author photo
By Bruce Sussman
Thu | May 14, 2020 | 6:15 AM PDT

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a joint public service message this week that reveals something many already suspected.

China is trying to hack the world's COVID-19 researchers

The People's Republic of China is using cyberspace to try to steal data from those with crucial COVID-19 information.

"The FBI is investigating the targeting and compromise of U.S.  organizations conducting COVID-19-related research by PRC affiliated cyber actors and non-traditional collectors.

These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.

The potential theft of this information jeopardizes the delivery of  secure, effective, and efficient treatment options."

The FBI and CISA message makes us wonder if China was behind the cyberattack on the World Health Organization during the coronavirus pandemic. For more on that attack, listen to this podcast episode:

Clearly, it sounds like a nation-state cyberattack of some sort.

While the latest cybersecurity statement from the government leaves that question unanswered, it does contain some very helpful information for mitigating possible cyberattacks by China.

5 steps to stop China from stealing COVID-19 data

The joint FBI and CISA statement lists the following five steps that can help protect your organization or university from nation-state cyberattacks, regardless of whether the focus is COVID-19 or something else.

  1. Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity.
  2. Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
  3. Actively scan web applications for unauthorized access, modification, or anomalous activities.
  4. Improve credential requirements and require multi-factor authentication.
  5. Identify and suspend access of users exhibiting unusual activity.

COVID-19 cyberattacks are linked to geopolitics

SecureWorld recently interviewed CNN analyst and retired Air Force Colonel Cedric Leighton about the virtual battle being played out in cyberspace.

"We know that the Chinese, the Russians, the North Koreans, even the Iranians are going to continue to be active in cyberspace. They will take advantage of new work modes that may outlast the coronavirus pandemic. And those new work modes lead to new vulnerabilities. And these new vulnerabilities will lead to new methods of exploitation by these and other bad actors."

How do real world events impact cyberattacks and cybersecurity? Listen to this podcast episode for more of our discussion with Col. Leighton:

Also, see the FBI and CISA public service announcement: People's Republic of China (PRC) Targeting of COVID-19 Research Organizations