F-Secure comment: UK and allies expose Russian attacks on covid vaccine development
Comment from Calvin Gan, manager of F-Secure’s Tactical Defence Unit around the Russian hacking attempts on COVID vaccine research:
_"The healthcare sector along with the WHO has been a target throughout the pandemic. The FBI also released an alert in May warning healthcare sector to take additional precaution to secure their systems and research._
APT29 has been here for a number of years and, while they have been laying low, it did not mean that they were not updating their arsenal. There has been new malware attributed to APT29 as of June 2019. Moving towards targeting Covid-19 vaccine research now seem to be a valuable target, although a first for APT29, as they have targeted other industries in the past.
Looking specifically into the advisory, the attacks have been ongoing and appear to continue. It targets vulnerabilities that has already been published earlier with patches made available for a while. This goes to show that the healthcare industry needs help in securing their environment if they are also struggling with proper patch management within the network. We have seen this before with WannaCry on the amount of effort needed to update traditional systems in the sector, and we are still seeing it now with this new batch of vulnerabilities. While we have seen the industry taking new technologies into use and breaking away from traditional setup, having the same root issue of traditional patch management or mindset will likely not solve the problem. To adapt to new technology would also mean to adapt to new process that is constantly changing, which the healthcare sector may not be fully equipped or ready to embrace.
On what’s next, besides following the guidance in the advisory, any organisation involved in the healthcare industry should also assist in combatting this by looking into their own systems. These systems may not be directly contributing to the research but could be used as a steppingstone to attain the final target. Just like how humans are used in phishing attacks, systems that are exposed (which may seem unrelated) could be used to further move towards the end goal if they are somehow connected.
APT29 has been around for long enough to have built up elite skills to continuously improve and remain stealthy, so the entire industry has to move with the same pace, if not a step ahead."_