According to the BBC, Russian spies are targeting organisations trying to develop a coronavirus vaccine in the UK, US and Canada, as security services have warned. The U.K. National Cyber Security Centre (NCSC) has indicated that the attacks are part of a global campaign by the group known as APT29 to steal the secrets of vaccine research and to disrupt efforts being made by other nations.
Foreign Secretary Dominic Raab is quoted by The Belfast Telegraph as saying that Moscow’s actions were “completely unacceptable” and that the UK was committed to countering such attacks.
Looking into the issue for Digital Journal, Ed Macnair, CEO of Censornet says that: “In the midst of the darkest parts of this crisis, cyber crime hasn’t abated. The announcement that Russian hacking groups have been targeting COVID-19 vaccine developers is not shocking, but it is concerning.”
In terms of the main mechanism for the attack, Macnair, explains: “Once again, spear phishing techniques were employed to trick employees into handing over personal information that allowed them to take over accounts. These targeted and personalizsed attacks are sophisticated and difficult to spot.” Despite difficulties over detection, the security anlalyst points out that organisations must put in place all measures to mitigate the risks.
Macnair, adds that: “When combating phishing attacks it is important to educate employees on best practice so that they treat all suspicious emails with caution, organizations must take it upon themselves to protect employees from these email attacks in the first instance.”
With this, Macnair stresses: “Organizations need to use email security that combines algorithmic analysis, threat intelligence and executive name checking to efficiently protect themselves against these evolving attacks.”