Given the times that we live in, a vaccine is the top thing the planet must do in terms of getting the planet out of the COVID-19 pandemic. So it doesn’t exactly come as a shock that research into a vaccine is a target for hackers that belong to nation states. Case in point is the news that Russian hackers have targeted COVID-19 research:
A hacker group “almost certainly” backed by Russia has tried to steal COVID-19-related vaccine research in Canada, the U.K. and the U.S., according to intelligence agencies in all three countries.
The Communications Security Establishment (CSE), responsible for Canada’s foreign signals intelligence, said APT29 — also known as Cozy Bear and the Dukes — is behind the malicious activity.
The group was accused of hacking the Democratic National Committee before the 2016 U.S. election.
The group “almost certainly operates as part of Russian intelligence services,” the CSE said in a statement released Thursday morning in co-ordination with its international counterparts — an allegation the Kremlin immediately denied.
No shock that the Kremlin denies this as I am sure that nation sates don’t want to be associated with the activities of the hacker groups that they covertly sponsor as it gives them plausible deniability. This is important because Russia has a history of stealing intellectual property. David Masson, Director of Enterprise Security, Darktrace goes into more details about that:
The Soviet Union, and now its successor Russia, has a long and established history of stealing other countries’ intellectual property in order to satisfy national interests. In this instance, we are being warned about an APT (APT 29) linked to the Russian Intelligence Services using cyber-attacks to obtain information on COVID-19 research from medical organizations around the world. Given the recent warning from the US/UK and Canada combined, we can consider that these three countries have been victims of such attacks.
Russia is also facing the effects of this global pandemic and will be seeking “help” in order to deal with it now and in the future. Trying to gain an advantage in the fight against COVID-19 could well lead to theft of research from around the world in order to avoid otherwise necessary investment in time, money and effort (which may not be available). In the modern era, cyber-attacks have proven to be a very cost-effective way of obtaining information that may well be very difficult to get ahold of by other means. Currently the crown jewels in the COVID-19 fight will be a vaccine, so information and research on this subject are extremely valuable.
Medical research organisations, especially those working in academia often operate in a climate of trust and collaboration and will be seen as easy targets by groups such as APT29 who will exploit this. We can expect further attacks and further warnings as the pandemic wears on.
The SolarWinds Hack: Here’s A Run Down
Posted in Commentary with tags hack on December 18, 2020 by itnerdYou’ve likely heard a lot about the SolarWinds hack or an epic hack by presumably Russian actors of numerous US government departments. It’s kind of confusing to keep track of so I’ve decided to write up a quick summary of this hack.
This incident began last week when security firm FireEye said that a state-sponsored hacking group, likely Russians, accessed its internal network, stole pen-testing tools and tried to access documents on its government contracts. That was bad. But it got worse when while investigating the hack, FireEye found that the source of the hack to a malware-laced version of SolarWinds Orion, a network monitoring tool used inside large enterprise networks. SolarWinds was notified and admitted to the hack last week. But by that point, US government departments were hacked on a huge scale. On top of that SolarWinds admitted to getting everything from its internal networks to their Office365 accounts hacked. Along with their 18,000 or so of their customers.
On Wednesday, Microsoft took steps to protect users by taking over the web domain that the first-stage malware used to report to attackers. Together with GoDaddy and FireEye, Microsoft turned the domain into a kill switch in order to prevent the malware from pinging back to its creators and downloading second-stage payloads. Though by that point the damage has been done. I’m sure that there was some self interest there as one of the victims of this attack was Microsoft itself.
As for the Russians who are allegedly behind this, The Washington Post claimed that Russia’s APT29 hacking group is behind the SolarWinds hack, but no government or security firm has backed up the paper’s claim. Though this group has been behind other epic hacks and is linked to the Russian government. So this claim seems plausible.
Chris Hickman, chief security officer at digital identity security vendor Keyfactor (www.keyfactor.com) had this to say about the hack and how the bad actors were able to pull it off:
“Code signing is one component of the SolarWinds breach, but not because of a stolen certificate. Attackers were able to inject malware into the build process, which is difficult to detect. They were able to compromise certificates allowing them to fabricate fake tokens for network access, transversing that to cloud access and subsequently manage network access and user permissions.
Lovely. And it is likely we have not heard the last of this story. Stay tuned for updates as this story evolves.
Leave a comment »