Cyber-crime cells and government agencies in several countries have intercepted hackers attempting to access COVID-19 patient data with brute-force password spray attacks. They have issued circular to the IT as well as medical staff and other impacted groups regarding the same.
What is a brute-force attack?
In a brute-force password attack, the attacker tries to crack the password with a permutation and combination of various letters in the alphabet. These could be dictionary words, a combination of those or a more complex mix of special characters, digits, uppercase and lowercase letters and of various lengths. This attack takes a lot of time and success is pure luck.
What is a password spray attack?
A password spray attack is different from a brute-force attack. Most security solutions are able to detect brute-force attacks and deny access to the attacker after a certain number of failed attempts and blocking them automatically.
Password spraying attack is a type of brute-force attack conducted by APT groups in which the attacker tries a single and commonly used password against many accounts before moving on to try a second password and so on. This technique allows the attackers to remain undetected by avoiding the risk of frequent account lockout.
These attacks are successful because for any given large set of users, there will likely be some with common passwords.
Attackers use social-engineering tactics and perform online research viz. social media etc. to identify target organisations and specific user account for initial password spray.
Using easy to guess passwords (like password123) and publicly available tools, attackers execute a password spray attack against targeted account(s) by utilizing the identified single-sign-on (SSO) or web-based applications.
What do the attackers gain out of this data?
COVID-19 has impacted all countries globally. Also as of today there is no cure of COVID-19. Data is power. Attackers can use this data for intelligence gathering, blackmailing, further sale of data or any other nefarious activities compromising personal liberty and safety of individuals or that of organisations and countries in combination with monetary benefits.
Most passwords are compromised because of carelessness or ignorance of the end users. Easy to remember passwords are typically easy to crack. Also spyware, trojans and MITM attacks result in password compromise.
Multi-factor authentication comes to rescue in such scenarios wherein the security is distributed across multiple points as against a single authentication method.
At malCure we constantly observe these attacks. We have been regularly updating our malware scanner for incorporating updated definitions, signatures and security features so that it is able to detect new kind of infections.
We’ve noticed attackers in an overdrive eversince the COVID-19 lockdown began. Our security experts are fixing the hacked sites and providing data about newer infections as they discover while cleaning up the site. In this COVID-19 era, the idea is not only to safeguard your personal health but also information. And malCure security solutions are right there with you in this endeavour.