Industry Insights

Blog, Security

Lessons to Learn from Attacks on COVID-19 Research

by | Friday, September 4th, 2020

With COVID-19 creating the challenges that it has for so many, there is little wonder that creating a vaccine is such a major focus. Unfortunately, hackers are aware of this focus, and how it makes the organizations conducting vaccine trials particularly vulnerable. Let’s examine this situation, and the lessons that all businesses can take away from it.

Cozy Bear

The National Cyber Security Centre, located in the UK, recently shared that a group has been attacking organizations involved with COVID-19 vaccine research. These claims have been verified by authorities in the United States and Canada.

Known as “APT29,” as well as “Cozy Bear” and “the Dukes”, the attackers level spear phishing attacks and make use of assorted exploits to gain access to their target’s systems. After this access has been obtained, malware known as WellMail or WellMess is released into the environment. Many experts are of the opinion that this is not the first time that APT29 has been active, either. The group is suspected of attacks against various organizations in healthcare, energy, and government, and is believed to be responsible for the 2016 hack of the Democratic National Committee.

In response to this, the CSC has been trying to work with software vendors to ensure that vulnerabilities are patched. If these patches aren’t applied, cybercriminals can find the means to exploit these vulnerabilities and cause problems.

A Spear Phishing Refresher

We’re no strangers to discussions about phishing, simply because it is one of today’s most prevalent threats to network security. Many phishing attacks are sent randomly to a large group of targets, but spear phishing is a different animal. Instead of trying to exploit a lot of people for little payout from each, spear phishing requires careful planning and execution of a highly targeted attack against one person. This person is often seen as the weakest link in an organization’s security by hackers.

With any luck, you won’t need to contend with phishing attacks from a major hacking group. That being said, it’s important that you and your team can identify a potential phishing attack and react appropriately. Here are a few basics to keep in mind:

  • Always check the details. Many phishing attacks will display some subtle issue, either in the email address it comes from or some other detail. Make sure you pay attention for some of these warning signs.
  • Proofread the message. Businesses want to put their best foot forward, so their correspondence is generally carefully edited before it’s sent out. If you receive a message with questionable spelling and grammar, exercise caution.
  • Reach out. If you’re unsure of whether a message is legitimate or not, reach out to the sender through another means to confirm it if you can.

For your business to avoid threats, being able to identify potential phishing attacks is only going to become more important. Find out how to train your team to spot them by reaching out to us. Call Compudata at 1-855-405-8889 to learn more.

A Glimpse Into What Compliance Looks Like for Businesses

Apr 7, 2025 | ,

It’s easy to see all the reasons why you should make data regulations and compliance a priority. After all, you want to ensure you don’t violate the trust and security of your customers, as well as the integrity of your operations. If you make even one mistake, it...

AI Search Isn’t There Yet

Apr 4, 2025 | ,

People do this all the time: if they don’t know an answer, they just make something up that sounds right. It turns out AI has the same bad habit. A Study Put AI Search to the Test, and It Did Not Go Well Researchers at the Tow Center for Digital Journalism (part of...

Remote Work Is Great, but There Are Some Pitfalls

Apr 2, 2025 | ,

Do you have employees working remotely? If you do, the real question is, are you doing everything you can to keep them productive and secure? Remote work is awesome, but it comes with its fair share of risks. Today, we get into how to competently confront them. Remote...

Hiring IT is Hard (Here’s How to Make It Easier)

Mar 28, 2025 | ,

Do you have someone on your staff who can handle most IT-related issues for your business? If not, we’re sure your organization feels it in more ways than one. The issues that come from not having IT help are only made more frustrating when it comes time to find IT...

Let’s Take the Lid Off of CAPTCHA

Mar 21, 2025 | ,

We've officially reached the point where humans have to prove they're, well, human just to access websites. One of the most common ways to do this? CAPTCHA. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It might sound...

Automation Isn’t Always the Best Business Option

Mar 17, 2025 | ,

Automation makes sense from an operations standpoint, and people see this despite the many who advocate for scaling back to save jobs. For every task that can be completed, however, less than half can be automated. When you consider all the tasks that a human might be...

More Reading from Industry Insights:

AI Search Isn’t There Yet

by | Apr 4, 2025 | ,

People do this all the time: if they don’t know an answer, they just make something up that sounds right. It turns out AI has the same bad habit. A Study Put AI Search to the Test, and It Did Not Go Well Researchers at the Tow Center for Digital Journalism (part of...

Hiring IT is Hard (Here’s How to Make It Easier)

by | Mar 28, 2025 | ,

Do you have someone on your staff who can handle most IT-related issues for your business? If not, we’re sure your organization feels it in more ways than one. The issues that come from not having IT help are only made more frustrating when it comes time to find IT...