FBI: Hackers Targeting US COVID-19 Research FacilitiesNation-State Reconnaissance and Intrusion Campaigns Increasing, Expert Says
Since the COVID-19 pandemic began earlier the year, the FBI has seen an increase in nation-state hackers targeting U.S. medical research facilities and healthcare organizations conducting research into the virus, a top official of the bureau’s cyber division says.
While most of the hacking has involved reconnaissance of medical and healthcare organizations, the FBI has detected some network intrusions as well, especially at those facilities that have publicly announced their COVID-19 research, the FBI official, Tonya Ugoretz, said during an Aspen Institute panel discussion Thursday.
"We certainly have seen reconnaissance activity - and some intrusions - into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research," says Ugoretz, a deputy assistant director with the FBI.
And while there are good reasons for research facilities and companies to tout their work on COVID-19, "the sad state is that it makes them a mark for other nation-states for gaining details on what they are doing and maybe even stealing proprietary information," Ugoretz says.
The FBI official did not offer specifics about which facilities have been targeted or if any of the nation-state hacking had been successful. She noted that while nation-states as well as threat actors associated with certain governments have targeted the biopharmaceutical industry before, the quantity of incidents has "certainly heightened during this crisis."
Increasing Awareness and Complaints
As the COVID-19 crisis began to unfold, Ugoretz says the FBI and other U.S. government agencies attempted to publicize the increase in cyberthreats, especially from attackers looking to take advantage of the situation.
"For example, if we see that a secure institution is a victim or has been targeted, we, of course, go out and work with them," Ugoretz says. "Ideally, what we are doing is talking to healthcare institutions and research institutions before they have been a victim so that we can use the intelligence we have to identify the trends and identify who else is in the same category of the victims."
Ugoretz says the FBI’s Internet Crime Complaint Center now receives 3,000 to 4,000 calls each day, compared to the 1,000 per day before the COVID-19 pandemic.
Earlier this month, the U.K. National Cyber Security Center and the U.S. Cybersecurity Infrastructure and Security Agency issued a joint warning that hacking groups associated with nation-state governments are exploiting the COVID-19 pandemic as part of their cyber operations (see: UK and US Security Agencies Sound COVID-19 Threat Alert).
Some advanced persistent threat groups associated with nation-states have been using lures with a COVID-19 theme as part of espionage and sabotage efforts, according to security experts and law enforcement officials.
In addition to nation-state threat actors, cybercriminals have also been taking advantage of current healthcare crisis.
"There was this brief shining moment when we hoped that cybercriminals are human beings, too … maybe they would think that targeting or taking advantage of this pandemic for personal profit, that might be beyond the pale. Sadly that has not been the case," Ugoretz says.
Several security firms note that ransomware attacks against healthcare organizations have continued despite pledges from cybercriminals that these would stop during the pandemic (see: No COVID-19 Respite: Ransomware Keeps Pummeling Healthcare).
Among other recent cyberattacks in the healthcare sector around the world, in March, a suspected nation-state hacking group targeted the World Health Organization with an apparently unsuccessful spear-phishing campaign designed to harvest credentials from the United Nations organization (see: Hackers Targeted World Health Organization).
And on Friday, officials in the Czech Republic warned of an increasing number of cyber incidents that have targeted hospitals and medical facilities there, according to Reuters.
Even before the COVID-19 pandemic, security firms had warned about nation-state hackers targeting healthcare facilities in search of intellectual property and other data.
In August 2019, FireEye reported that several Chinese APT groups had targeted cancer research organizations across the globe with the goal of stealing their work (see: Chinese APT Groups Target Cancer Research Facilities: Report).