Nation-State Hackers vs. Pharmaceutical Companies: The Fight is Heating Up
A flurry of cyberattacks including ransomware has been aimed at pharmaceutical companies in the last few weeks with varying results. Major hacking groups have been mum on who has been behind these efforts. But Microsoft isn’t quite as tight-lipped and they’re pointing the finger directly at the suspected attackers: nation-state hackers
We’ve reported on this uptick in attacks on pharmaceutical companies in The Week in Breach. Just last week, Indian pharma player Lupin was hit with a ransomware attack. Bad actors were especially busy before that too, nailing Pfizer just before they announced their successful vaccine trials, Indian giant Dr. Reddy’s (Russia’s Sputnik Vaccine partner), and the Taiwan research arm of Japanese drugmaker Shionogi & Company Limited all in the same week.
Microsoft Outs Nation-State Attack Gangs
While there’s been plenty of buzz about who might be behind these attacks and nation-state hackers were definitely on the list, nothing concrete had been established. Enter Microsoft. In a post to its corporate blog over the weekend, Microsoft claimed that it has detected attacks against major drugmakers that originated with hackers based in Russia and North Korea. This tracks with recent guidance from CISA and other federal agencies warning healthcare targets of increased risk.
Microsoft identifies these cybercriminals as “Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium.” Those players have been heavyweights in the cybercrime markets in 2020. The blog post goes on to say that the targets of these attacks include pharmaceutical companies and vaccine researchers around the world, with organizations in Canada, France, India, South Korea, and the United States on the list.
Two specific attack types have been identified as the preferred weapons of these nation-state hackers: credential stuffing and spear phishing. As deploying ransomware has generally been the goal of these attacks, spear phishing was not a surprising entry on the list. Credential stuffing attacks have also been gaining steam with huge new Dark Web data dumps providing abundant fresh fuel.
Every Business is at Risk
Nation-state hackers aren’t just launching attacks against targets involved in major worldwide projects like developing COVID-19 vaccines and treatments, nor are their attacks necessarily designed to steal data. They’re also responsible for many infrastructure and production line attacks designed to cause societal disruptions that can be just as harmful as data theft, if not worse. Ransomware has been their weapon of choice, and it’s garnered many nasty results, from shutting down banks in Argentina to snarling freight transport in Canada.
This means that every business is at risk of attack by nation-state hackers. Just because your business isn’t involved in a major project like COVID-19 research right now, doesn’t mean that your company is safe from their offensive. Taking action now to put strong protections in place against their favorite attack vectors is a smart move that can prevent business disruption and damage from nation-state hackers later.
Here’s our prescription for adding security that can help keep your systems and data safe from nation-state hackers on the prowl.
Protect Your Company from Credential Stuffing Attacks
While it’s less sophisticated than spear phishing, credential stuffing can be just as devastating, if not worse. At least with phishing, it’s easy to identify the culprit when you do a post-mortem. Credential stuffing doesn’t give you that courtesy. It’s a brute force, “spray-and-pray” attack. With huge amounts of stolen data hitting Dark Web markets and data dumps in what has been a banner year for data breaches, credentials stuffing has become easier ( and cheaper) than ever.
A secure identity and access management solution like Passly is just what the doctor ordered to protect your systems and data from credential stuffing. Built-in tools including multifactor authentication and single sign-on protect your gateways by requiring additional steps for cybercriminals to complete before they gain access to the heart of your business. Plus, simple remote management lets you cut off access for anyone, anytime, anywhere if an account becomes compromised.
Protect Your Company from Spear Phishing
Phishing, especially spear phishing, is a perennially popular attack type for cybercriminals because it works. Over 600% more phishing attacks were launched in 2020 than in the year before. Coupled with the fact that phishing is the preferred delivery system for ransomware, it’s easy to see why phishing and spear phishing are such huge threats to any company’s data security.
BullPhish ID has the information and tools that you need to transform your staff from your biggest attack surface into your biggest defensive asset. Phishing isn’t going to go away. It’s always going to be a cybersecurity foe that businesses battle. Enlist more troops in your efforts with phishing resistance training using BullPhish ID. With more than 80 plug and play phishing simulation campaign kits available now, plus 4 or more new kits a month, it’s easy to make sure that you have what you need to keep your employees up to date on the latest threats.
Nation-State Hackers Aren’t the Only Risk
Choosing these two solutions is both effective and cost-effective. Plus, you get the added bonus of not only beefing up your defenses against nation-state hackers, but your defensive posture is also stronger against cyberattacks in general. Whether it’s a run of the mill ransomware gang or a sophisticated international player, stronger security just makes good sense in today’s rapidly evolving threat environment – because in this economy, no company can afford to pay for the consequences of failing to act now.
Contact the experts at ID Agent today for an assessment of your company’s security needs and a live demo of how our solutions can help secure your business and your clients against today’s biggest threats.