The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has issued an advisory in relation to heightened cyber security concerns during the COVID-19 pandemic.
The Centre has warned that Advanced Persistent Threat (APT) actors were actively targeting health sector organisations and medical research facilities.
Head of ACSC, Abigail Bradshaw said “APT actor” was the term given to the most sophisticated and well-resourced type of malicious cyber adversary.
“Australia’s health or research sectors could be at greater threat of being targeted, and potentially compromised, by malicious APT groups during the COVID-19 pandemic,” Ms Bradshaw said.
“APT groups may be seeking information and intellectual property relating to vaccine development, treatments, research and responses to the outbreak as this information is now of higher value and priority globally,” she said.
“It is critical that health sector organisations ensure that their networks are protected from malicious cyber actors who may seek to disrupt essential services or compromise business-critical systems.”
Ms Bradshaw said adversaries had been identified as responsible for compromising email servers of health sector entities in Australia, which had then been used to distribute COVID-19 phishing emails in an attempt to deploy malicious software, including ransomware, or to gain access to other targeted organisations.
She said malicious actors viewed health sector entities as a lucrative target for ransomware attacks.
“This is because of the sensitive personal and medical data they hold, and how critical this data is to maintaining operations and patient care,” Ms Bradshaw said.
“A significant ransomware attack against a hospital network would have major impact.”
She said sophisticated actors had also been seen undertaking brute force attacks using a trial-and-error method to guess login credentials, and password spray attacks that attempt to access numerous accounts with a list of commonly used passwords.
She said the exploitation of compromised Remote Desktop Protocol (RDP) credentials by malicious actors was also a significant concern, particularly as RDP was widely used by medical clinics and doctors’ surgeries to access centralised patient databases and other shared information repositories.
Compromised RDP credentials could enable unauthorised access to networks in a manner that enabled the malicious actor’s digital footprint and identification to be obscured, she said.
Ms Bradshaw said APT actors posed the most significant threat to Australia’s national security and economic prosperity.
The 6-page ACSC Advisory can be viewed via this PS News link.
