May 05, 2020

Jason G. Weiss Comments on Password Spraying Campaigns Against COVID-19 Researchers

In the article “Alert: APT Groups Targeting COVID-19 Researchers,” HealthcareInfoSecurity reports that authorities in the U.S. and U.K. are warning medical institutions, pharmaceutical companies, universities and others about "password spraying campaigns" by advanced persistent threat groups seeking to steal COVID-19 research data. The publication turned to privacy, cybersecurity and data strategy counsel Jason G. Weiss for insight on the matter.

In password spraying campaigns, the attacker tries a single, commonly used password against many accounts before trying another password. Weiss explains that simple cyber hygiene techniques, including multifactor authentication (MFA) and employee security awareness trainings, are strong mitigators of attacks such as these.

"MFA would completely prevent password spraying attacks, since a cybercriminal would need a second layer of authentication to access an account even if they stumbled across a weak password during a password spraying attack,” he says.

Full Article
The Faegre Drinker Biddle & Reath LLP website uses cookies to make your browsing experience as useful as possible. In order to have the full site experience, keep cookies enabled on your web browser. By browsing our site with cookies enabled, you are agreeing to their use. Review Faegre Drinker Biddle & Reath LLP's cookies information for more details.