Welcome to GlobalSign’s weekly news round-up.
This week was marked by the fact that there were no major new attacks – a very good thing. But there is still plenty of activity to review.
What we did see this week is a continued effort by the United States government to vastly improve its cyber security defenses. And so, on Thursday it announced a new initiative that involves some of the biggest names in technology. As reported exclusively by the Wall Street Journal Pro, the government is enlisting the likes of Microsoft, Amazon, Google, FireEye and other well-known technology companies to help bolster the country's defenses against cyber attacks.
Also, this week a California court ruled that Zoom will have to pay $85 million to users for misleading encryption claims. This after the company was supposedly offering end to end encryption on its video conferencing service. The proposed settlement will give Zoom users around $15 or $25 each, depending on whether they had a free or paid subscription between March 30, 2016 and July 30, 2021. Assuming the settlement is approved by the court, the payments will apply to Zoom users nationwide. In addition to payments, Zoom agreed to over a dozen major changes to its practices, "designed to improve meeting security, bolster privacy disclosures, and safeguard consumer data.”
In medical-related news, there was an alarming report from Armis Security about critical vulnerabilities impacting the pneumatic tube systems of over 3,000 hospitals in North America. Pneumatic tube systems (PTS) in North America – the Translogic PTS system by Swisslog Healthcare – are used in over 80% of hospitals in North America, and installed in more than 3,000 hospitals worldwide. According to the Armis report, “The system is responsible for delivering medications, blood products, and various lab samples across multiple departments of a hospital,” the Armis report notes. “The discovered vulnerabilities can enable an unauthenticated attacker to take over PTS stations and gain full control over the tube network of a target hospital.
CISA is recommending that users take “defensive measures to minimize the risk of exploitation of these vulnerabilities.”
Then, in Italy, the government of Lazio last weekend was forced to notify its residents via Facebook about a cyberattack that hit the region's portal for COVID-19 vaccinations and other IT systems. Officials there said a "powerful" attack hit the region's databases on Saturday night through Sunday morning, and that all systems were disabled, including the Salute Lazio portal and the system that managed the COVID-19 vaccine bookings. The attack blocked nearly all the files in the organization’s data center.
An article by Reuters says there will be more attacks like the one that took place last month at Kaseya. That ransomware attack paralyzed as many as 1,500 organizations. Experts say it has set off a race of sorts among criminals looking for similar vulnerabilities. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said Victor Gevers, head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack. "This is going to happen again and again."
Finally, it was revealed this week by the US Department of Justice the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were hacked by the Russia-linked SVR (aka APT29, Cozy Bear, and The Dukes) during the SolarWinds attack. According to DoJ, the state-sponsored hackers compromised the email accounts of at least 80 percent of employees from US Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York. The intrusion took place between May 7 to December 27, 2020.
That’s a wrap for this week. Thanks for stopping by our blog, and have a great weekend!
Top Global Security News
Wall Street Journal Pro (August 5, 2021) U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats
"The U.S. government is enlisting the help of tech companies, including Amazon.com Inc., Microsoft Corp. and Google, to bolster the country’s critical infrastructure defenses against cyber threats after a string of high-profile attacks.
The Cybersecurity and Infrastructure Security Agency is formally unveiling the initiative Thursday, called the Joint Cyber Defense Collaborative. The effort will initially focus on combating ransomware and cyberattacks on cloud-computing providers, said Jen Easterly, director of the agency, which is part of the Department of Homeland Security. Ultimately, she said, it aims to improve defense planning and information sharing between government and the private sector.
'This will uniquely bring people together in peacetime, so that we can plan for how we’re going to respond in wartime,' she said in an interview. Ms. Easterly was sworn in as CISA’s director last month. She was previously a counterterrorism official in the Obama White House, and the commander of the Army’s first cyber operations unit at the National Security Agency, America’s cyberspy agency."
READ MORE (Requires WSJ Pro subscription)
MacRumours (August 4, 2021) Zoom to Pay $85 Million to Users for Misleading Encryption Claims
"As part of a class action lawsuit settlement, Zoom says it will pay $85 million to users for misleading them about offering end-to-end encryption on its videoconferencing service.
According to ArsTechnica, the company was accused of lying about its encryption description on its website and in a security white paper, as well as providing user data to Facebook and Google without users' permission. Filed at the U.S. District Court for the Northern District of California, the proposed settlement will give Zoom users around $15 or $25 each, depending on whether they had a free or paid subscription between March 30, 2016 and July 30, 2021. Assuming the settlement is approved by the court, the payments will apply to Zoom users nationwide.
In addition to payments, Zoom agreed to over a dozen major changes to its practices, 'designed to improve meeting security, bolster privacy disclosures, and safeguard consumer data,' according to the settlement. A hearing on the plaintiffs' motion for preliminary approval of the settlement is scheduled for October 21, 2021."
HealthITSecurity (August 4, 2021) PwnedPiper Vulnerabilities Impact Over 3K Hospitals in North America
"Critical vulnerabilities are impacting the pneumatic tube systems of over 3,000 hospitals in North America, according to a new report.
The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems Medical Advisory on August 3 on the PwnedPiper, which refers to nine critical vulnerabilities impacting hospitals.
'This system is used in over 80% of hospitals in North America, and installed in more than 3,000 hospitals worldwide,' the Armis report states. 'PTS systems play a crucial role in patient care and are utilized nearly 100% of the time.'"
Reuters (August 3, 2021) Kaseya ransomware attack sets off race to hack service providers - researchers
"A ransomware attack in July that paralyzed as many as 1,500 organizations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said.
An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said.
Now that criminals see how powerful MSP attacks can be, 'they are already busy, they have already moved on and we don’t know where,' said Victor Gevers, head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack."
ZDNet (August 2, 2021) COVID-19 vaccine portal for Italy's Lazio region hit with cyberattack
"The government of Lazio, Italy took to Facebook this weekend to notify residents of a cyberattack that hit the region's portal for COVID-19 vaccinations and other IT systems.
In a translation of the message posted to the official Lazio government Facebook page, officials said a 'powerful' attack had hit the region's databases on Sunday and that all systems are disabled, including the Salute Lazio portal and the system that managed the COVID-19 vaccine bookings.
They added that vaccination operations may experience delays because of the attack. Government officials did not say if it was a ransomware attack.
Nicola Zingaretti, president of the Lazio Region, also took to Facebook to let residents know that they still have not identified the people behind the attack but he noted that the attack was 'of criminal origin.' Zingaretti explained that the initial attack took place on Saturday night into Sunday morning and that it 'blocked almost all of the files in the data center.'"
Security Affairs (July 31, 2021) SolarWinds hackers breached 27 state attorneys’ offices
"The US Department of Justice revealed that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were hacked by the Russia-linked SVR (aka APT29, Cozy Bear, and The Dukes) during the SolarWinds attack.
The news of the intrusion was first acknowledged in a statement issued by DoJ on January 6, 2021, at the time the Department said that this activity constituted a major incident under the Federal Information Security Modernization Act (FISMA). After learning of the security breach, the Office of the Chief Information Officer fixed the issue exploited by the hackers and notified the appropriate federal agencies, Congress, and the public as warranted.
According to DoJ, the state-sponsored hackers compromised the Office 365 email accounts of at least 80 percent of employees from US Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York. The intrusion took place between May 7 to December 27, 2020."
Other Industry News
Hackers ditch FIFA 21 secrets online after failed extortion attempt - TechRadar
Euro watchdog will try to extract $900m from Amazon for breaking data privacy laws – The Register
Microsoft Warns of 'Crafty' Phishing Campaign - Dark Reading
Average Cost to Buy Access to a Compromised Company: $1,000 – Dark Reading
Fourfold increase in software supply chain attacks predicted in 2021- report - The Daily Swig
The lifecycle of a breached database – Krebs on Security
The State Department and 3 other US agencies earn a D for cybersecurity - Ars Technica
CISA Launches New Vulnerability Disclosure Policy Platform - Dark Reading
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.