Dominic Raab issued a thinly-veiled warning to Russia and China tonight as he lashed out at ‘predatory’ hackers targeting organisations involved in the fight against coronavirus.
The Foreign Secretary highlighted a surge in cyber attacks on the UK and US saying criminals and ‘hostile states’ were trying to take advantage of the crisis for their own ‘malicious ends’.
Taking the daily briefing in Downing Street, Mr Raab said the government was issuing urgent advice to help companies and bodies protect themselves.
The warning came as cybersecurity agencies on both sides of the Atlantic issued a joint alert to healthcare and medical research staff, urging them to improve their password security.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) say the criminals have been discovered targeting healthcare bodies, particularly those involved in coronavirus response.
The news comes as countries worldwide remain engaged in a tense race to develop a vaccine. The first country to do so will undoubtedly achieve huge diplomatic and geo-political influence.
One team at Oxford University has teamed up with a bio-pharmaceutical company and started trials in a bid to unlock the crisis.
The joint advisory did not name specific countries involved in the hackings but Sky News said the culprits are understood to include China, Russia and Iran.
It marks a new front in the UK’s increasingly tense stand-off with Beijing over coronavirus.
Although collaborating over a vaccine, the two countries are at odds over whether China was slow to reveal how serious the pandemic was, affecting other countries’ actions later on.
In a message seemingly aimed at Russia and China tonight, Dominic Raab said while the ‘vast majority’ of nations have come together to defeat Covid-19 some will always ‘seek to exploit a crisis for their own criminal and hostile ends’
(NCSC) and CISA have issued an advisory urging staff to change any passwords to one created using three random words, and to implement two-factor authentication on accounts to reduce the threat of compromises.
The agencies say they have seen a number of ‘password spraying’ attacks, where hackers attempt to access a large number of accounts using commonly known passwords, targeting healthcare organisations and other medical groups.
In a message seemingly aimed at Russia and China – although he did not name any states – Mr Raab said the ‘vast majority’ of nations have come together to defeat Covid-19 some will always ‘seek to exploit a crisis for their own criminal and hostile ends’.
‘We have clear evidence now that these criminal gangs are actively targeting national and international organisations which are responding to the Covid-19 pandemic which I have to say makes them particularly dangerous and venal at this time,’ he said.
‘Our teams have identified campaigns targeting healthcare bodies, pharmaceutical companies, research organisations and various different arms of local government.
‘There are various objectives and motivations that lie behind these attacks from fraud on one hand to espionage but they tend to be designed to steal bulk personal data, intellectual property and wider information that supports those aims and they’re with other state actors.’
Mr Raab said the predatory behaviour will ‘continue to evolve’ and advice will help targets better defend against cyber attacks from ‘hostile states’ and ‘criminal gangs’.
The NCSC and the CISA said they believe criminals were targeting organisations in the hope of gathering information related to the coronavirus outbreak.
Paul Chichester, NCSC director of operations, said: ‘Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe.
‘By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.
Last month the NCSC launched its Suspicious Email Reporting Service (Dominic Lipinski/PA)
‘But we can’t do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password-spraying campaigns.’
Last month, the NCSC launched its Suspicious Email Reporting Service, following an increase in the number of Covid-19-related email scams, which allows the public to forward emails directly to the centre in order to report suspected scams.
In its first week, the NCSC said the service received more than 25,000 reports, which resulted in 395 scam websites being taken down.
Bryan Ware, CISA assistant director of cybersecurity, said it was prioritising its services to healthcare organisations and other medical groups involved in fighting the coronavirus pandemic, so that those firms can focus on their response to the virus.
‘The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organisations, specifically during this time as healthcare organisations are working at maximum capacity,’ he said.
The agencies said they were prioritising services to healthcare organisations and other medical groups involved in fighting the coronavirus pandemic, so that those firms can focus on their response to the virus (file photo)
The news of possible hacking comes a day after European leaders pledged to raise more than £6.5billion to help develop a coronavirus vaccine and fund research into the diagnosis and treatment of the disease.
A virtual summit held yesterday was attended by China, Germany, Italy, Japan, Norway, Saudi Arabia and the European Commission, the the US was notably absent, as countries unite in a bid to slow the widespead devastation caused by the virus.
There have so far been close to 3.6million confirmed cases of cornavirus worldwide and around 252,000 deaths, though the true number is estimated to be much higher.
The pledging event marks the start of a month-long drive for investment before a Global Vaccine Summit is hosted by the UK on June 4.
In his message to the summit, Boris Johnson said the ‘race to discover the vaccine to defeat this virus is not a competition between countries but the most urgent shared endeavour of our lifetimes’.