Advanced Persistent Threats Backed by Nation-States Focus their Intelligence Gathering on COVID-19 Research: NTT Ltd

NTT Ltd., a world-leading global technology services provider, today released its GTIC Monthly Threat Report for the month of July 2020. The Global Threat Intelligence Center (GTIC) protects, informs, and educates NTT Group clients through threat research, vulnerability research, intelligence fusion and analytics. Attacks from Advanced Persistent Threat (APT) actors continued to be on the rise, despite COVID-19; in fact, the virus has added fuel to the fire and has provided a cover for their operations. Organizations and industries that are considered as essential were increasingly targeted: power grids, oil and gas, postal and delivery services, first responders and law enforcement– assets which are even more valuable during a global crisis.

Key findings:

APTs, particularly those suspected to be backed by nation-states, are focusing on intelligence-gathering efforts on COVID-19 research

APT groups with links to Iran have attempted to breach the World Health Organization (WHO) via phishing campaigns, likely seeking information on testing, treatments, or vaccines

Extortion, espionage, financial gain, and disinformation were the key objectives behind APTs conducting various operations, especially now, during a global crisis

Companies researching the disease should expect to be targeted, whether for purposes of medical advantage to better treat or prevent COVID-19, for monetary gain or purely to inhibit the target from making progress

In addition, APT32 attackers linked to the government of Vietnam have been targeting China, reportedly over its perceived lack of accurate information dissemination during, and the overall handling of the initial outbreak

Normal APT operations have also continued during this same timeframe; and operations related to – or leveraging– COVID-19 have served as a smokescreen as countries continue to focus their efforts in response to the pandemic, from both healthcare and cybersecurity perspectives

Considerations:

As businesses continue to digitally transform and rapidly expand their footprint, they’ve been looking for a network that balances cost, user experience, agility and efficiency. The answer, and solution is a software-defined wide area network (SD-WAN), a virtualized network overlay and a lightweight replacement for traditional physical WAN infrastructure.

While WAN technologies have some native security features, unless reviewed holistically, it’s likely not enough to ensure your SD-WAN is inherently secure. It is a fundamental requirement to do a risk analysis and assessment that considers your organization’s risk profile at the outset of designing your SD-WAN and selecting appropriate security controls

As the threat landscape evolves, even the organizations that may not be considered an essential service cannot let their guard down. Enterprises must continue to adopt best practices and build awareness in both their network environment and their global state of things.

Leveraging intelligence capabilities and resources from around the world, NTT Ltd.’s threat research is focused on gaining understanding and providing insights into the various threat actors, exploit tools and malware.