Hello everyone. Hope you are all healthy!
The pandemic unfortunately continues to be a field day for hackers. They are attacking many – if not all – sectors of medicine and those related to it, such as supply chains throughout the world. You’ll read plenty of those stories here. But I always try to find the silver lining because you have to, right? And so, we are also featuring a few stories about cybersecurity superheroes. This provides a much-needed warm and fuzzy feeling in these troubling times, but it is truly heartening to know that people and corporations like Microsoft are doing what they can to not give attackers the upper hand.
So, grab your cup o’ joe, tea or my favorite – hot chocolate – and read on.
In the meantime, stay healthy and safe!
Top Global Cybersecurity News Stories
Wall Street Journal (April 16, 2020) Interpol Says Hospitals Targeted With Array of Ransomware
"Hackers have used a number of ransomware variants to attack hospitals and health-care facilities in multiple countries, adding to medical providers’ concerns as they confront the coronavirus pandemic, according to Interpol.
The international police body received an alert about a ransomware attack on a hospital in mid-March, said Craig Jones, Interpol’s director of cybercrime. He declined to say what country the hospital is located in. The following week, Interpol sent out a notice to member countries warning them of potential ransomware attacks on medical facilities. The agency subsequently received six more alerts about attempted attacks using at least four different types of ransomware, he said."
The Register (April 15, 2020) Oh ... Fudge This Pandemic! Google walks back on decision to switch off FTP in Chrome 81
"Google has switched File Transfer Protocol (FTP) back on in Chrome 81 in response to the COVID-19 situation. The change was made 'via server-side configuration.'
The Chocolate Factory has been keen to kill off the venerable protocol for some time, and after a succession of prunings, disabled it by default in version 81 having tinkered with disablement in version 80. The plan, according to Google, was 'to deprecate and remove this remaining functionality rather than maintain an insecure FTP implementation.' At least up until the pandemic hit.
Last week (as first noted by BleepingComputer) a Google engineer posted: 'In light of the current crisis, we are going to "undeprecate" FTP on the Chrome stable channel. I.e. FTP will start working again.'"
Bleeping Computer (April 14, 2020) RagnarLocker ransomware hits EDP energy giant, asks for €10M
"Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).
EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world's 4th largest producer of wind energy.
The company is present in 19 countries and on 4 continents, it has over 11.500 employees and delivers energy to more than 11 million customers."
Data Breach Today (April 14, 2020) New York State Investigates Network Hack
"In January, hackers compromised portions of the New York state government's computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software, according to the Wall Street Journal.
While the New York State Office of Information Technology Services discovered the hacking incident on Jan. 28, officials did not disclose the breach until Monday, after the Journal and other publications asked about it.
The attack disabled some state agency information systems and took nearly a month to resolve, according to the Albany Times Union."
The Hill (April 14, 2020) Microsoft offering free cybersecurity services to protect health groups from hackers
"Microsoft on Tuesday announced it would offer free cybersecurity protection tools to health care, humanitarian and human rights groups around the world following a spike in attempted hacking attempts due to the coronavirus pandemic.
The company will offer groups around the world free access to its AccountGuard threat notification program, which alerts users to malicious emails that may be attempts at stealing personal information or hack into systems. The program will be available for use by health care and human rights groups until the COVID-19 pandemic subsides.
The AccountGuard program was previously offered for free by Microsoft to all candidates and their campaigns running for federal, state or local offices in the United States."
The Daily Swig (April 14, 2020) San Francisco Airport data breach: Double website hack may have lifted users’ Windows login credentials
"San Francisco International Airport (SFO) has warned that a breach against two of its websites may have allowed attackers to harvest visiting users’ Windows login credentials.
Malicious code was planted last month on two sites – SFOConnect.com and SFOConstruction.com – as the result of a cyber-attack by unidentified (or at least unnamed) assailants, the airport admitted late last week.
'The attackers inserted malicious computer code on these websites to steal some users’ login credentials,' a breach notice from SFO explains."
Vox (April 10, 2020) To fight Covid-19, cyberattacks worldwide must stop immediately
"With the world focused on combating the Covid-19 pandemic, United Nations Secretary-General António Guterres called for an immediate global ceasefire of armed conflict. The virus, he said, 'does not care about nationality or ethnicity, faction or faith. It attacks all, relentlessly.'
The call has been endorsed by an ever-growing number of countries and some 70 regional partners, civil society organizations, and all UN Messengers of Peace and Advocates for the Sustainable Development Goals. We have also seen more than 2 million people worldwide take citizen action in support of the Covid-19 ceasefire appeal.
This is encouraging impact. But to be truly successful in our efforts to curb Covid-19, we must also strive to uphold this ceasefire in the digital world as well."
Other Industry News
Cybercriminals are exploiting fears of the pandemic to steal personal information
TikTok users beware: Hackers could swap your videos with their own
OT/IoT Security Superheroes: Tackling the Remote Employee Challenge
IoT is Blooming – Connections to Hit 83 Billion by 2024
Hospitals must secure vital backend networks before it's too late
Emotet, Ryuk, TrickBot: 'Loader-Ransomware-Banker Trifecta'
COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
