Since the start of the pandemic, cyberattacks have been on the rise. In fact, the FBI has reported that the number of complaints to their Cyber Division is up to as many as 4,000 a day—a 400% increase from pre-coronavirus days.
In addition, criminals have made managed service providers (MSPs) a big target of their attacks—and that is troublesome for the healthcare sector. These MSPs need to be secure as healthcare providers not only work to care for patients during a pandemic, but also race toward developing treatments and a vaccine.
Yet last month, a top Microsoft official warned that North Korean and Russian state-backed hackers have stepped up their cyberattacks on pharmaceutical companies working to develop a COVID-19 vaccine. The targets have included leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States.
The attacks were apparently carried out by the Russia-based Strontium crew, also known as Fancy Bear and APT28, and two cybercriminals originating from North Korea that Microsoft calls Zinc and Cerium.
And Reuters recently reported that suspected North Korean hackers have tried to break into the systems of British drugmaker AstraZeneca as the company gets set to launch its own COVID-19 vaccine. Sources revealed that hackers posed as recruiters on LinkedIn and WhatsApp to approach company staff with fake job offers, sending documents that they claimed to be job descriptions that were actually laced with malicious code.
“We think these attacks are unconscionable and should be condemned by all civilized society,” said Tom Burt, Corporate Vice President for Customer Security and Trust at Microsoft. “We’ve notified all organizations targeted, and where attacks have been successful, we’ve offered help. These are just among the most recent attacks on those combating COVID-19. Cyberattacks targeting the health care sector and taking advantage of the pandemic are not new.”
Earlier this year, the CyberPeace Institute and International Committee of the Red Cross led an effort by 40 international leaders calling on governments to stop the attacks on healthcare. In the meantime, organizations have also stepped up their security game. Microsoft, for example, has made its threat notification service, AccountGuard, available to all healthcare and human rights organizations working on COVID-19 efforts.
