In the article “Alert: APT Groups Targeting COVID-19 Researchers,” HealthcareInfoSecurity reports that authorities in the U.S. and U.K. are warning medical institutions, pharmaceutical companies, universities and others about "password spraying campaigns" by advanced persistent threat groups seeking to steal COVID-19 research data. The publication turned to privacy, cybersecurity and data strategy counsel Jason G. Weiss for insight on the matter.
In password spraying campaigns, the attacker tries a single, commonly used password against many accounts before trying another password. Weiss explains that simple cyber hygiene techniques, including multifactor authentication (MFA) and employee security awareness trainings, are strong mitigators of attacks such as these.
"MFA would completely prevent password spraying attacks, since a cybercriminal would need a second layer of authentication to access an account even if they stumbled across a weak password during a password spraying attack,” he says.