One of the world's leading biology laboratories investigating COVID-19 has suffered a data breach. It was Oxford University, which confirmed on February 25 that it had spotted an incident in the Department of Structural Biology (known as "Strubi") after Forbes revealed that hackers were showing access to certain systems University's. These include machines used to make biochemical samples, but the university says it is not currently in a position to determine the extent of the breach. In addition, it has contacted the National Cyber Security Center (NCSC), a branch of the British intelligence service GCHQ, which will investigate this security incident.
Forbes has been notified of the breach by its chief technology officer Hold Security, Alex Holden, who provided screenshots showing hackers' access to Oxford University systems. The screenshots showed interfaces for laboratory equipment. There were also times and dates in controls based on Windows. The data The screenshots show the period from February 13 to February 14, 2021, while there is evidence to suggest that the violation probably continues to this day.
Η infringement could jeopardize the theft of research data, including those relating to COVID-19. There is also the threat of sabotaging research into the virus if hackers can alter laboratory tests and procedures. Holden said he was particularly concerned about the breach, as cybercriminals are known to have committed attacks against energy companies as well as other major technology and science companies, so this type of data in their hands can be disastrous.
Professor Alan Woodward, a cybersecurity specialist at Surrey University, said: "As there is a lot of interest in molecular structures in COVID-19 research at the moment, it is estimated that someone was looking for data on the virus or the vaccine. It is difficult, however, to determine why he wanted to sabotage the investigation. "The fact that the attackers were selling access suggests that they may not be state hackers, but a group that believed that states or those working on valuable intellectual property could pay for such data."
Although not directly involved in the development of the Oxford University-AstraZeneca vaccine, which belongs to the Oxford vaccine group and the Jenner Institute, Strubi scientists have been heavily involved in research into how COVID-19 cells work and how to stop them from causing damage. This includes studies on potential future vaccine candidates. Strubi also hosts the Particle Imaging Center, which studies pathogens in humans and animals, with its researchers recently publishing research on HIV.
Interpol warned in 2020 that organized cybercrime teams were likely to target those involved in COVID-19 research and vaccine development. The "hit" at Oxford University may be the first major example of such an attack.
Who is behind the Oxford University breach?
Hackers associated with Russia and North Korea have been accused of targeting researchers working on COVID-19. However, while some cyberattacks on virus-studying organizations have been linked to international espionage, the one at Oxford University appears to have been the work of financially motivated criminals.
The hackers behind the attack are, according to Holden, very "sophisticated" and have sold private data stolen from some of their victims. In the past they have sold data to APT groups. In addition, Holden added that the hackers spoke Portuguese. The victims of this hacking group include Brazilian universities, Holden added, noting that the group uses ransomware to blackmail some of its victims.
In addition, Holden reported that business analyst Dun & Bradstreet Malaysia had recently been hacked by the same group, and also provided screenshots of the attack, which showed access to internal email and databases of Oracle. They also contained a spreadsheet with Oracle database passwords. So far, the company's site is offline.
As a result, those who breached Oxford University have a growing list of high-profile targets, and some governments may buy their stolen "goods."