Popular Voices

Cybersecurity Bodies From US, UK Issue Joint Advisory to Avert Password Spraying Campaigns

Cybersecurity Bodies From US, UK Issue Joint Advisory to Avert Password Spraying Campaigns

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has released a joint advisory with Britain’s National Cyber Security Centre aimed at helping international healthcare bodies and medical research organizations steer clear of large-scale password spraying campaigns.

The cybersecurity bodies cautioned against advanced persistent threat groups that are exploiting the COVID-19 pandemic to collect bulk personal information, intellectual property and intelligence. 

Healthcare institutions were advised to change any passwords that could be easily figured out by cybercriminals to one composed of three random words and fortified with two-factor authentication, CISA reported Tuesday

Paul Chichester, NCSC director of operations, said the agency is focused on working closely with health organizations and industries involved in the coronavirus response to help inform and protect them of any malicious activity. 

In addition to international healthcare bodies, pharmaceutical companies, research organizations and local government have been identified as likely victims of APT groups. 

With the growing threat of cybercriminals, Chichester urged healthcare policymakers and researchers to take actionable steps to defend against password spraying campaigns.

Bryan Ware, CISA assistant director of cybersecurity, echoed Chichester’s statements, noting that the agency has directed its cybersecurity services to healthcare and private organizations to enable them to focus on their response to COVID-19.

The NCSC previously exposed the most commonly hacked passwords used by cybercriminals to penetrate personal and corporate accounts and networks while CISA came up with a security tip sheet as a guide to avoid common password-related mistakes. The recent efforts expand on the NCSC’s establishment of the Suspicious Email Reporting Service, which leverages community engagement to take down phishing sites. 

Category: Popular Voices

Tags: Bryan Ware CISA cyberattack cybersecurity Cybersecurity and Infrastructure Security Agency cyberthreat National Cyber Security Centre Popular Voices