Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

COVID-19 Vaccine Attacks Teach an Important Cybersecurity Lesson

COVID-19 Vaccine Attacks Teach an Important Cybersecurity Lesson

Since the outbreak of the COVID-19 coronavirus has wreaked havoc across the globe, there has been a lot of hope and effort put towards developing a vaccine against it. Unfortunately, just as some experiments have produced promising results, hackers have begun targeting the research centers responsible. Let’s look at this situation to see what it can teach us.

The Cozy Bear Threat

According to the National Cyber Security Centre, a government security organization based in the United Kingdom, a hacking group known as “APT29” (also referred to as “the Dukes” or “Cozy Bear”) has actively targeted the research centers conducting research into developing a COVID-19 vaccine. These claims have been supported by both the United States’ National Security Agency and Canada’s Communications Security Establishment.

In fact, the National Cyber Security Center released a report that outlined the attack that the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also endorses.

This report describes the use of various exploits in conjunction with spear phishing attacks by APT29. Both tactics give APT29 access to carry out the rest of their attacks, which often involves deploying malware known as WellMess or WellMail.

On a side note, some of these exploits have been patched, so make sure you’re also up to date on your patches as well.

Many experts also share the opinion that Cozy Bear has struck before, and that the current threat needs to be taken very seriously as a result. It is believed that APT29 was responsible for the 2016 intrusion into the Democratic National Committee’s systems, as reported by CNN. The group has also been linked to assorted attacks on healthcare, energy, governmental and diplomatic organizations, and think tanks in the past.

What is Spear Phishing?

Phishing is a form of hacking that targets the end user, rather than using software vulnerabilities, to gain access to a system. Spear phishing is a more direct form of phishing. Instead of sending a generic message to massive groups of potential targets to see who takes the bait, spear phishing is specifically directed to an individual with access to key data and resources.

While APT29 may not target your organization as a part of these efforts to steal research, it is nevertheless critical that you and your team can recognize a potential phishing attack and mitigate it before it causes significant problems. While the following is by no means a comprehensive list of warning signs, it is a good place to start educating your team:

  • Always check the details. Many phishing attacks can be identified by close-but-no-cigar “From” addresses. When in doubt, try looking up the email address that sent an email.
  • Proofread the message. While legitimate messages can contain terrible spelling and grammar mistakes, and attackers can more and more effectively mimic professional communications, many phishing messages can be rife with errors.
  • Double-check. If possible, don’t be afraid to confirm that the email is legitimate by reaching out to the supposed sender (through some non-email form of communication) to confirm that they sent the message.

For more assistance in dealing with phishing attacks, reach out to us! At Total Tech Care, we’re motivated to help prevent a phishing attack from impacting your operations. Give us a call at 866-348-2602 to learn more.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Business Google Network Security Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices Hardware IT Services Disaster Recovery Android VoIP communications IT Support Business Continuity Smartphones Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Business Management Users Managed IT Services Upgrade Windows Phishing Data Backup Outsourced IT Ransomware Windows 10 Office Server Save Money Data Recovery Cloud Computing Passwords Windows 10 Gadgets Tech Term Saving Money Holiday Social Media Chrome Virtualization Automation Microsoft Office Managed IT Services Managed Service Computers Artificial Intelligence Facebook Operating System Cybercrime Wi-Fi BYOD Mobile Device Management Networking IT Support Hacking Health Internet of Things Alert Spam Office 365 Remote Telephone Systems Information Technology Managed Service Provider Covid-19 Information Bandwidth Router Social Engineering Employer-Employee Relationship Mobility Recovery BDR Mobile Computing Remote Monitoring Application Password Money Data Breach App History Encryption Applications Big Data Human Resources Law Enforcement Mobile Office Data Storage Managed IT Patch Management Apps Office Tips Training VPN Blockchain Government Paperless Office How To Remote Computing Private Cloud WiFi HaaS Infrastructure IT solutions Voice over Internet Protocol Entertainment Vulnerability Website Bring Your Own Device Data Management Budget Work/Life Balance Windows 7 Word Servers Wireless Google Drive Gmail Data Security Settings Avoiding Downtime Two-factor Authentication Flexibility Marketing Mouse Save Time User Error Conferencing Meetings Scam Cleaning USB Risk Management Hacker Data Protection End of Support Vendor Management Physical Security Vendor Education The Internet of Things Managed Services Safety Lithium-ion battery Display HIPAA Sports Redundancy Keyboard Employee/Employer Relationship Firewall Staff Software as a Service Telephone System RMM Virtual Reality Machine Learning Apple Connectivity Remote Work Social Digital Signage Identity Theft Printer Data storage Automobile Bluetooth Procurement Business Intelligence Wearable Technology Augmented Reality Workplace Strategy Retail Computing Infrastructure Hard Drives Net Neutrality Fraud Audit Worker Instant Messaging Going Green Excel Help Desk IT Management Robot Remote Worker Printing IT Consultant Biometrics Cryptocurrency Botnet IT Plan Battery Virtual Desktop Shadow IT Humor Legal Managed Services Provider Unsupported Software Comparison DDoS Internet Exlporer Database CES Charger SharePoint Remote Workers Compliance PDF Content Management OneNote Computer Care Business Technology Processor Customer Service Access Control Current Events Environment Proactive IT Telephony Samsung Virtual Assistant Hard Drive Fax Server Authentication Best Practice YouTube Value Virus Black Market Computing SaaS Electronic Medical Records Unified Threat Management Spam Blocking Update Computer Accessories Document Management Hiring/Firing Network Congestion Solid State Drive Wireless Technology Google Docs eWaste How to Downtime Dark mode Emergency Administrator Files Trend Micro Tablets Devices Tip of the week webinar Public Cloud Employer Employee Relationship SMS Entrepreneur Enterprise Content Management Chromecast Default App Professional Services Saving Time Accountants Assessment Procedure MSP dark theme Shortcut Microchip Colocation Shopping Thought Leadership Uninterrupted Power Supply Google Search Windows Server 2008 Credit Cards AI Cost Management Password Management IT Infrastructure Tools Password Manager Monitor Bing Multi-Factor Security Television Printer Server FinTech Social Networking Search Engine Social Network Twitter NIST Investment Business Mangement Reputation Employee/Employer Relationships Smart Tech Streaming Media Trending Public Computer Running Cable Employees Content Windows 365 Transportation Memory Addiction Tech Support ISP Regulations Amazon Computer Fan Rootkit Techology Video Conferencing Laptop ROI Recycling Wiring Customers Bitcoin Practices Shortcuts Sales Audiobook Point of Sale Benefits Personal Cache Cryptomining Amazon Web Services Workers Criminal FENG Supply Chain Management Safe Mode Touchpad GDPR Batteries Science Hosted Computing IBM Monitoring Politics Windows 8.1 Smart Technology Advertising Digitize Wireless Internet Flash Online Shopping Consultant File Sharing Windows Server 2008 R2 Customer Relationship Management Camera Inventory Notifications Software Tips Specifications Supercomputer Analytics Distributed Denial of Service Customer relationships Email Best Practices IT Assessment Analyitcs Wire Manufacturing Sync Evernote Emails Best Available Travel Programming Printers Relocation Managed IT Service Security Cameras WIndows 7 Millennials Computer Tips Virtual CIO Two Factor Authentication OneDrive Smart Office Biometric Security Wireless Charging Netflix Root Cause Analysis Antivirus Video Games Peripheral Virtual Private Network Using Data Windows 8 HBO Workforce Knowledge Worker Commute Digital Security Cameras Music Experience IT service Copiers 5G Skype Cables Data loss Scalability Quick Tip Windows Media Player Project Management Tablet Nanotechnology Smartwatch Outlook User Telecommuting Leadership PowerPoint Business Owner Ergonomics Troubleshooting Domains Development NarrowBand OLED Start Menu Cortana Digital Signature Screen Mirroring Loyalty Search PCI DSS Virtual Machine Maintenance Warranty iPhone Fiber Optics Employee Frequently Asked Questions Managing Stress IaaS 2FA Books Windows 10s Messaging Bloatware HVAC Cabling Mobile Google Apps Analysis Cast Cameras Policy Hypervisor

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code