• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

NCSC and CISA Alert on APTs Targeting Healthcare

May 5, 2020 By Marc Laliberte

 NCSC Advisory

The UK National Cyber Security Centre (NCSC) and US Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory today(pdf), highlighting ongoing activity by Advanced Persistent Threat (APT) groups against healthcare and essential services.

The six-page advisory states that unnamed hacking groups are targeting organizations “in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.” They specifically called out pharmaceutical and research organizations as active targets with APT groups trying to obtain IP for commercial and state benefit. NCSC and CISCA state that a recent Citrix vulnerability (CVE-2019-19781) and vulnerabilities in various VPN products are known tools for the threat actors.

The advisory goes on to describe how the APT groups are using password spraying to attempt to brute force access to sensitive accounts. Password spraying is a type of authentication attack where a cyber-criminal first identifies the logon username or email for a valid account and then “sprays” commonly used passwords at the account in hopes of finding the correct one. This attack takes advantage of users who don’t create strong, unique passwords for each of their accounts and organizations that don’t deploy multi-factor authentication (MFA).

While account lockout practices are growing in popularity — where an account is automatically locked after too many authentication failures in a short time window — these particular threat actors are getting around that protection by trying a single password against a large number of accounts before moving on to try a second password.

The good news is, password spraying is easily defeated by good password policies and multi-factor authentication. Password managers can help users generate and keep track of strong, unique passwords for each of their accounts without requiring photographic memory and secure MFA deployments mitigate the risk from authentication attacks nearly entirely on their own.

Share This:

Related

Filed Under: Editorial Articles Tagged With: cyber security, Infosec news

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use