The Canadian Centre for Cyber Security assesses that the COVID-19 pandemic presents an elevated level of risk to the cyber security of the medical research community in Canada. Cyber criminals and other threat actors that utilize malware and ransomware to exploit organizations may leverage the increased pressure placed on these organizations as a method of extracting ransom payments or masking compromises aimed at the theft of intellectual property and/or other sensitive data amidst the existing environment of uncertainty. The Cyber Centre therefore recommends that all organizations in the medical research community remain vigilant and take the time to ensure that they are engaged in cyber defense best practices.
While this Alert highlights risks to the medical research community in Canada during the COVID-19 crisis, all Canadian businesses are advised to consider the following advice and guidance from the Cyber Centre.
The Cyber Centre assesses that the COVID-19 pandemic presents an elevated level of risk to the cyber security of the Canadian medical research community at a time when the impact a cyber incident could be heightened. Specifically:
- Sophisticated threat actors may attempt to steal the intellectual property (IP) of organizations engaged in research and development related to COVID-19; and
- Cyber criminals may take advantage of the COVID-19 pandemic, using it as leverage to extract payments from ransomware victim organizations within the medical research community.
Sophisticated Threat Actors
Sophisticated threat actors may choose to target Canadian organizations within the medical research community in order to gain intelligence on COVID-19 response efforts, ongoing key research towards a vaccine or other medical remedies, potential political responses to the crisis, or other topics of interest to the threat actor. Both private and public medical research organizations in Canada should be extra vigilant in order to detect attempted compromises by sophisticated threat actors. Attempts to compromise an organization by a sophisticated threat actor may leverage social engineering, spear-phishing campaigns, critical vulnerabilities, compromised credentials or a combination of these and other threat vectors.
The impact of a ransomware incident on Canadian organizations within the medical research community during the COVID-19 pandemic could be more severe than if it were to occur in a non-crisis environment. It is therefore recommended that organizations take extra care in identifying, as early as feasible, vulnerabilities and possible compromises that may lead to ransomware being deployed. The Cyber Centre strongly advises that all organizations become familiar with and practice their business continuity plans, including restoring files from back-ups and moving key business elements to a back-up infrastructure.
In view of these risks, the Cyber Centre recommends that all Canadian organizations within the medical research community take the time to ensure that they are actively engaged in cyber defense best practices.
Special consideration should be given to the following areas:
- Stay aware of ongoing phishing activities related to COVID-19.
- Employees working from home could put a strain on telework services. Ensure appropriate security policies have been put in place, and monitor logs for malicious activity.
- Remember to always keep in mind these top 10 security actions:
- Review recently published Alerts and Advisories highlighting vulnerabilities that may affect your environment.
- Organizations that do not have a robust cyber defense capability may wish to consider consulting with private vendors of such services.