Spike in cyber-crime activity sparks official warning to Pharma industry

By Simon Shooter, Stephanie Lopes, James Mullock

05-2020

The UK’s National Cyber Security Centre (NCSC) along with the American Department of Homeland Security’s CISA have issued a specific warning to pharmaceutical companies, medical research organisations and universities.

NCSC and CISA have identified a spike in activity from state sponsored cyber hackers and what are known as advanced persistent threat (APT) actors scanning websites of targeted enterprises looking for vulnerabilities in unpatched software so as to take advantage of Citrix vulnerability CVE-2019-19781 and vulnerabilities in VPN products.

Particular caution over the supply chain is recommended as hackers see suppliers’ systems as offering easier access to their end target network and data and also wish to take advantage of the greater vulnerability brought by dramatically increased levels of homeworking.

COVID-19 research is the target as the APTs wish to steal research for their own nation’s efforts to address the virus or for commercial gain.

Password Spraying

A hacking technique associated with this spike in activity is “password spraying” where the hacker tries to gain access using a single and commonly used password against many accounts before moving on to try a second password, and so on.

What can you do to better protect your network and data ?

NCSC and CISA recommend:

  • Updating VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and configurations.

  • Using multi-factor authentication (MFA) to reduce the impact of password compromises.

  • Protecting the management interfaces of your critical operational systems by using browse-down architecture to prevent attackers easily gaining privileged access to your most vital assets.

  • Setting up a security monitoring capability

  • Reviewing and refreshing your incident management processes.

  • Using modern systems and software as they have better security built in.

Bird & Bird’s international cyber security team are on stand-by to assist you. With immediate access to our network of tried and tested cybersecurity consultants we cover all aspects of cybersecurity and can help in delivering rapid improvements to cyber resilience as well as parachuting in to help deal with incidents.