Cyber warning issued for healthcare and research organisations in UK and USA

Security agencies in the United Kingdom and United States have exposed malicious cyber campaigns targeting research organisations involved in the coronavirus response and given tips to stay safe.

The University's Information Security Team is heavily involved in supporting departments secure their information but all of us have a part to play in protecting critical research information from these determined, persistent attacks.

Password spraying

In particular, the National Cyber Security Centre (NCSC) have been investigating large scale password spraying campaigns. ‘Password spraying’ is a commonly used style of brute force attack in which the attacker tries a single and commonly used password against many accounts before moving on to try a second password, and so on.

What can you do?

To avoid being caught out, follow standard good practice for creating strong unique passwords:

  • Avoid regularly used passwords like 123456, qwerty or password!
  • Use long passwords - at least 16 characters
  • Create a different password for every account

You could also use a password manager as these can generate truly random and almost unbreakable passwords at the click of a button. For more guidance check out our page on strong passwords.

You can read the full warning from the NCSC and the essential services advisory as highlighted in the UK Government's coronavirus press conference on 5 May 2020.