A U.S. and UK joint alert on May 5 warns hackers “are actively targeting organizations involved in both national and international COVID-19 responses.”
Password spraying is a hacking technique that uses a single commonly used password against a large number of accounts. The password is used only once per account and if the attempt fails the next account is tried. The more accounts are attempted the higher the likelihood of finding an account that uses the password. Then the attacker can try to use a second commonly used password also for a large number of accounts.
This approach allows hackers to avoid account lockout since many systems have a limit set on the number of invalid passwords and will lock an account when the limit of failed attempts is reached.
Once an account is compromised the hacker can use the access to steal personal data, compromise more accounts, and steal intelligence, or intellectual property from the system.
Preventing Cyberattacks
To reduce the risk of hacking CISA recommends two measures, changing all passwords that can be easily guessed to stronger passwords using a sequence of three random words and implementing two-factor authentication.Providing “something you have” means that the user needs to enter a system-generated code sent to the user’s smartphone or token device, or provide their credit card data.
In addition, both U.S. and UK agencies have also issued guidelines for information technology professionals on how to secure their systems and make them resistant to potential cyberattacks.
“CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to COVID-19,” said Bryan Ware, CISA Assistant Director of Cybersecurity.
“The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organizations, specifically during this time as healthcare organizations are working at maximum capacity,” he added.