Phishing Trip: Russian hackers target COVID-19 research

July 28, 2020

3 min read

Sign up to our mailing list! 👇

What's going on here?

On 16 July 2020, the American, British and Canadian governments accused Kremlin-associated hacking group Cozy Bear of attempting to steal coronavirus vaccine research.

What does this mean?

Cozy Bear (a.k.a. APT29 or the Dukes), which is overseen by Russia’s CIA equivalent is accused of running sophisticated cyberattacks on various Western organisations involved in COVID-19 vaccine development to access research and supply chain information. The group has targeted employees of these organisations, using phishing emails and custom malware. Thankfully, the attacks have been largely unsuccessful and have not hindered research efforts. Experts believe the group’s primary aim is to augment Russia’s vaccine research efforts, rather than to disrupt ongoing research. Yet it remains possible that the hacks are an effort to reduce reliance on the West once a vaccine is discovered. Russia has denied any involvement.

Western security agencies are following a recent strategy propounded by the United States in explicitly calling out specific groups and/or states. This saga comes at a time of high tension between the UK and Russia. A report long-delayed by the Johnson administration detailing Russian interference was published earlier this month by parliament’s Intelligence and Security Committee. The report accused the government of actively avoiding looking for evidence of Russian interference, such as through cyber activity.

What's the big picture effect?

Cybercrime is low risk and potentially high-reward, despite being costly for its victims. A 2018 report estimated that cybercrime costs the global economy just over 0.8% of annual global GDP. It is problematic to bring cybercriminals to justice because of the issue of attribution. Proxy servers and other tactics actively mask the user’s location which hinders prosecution efforts. For example, less than 1% of reported cybercrimes are prosecuted in the UK. This makes hacking attractive for individual criminals, as well as sovereign governments wishing to carry out sophisticated cyberattacks. 

The major piece of UK legislation relating to offences or attacks against computer systems is the Computer Misuse Act 1990 (CMA), which is arguably unfit for purpose given the nascency of the internet when it was passed. Under the CMA, English courts can prosecute if there is “at least one significant link with the domestic jurisdiction” (England and Wales) in the circumstances of the case. If Cozy Bear could be brought to justice, the prosecution would allege that they attempted to get “access without right” pursuant to section 1 CMA.

The CMA places strict limits on the rights of law enforcement to pursue hackers, which can impede prosecutions. For example, currently the CMA exposes law enforcement to the risk of prosecution themselves if they go beyond the limits of their warrant. Even requiring a warrant to investigate can be a hindrance given the ephemeral nature of digital crimes. Experts have therefore urged radical revisions to British digital crime legislation.

Alternatively, existing legislation could be updated to deal with the rise of cybercrime. An example of this is the Treason Act, dating back to 1351, which recognises betrayal of one’s country as an offence. For example, under the Terrorism Act 2000 it is an offence to belong, or profess to belong, to a proscribed organisation, such as IS. Yet, it would be impossible to prosecute British citizens for carrying out cyber-crimes on behalf of a foreign power. Many argue this must change.

In the UK, legislation including the CMA, should be modernised to make law enforcement as effective as possible in thwarting cybercrime. The rising economic cost of cybercrime necessitates reform. Without it, Cozy Bear and its (presumably) furry friends will continue to enjoy the ongoing digital salmon run unfettered, making COVID-19 phishing trips the least of our worries.

Report written by George Maxwell

Share this now!

Check out our recent reports!