Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

COVID-19 Vaccine Attacks Teach an Important Cybersecurity Lesson

COVID-19 Vaccine Attacks Teach an Important Cybersecurity Lesson

Since the outbreak of the COVID-19 coronavirus has wreaked havoc across the globe, there has been a lot of hope and effort put towards developing a vaccine against it. Unfortunately, just as some experiments have produced promising results, hackers have begun targeting the research centers responsible. Let’s look at this situation to see what it can teach us.

The Cozy Bear Threat

According to the National Cyber Security Centre, a government security organization based in the United Kingdom, a hacking group known as “APT29” (also referred to as “the Dukes” or “Cozy Bear”) has actively targeted the research centers conducting research into developing a COVID-19 vaccine. These claims have been supported by both the United States’ National Security Agency and Canada’s Communications Security Establishment.

In fact, the National Cyber Security Center released a report that outlined the attack that the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also endorses.

This report describes the use of various exploits in conjunction with spear phishing attacks by APT29. Both tactics give APT29 access to carry out the rest of their attacks, which often involves deploying malware known as WellMess or WellMail.

On a side note, some of these exploits have been patched, so make sure you’re also up to date on your patches as well.

Many experts also share the opinion that Cozy Bear has struck before, and that the current threat needs to be taken very seriously as a result. It is believed that APT29 was responsible for the 2016 intrusion into the Democratic National Committee’s systems, as reported by CNN. The group has also been linked to assorted attacks on healthcare, energy, governmental and diplomatic organizations, and think tanks in the past.

What is Spear Phishing?

Phishing is a form of hacking that targets the end user, rather than using software vulnerabilities, to gain access to a system. Spear phishing is a more direct form of phishing. Instead of sending a generic message to massive groups of potential targets to see who takes the bait, spear phishing is specifically directed to an individual with access to key data and resources.

While APT29 may not target your organization as a part of these efforts to steal research, it is nevertheless critical that you and your team can recognize a potential phishing attack and mitigate it before it causes significant problems. While the following is by no means a comprehensive list of warning signs, it is a good place to start educating your team:

  • Always check the details. Many phishing attacks can be identified by close-but-no-cigar “From” addresses. When in doubt, try looking up the email address that sent an email.
  • Proofread the message. While legitimate messages can contain terrible spelling and grammar mistakes, and attackers can more and more effectively mimic professional communications, many phishing messages can be rife with errors.
  • Double-check. If possible, don’t be afraid to confirm that the email is legitimate by reaching out to the supposed sender (through some non-email form of communication) to confirm that they sent the message.

For more assistance in dealing with phishing attacks, reach out to us! At Total Tech Care, we’re motivated to help prevent a phishing attack from impacting your operations. Give us a call at 866-348-2602 to learn more.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Business Continuity IT Support Smartphones Communication Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Quick Tips Cybersecurity Users Business Management Windows Phishing Upgrade Managed IT Services Data Backup Outsourced IT Ransomware Windows 10 Data Recovery Cloud Computing Office Server Save Money Passwords Windows 10 Chrome Social Media Virtualization Saving Money Holiday Gadgets Tech Term Automation Microsoft Office Managed IT Services Managed Service Cybercrime Computers Artificial Intelligence Operating System Facebook Hacking Health BYOD Internet of Things Mobile Device Management Networking IT Support Wi-Fi Information Technology Covid-19 Spam Information Alert Office 365 Telephone Systems Managed Service Provider Remote Mobility Recovery Employer-Employee Relationship Router BDR Bandwidth Social Engineering Encryption Applications Human Resources Mobile Computing Law Enforcement Application Remote Monitoring App Data Breach History Password Big Data Money VPN How To Blockchain Remote Computing Government Paperless Office Mobile Office Private Cloud Data Storage Patch Management Managed IT Office Tips Training Apps Gmail Settings Flexibility Data Security Google Drive Marketing Two-factor Authentication WiFi IT solutions Entertainment Website Avoiding Downtime Mouse Budget HaaS Vulnerability Infrastructure Windows 7 Voice over Internet Protocol Word Bring Your Own Device Data Management Work/Life Balance Wireless Servers Lithium-ion battery Data Protection End of Support Physical Security Education Safety Vendor Firewall HIPAA Managed Services Sports Redundancy Display Virtual Reality Keyboard Apple Employee/Employer Relationship Staff Social Software as a Service Telephone System USB RMM Machine Learning User Error Connectivity Remote Work Meetings Conferencing Save Time Scam Risk Management Hacker Cleaning Vendor Management The Internet of Things Cryptocurrency Help Desk Unsupported Software SharePoint Battery Printing Shadow IT Charger Legal Virus Customer Service Comparison Compliance Managed Services Provider Unified Threat Management Internet Exlporer OneNote Computer Care Environment CES Current Events Computer Accessories Database Telephony Fax Server PDF Samsung Content Management Remote Workers Business Technology SaaS Access Control Processor Proactive IT Value Virtual Assistant Printer Authentication Best Practice Spam Blocking Electronic Medical Records Bluetooth Hard Drive YouTube Network Congestion eWaste Black Market Hiring/Firing Update Computing Document Management IT Consultant Solid State Drive Wireless Technology Downtime Wearable Technology Google Docs How to Humor Retail Identity Theft Hard Drives Instant Messaging Business Intelligence Data storage Digital Signage Robot Excel Automobile Audit Worker Biometrics IT Management Virtual Desktop Augmented Reality Computing Infrastructure Botnet Fraud Procurement Going Green IT Plan Net Neutrality DDoS Workplace Strategy Remote Worker IBM Employees Techology Employee/Employer Relationships Laptop Recycling Customers ISP Flash Distributed Denial of Service Practices Customer Relationship Management Smart Technology Windows 365 Wiring Audiobook Video Conferencing ROI Cache Amazon Web Services Analyitcs Supercomputer Programming Sales Bitcoin Safe Mode Touchpad Shortcuts Software Tips Criminal GDPR PowerPoint Cryptomining Sync Hosted Computing Windows Media Player Emails Point of Sale User Personal Politics Supply Chain Management Advertising Wireless Internet Online Shopping Monitoring Batteries File Sharing Antivirus Camera Inventory Notifications Netflix Specifications Two Factor Authentication Windows 8.1 Windows 8 Managing Stress Digitize Windows Server 2008 R2 Wire Root Cause Analysis IT service Evernote Knowledge Travel Music Customer relationships Cameras HBO Printers Relocation Manufacturing Skype Millennials Email Best Practices Tablet IT Assessment Smart Office Data loss Domains Wireless Charging Leadership Troubleshooting Computer Tips Video Games Managed IT Service Security Cameras Outlook OneDrive Virtual Private Network Biometric Security Start Menu IaaS Maintenance Workforce Virtual CIO Worker Commute Bloatware Experience Peripheral Screen Mirroring Cables Loyalty Frequently Asked Questions Books Digital Security Cameras Scalability Using Data Printer Server Copiers Project Management 5G Mobile Nanotechnology Windows 10s Telecommuting Tablets Business Owner Entrepreneur Quick Tip NarrowBand Cast Cortana Smartwatch Tip of the week Digital Signature webinar Emergency Ergonomics Search Development Warranty iPhone OLED Professional Services Public Cloud Shortcut Employer Employee Relationship Assessment Cost Management PCI DSS Virtual Machine HVAC Google Apps Employee Windows Server 2008 Analysis Social Networking 2FA Fiber Optics Messaging Administrator Files Cabling Tools Devices Television Policy Hypervisor Enterprise Content Management Chromecast Running Cable Accountants Dark mode Trend Micro MSP SMS Microchip Colocation Default App Thought Leadership Uninterrupted Power Supply Credit Cards Memory Public Computer Procedure Consultant Saving Time Password Management Password Manager Monitor Google Search Regulations Multi-Factor Security Transportation dark theme Shopping Analytics AI Search Engine IT Infrastructure Twitter Computer Fan Rootkit FinTech Best Available NIST Bing Business Mangement Reputation Smart Tech Streaming Media Workers Trending Benefits Science WIndows 7 Social Network Content Investment Addiction Tech Support FENG Amazon

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code