storage Encryption Covid-19 Word Apps Cybercrime Data Breach Vulnerability Staff Bandwidth Money Data Protection Managed IT HIPAA Telephone System Remote Monitoring Mobile Device Management Settings Government Connectivity Two-factor Authentication Virtualization Remote Work Patch Management Display History Human Resources Infrastructure Networking Ransomware VPN Bring Your Own Device Google Docs Virtual Assistant Vendor Management Password Hard Drive Law Enforcement Business Technology IT Management Big Data App Telephony Website Scam Health Office Meetings Business Intelligence Education Managed Services Provider Google Drive Update Servers Audit Identity Theft Procurement Botnet Wireless Vendor Private Cloud IT Plan Help Desk OneNote Managed IT services Redundancy Voice over Internet Protocol Compliance Digital Signage Employee/Employer Relationship Machine Learning Telephone Systems Cryptocurrency Sports Access Control Unsupported Software Software as a Service CES Social Engineering Training Augmented Reality Fraud Avoiding Downtime Content Management Processor Comparison Keyboard Spam Blocking eWaste Investment Thought Leadership Printing FENG Save Time Conferencing Amazon Peripheral Cortana Alert Microchip Flash Smartwatch Going Green Value Workforce Document Management Camera Virtual Reality Professional Services Enterprise Content Management Mobility Wireless Internet Development Specifications Wiring Charger Hosted Computing Managed IT Service Tip of the week Legal ROI Personal Trending Proactive IT RMM Amazon Web Services Accountants Project Management Quick Tip Search Engine Solid State Drive HaaS Policy Saving Time Printers Password Manager Cabling Nanotechnology Fiber Optics Password Management Social USB Messaging Downtime Firewall Wireless Charging Inventory Windows 10s Windows Server 2008 Criminal GDPR Twitter Digitize MSP Net Neutrality Employees Bitcoin Regulations Screen Mirroring HBO Bing Trend Micro Physical Security Employee Procedure Digital Signature Supply Chain Management Employer-Employee Relationship Telecommuting Entertainment Warranty Business Mangement Cables Smart Tech Computer Care NIST Electronic Medical Records Wire SMS Root Cause Analysis Unified Threat Management Google Apps OLED Using Data HVAC Remote Computing Addiction IT Assessment Skype File Sharing ISP Online Shopping Batteries PCI DSS Cast Outlook Default App Shopping FinTech Credit Cards PDF Managed Services Travel Printer Gmail Data Management Virtual Machine AI Tools Work/Life Balance Mobile Computing Workers Biometric Security Information Technology Public Cloud Windows Server 2008 R2 OneDrive Start Menu Cryptomining Evernote Cleaning Virtual Private Network Frequently Asked Questions Recovery Recycling IT Infrastructure Devices Social Network Computer Fan Sync Multi-Factor Security Google Search Apple Data loss 5G YouTube Mouse Software Tips WiFi Safe Mode Security Cameras Hypervisor Remote Millennials Smart Office Manufacturing Authentication Computing Shortcuts Cache Copiers Hacker Remote Worker Database Practices Remote Workers Excel The Internet of Things Budget Company Culture Customer Relationship Management Competition Managed Service Provider IP Address Managing Stress Customer Service Hiring/Firing Personal Information Fun Domains Windows 10 Financial Emergency Public Speaking Presentation Hard Drives Lithium-ion battery Search Tech Support Regulation Wireless Technology IBM Safety CrashOverride Marketing Productivity