In a joint statement from the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Federal Bureau of Investigation (“FBI”), both agencies released a statement warning that hackers, either based in or backed by the People’s Republic of China (“PRC”), are targeting any data relating to or organization connected to the creation of a vaccine for the novel coronavirus, Covid-19. This means that organizations processing research data or tracking the spread of the infection should be aware of the increased threat and prepare to resist attacks from malicious actors. These attacks may rely on a new phishing campaign designed to steal credentials, or they may rely on information that’s already been stolen. Individuals should be vigilant for suspicious emails and communications which may lead to their own systems being compromised.
The CISA is asking that any organization which may be a target contact the CISA and partner with them in order to better protected this critical day. This is not the first time the CISA has put out such a call, and earlier in May the CISA and the United Kingdom’s National Cyber Security Agency (“NCSA”) put out a joint statement noting an increase in attacks against organizations with data relating to Covid-19. These attacks were generally brute force attempts that relied on common passwords and variations of them to attempt to force open critical accounts. The success, or lack thereof, of these attacks, has not been made available.
Industrial espionage is not a new threat and is something that threat groups from all over the world partake in, the difference is the target. There is a significant amount of prestige, not to mention wealth, to be made by the country that is first to produce an effective vaccine or treatment for Covid-19. China, in particular, has been under scrutiny for how it handled the initial outbreak of the virus and the “transparency” with which it shared its data related to the illness. Companies in the United States have long had to deal with the specter of Chinese intellectual property theft, as a large amount of US manufacturing is done in China or by firms based in China. This time, the stakes are much higher with tens-of-thousands of lives, or more, on the line. In this trying time, countries should be cooperating and sharing their data so as to more efficiently create a vaccine.