SUBJECT:

Be Aware of COVID-19 Related Hacking and Phishing Attacks

In recent months, state-sponsored hackers have shifted from targeting
defense-related research to strategically valuable COVID-19 and related
intellectual property. UC San Diego is a target because our university
is a renowned center for vaccine research and a leader in responding to
the current pandemic.

This notice describes some of the risks and specific actions all UC San
Diego researchers should take in response to this threat.

Assume you and your laboratory are being targeted regardless of your
area of research. Often professional hacking groups attack unrelated but
vulnerable projects hoping to establish inroads from which to launch
attacks on other internal UC San Diego resources.

Hackers still use email as the primary method of introducing malware
into our environment; coronavirus-related topics are the dominant lure.
In March and April, 72 phishing campaigns were identified that were
built around COVID-19, collectively targeting almost 3,000 members of
the UC San Diego community.

While the majority of these attacks attempt to steal your login
credentials, some also carry other forms of malware, including
ransomware. Though many of our network and endpoint-based security
technologies help detect and block ransomware, no technology is
foolproof. In fact, UCSF was recently hit by a common ransomware
variant. You can read about the UCSF incident at
https://bloom.bg/2Aq9yRc

We will soon be initiating recurring mock phishing campaigns to help
provide additional guidance on recognizing phishing emails.

STEPS YOU CAN TAKE

*Contact your department’s technical support to ensure your lab has been
moved behind either the Health System or Campus enterprise firewalls.
These will not interfere with your workflow or collaboration but will
prevent roughly 60% of the attacks from touching your lab equipment.

*Ensure you have the latest, freely provided, anti-malware software
installed on all computers. The modern software we have available is
much less resource-intensive than traditional antivirus software and
enables detecting the sorts of techniques used by state-sponsored
hackers.

*Review the accounts and users with access to your research data and
equipment. While data sharing tools such as OneDrive or Google Drive
foster collaboration and data sharing, it is also easy to accidentally
grant access to data unintentionally or to leave unused accounts active.
We have seen unused accounts 'banked' by hacking organizations for as
long as seven years before they were exploited.

*Review your backup strategy for every step in your scientific workflow.
If you are assuming your data is rigorously backed up, you're probably
wrong. Ask how long it's stored, how often a restore is tested, and how
your staff know they're backing up good, uncompromised files. There are
a number of sanctioned resources for storage and backup available for
free or at a fee; these can be reviewed at
https://researchdata.ucsd.edu/finder

We recognize that our community is under tremendous stress due to the
campus closure, the shift to remote operations, and now our gradual
reopening. Please take a moment to visit the steps listed above with
your staff and be extra vigilant when any email or web site offers
coronavirus information. For a consultation about these matters, feel
free to contact our offices at:

- Office of Information Assurance (Campus): security@ucsd.edu
- Health Systems Security Office: hs-informationsecurity@health.ucsd.edu

Michael Corn Chief Information Security Officer UC San Diego Campus Ken Wottge Chief Information Security Officer UC San Diego Health