Hackers are targeting healthcare workers and researchers fighting coronavirus, US and UK cybersecurity officials say

• Health companies and medical research groups fighting the coronavirus pandemic are being targeted by sophisticated hacking groups, government security officials from the United States and United Kingdom said in a joint statement issued on Tuesday.
• The statement details "malicious cyber campaigns targeting organizations involved in the coronavirus response" perpetrated by so-called advance persistent threat groups — sophisticated hacking groups that are not infrequently financed by nation states.
• A joint warning was issued by the UK's National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) to medical workers and research centers around the world with steps to strengthen cybersecurity.
• Visit Business Insider's homepage for more stories.

Healthcare and medical research employees fighting the coronavirus pandemic are being targeted by advanced hacking groups, security officials in the US and the UK warned this week.

"Security agencies in the United Kingdom and United States have exposed malicious cyber campaigns targeting organizations involved in the coronavirus response," the UK's National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) said in a joint statement released on Tuesday.

The target? Information.

More specifically, the hackers are said to target, "bulk personal information, intellectual property and intelligence." The type of hackers involved — so-called "advanced persistent threat" groups — are among the most feared in the cybersecurity world.

Networking giant Cisco Systems describes APT attacks as, "a covert cyber attack on a computer network where the attacker gains and maintains unauthorized access to the targeted network and remains undetected for a significant period." These types of attacks are particularly damaging for the target because they aren't necessarily intended to shut down or damage, but to snoop surreptitiously — to spy, steal, and potentially damage.

The campaigns have primarily used a technique known as "password spraying," which employs widely-used passwords across whole networks of logins. Even if only a few accounts use those passwords, that's all the hacking groups need to gain access.

As such, US and UK security officials urged healthcare and medical research staff around the world to take two main security precautions:

1. "Change any passwords that could be reasonably guessed to one created with three random words."
2. "Implement two-factor authentication."

The full advisory is available right here.

Read the original article on Business Insider