Welcome back to our latest security news wrap-up!
This week, the news began to shift a bit from the SolarWinds hack. Granted, there is still news related to it, but other stories were more prominent.
For one, on Sunday, New Zealand's central bank revealed that it was urgently responding to a "malicious" breach of one of its data systems. The Reserve Bank of New Zealand (RBNZ) announced that a third-party file-sharing service used by the bank to share and store some sensitive information was illegally accessed. However, the breach was supposedly contained and the bank's main functions "remain sound and operational."
One of the biggest developments of the week was around the European Medicines Agency (EMA), which confirmed on Tuesday that some of its data related to companies – including Moderna's COVID-19 vaccine and treatments – have been leaked on the internet by hackers. The EMA was the victim of a cyber attack in December, leaving data from Moderna and other third parties ripe for the picking. Fortunately, the organization remains fully functional and timelines related to evaluating and approving COVID-19 medicines and vaccines have not been affected.
Also, in Covid-19 news, CheckPoint says cybercriminals on the dark web have been advertising available Coronavirus vaccines at $1,000 a pop in bitcoin. The ads did not specify whether they were selling the Moderna or Pfizer vaccine. Several listings even offered faulty information regarding the vaccine doses, with one advertisement claiming the vaccine required 14 doses per person. Official medical protocol calls for two doses.
Meanwhile, yet another Advanced Persistent Threat (APT) group, Iranian cyber-espionage group Charming Kitten, used the recent holiday break to conduct global attacks using a very sophisticated spear-phishing campaign that involved not only email attacks but also SMS messages. CERTFA, a cybersecurity organization specialized in tracking Iranian operations, said it detected attacks targeting members of think tanks, political research centers, university professors, journalists, and environmental activists. The victims were located in countries around the Persian Gulf, Europe, and the US.
Ethical hacking and security research group Sakura Samurai disclosed their findings on a vulnerability that let them access over 100,000 private records of United Nations Environment Programme (UNEP) employees.
Finally, in a positive move, what is thought to the world's largest illegal marketplace on the dark web – DarkMarket – has been taken offline. The effort was an international collaboration involving law enforcement agencies in Australia, Denmark, Germany, Moldova, Switzerland, Ukraine, the United Kingdom, and the USA. At the time of its closure, had almost half a million users and more than 2,400 vendors selling a broad range of illicit merchandise, from stolen credit card details, illegal drugs, counterfeit money to anonymous SIM cards and malware.
That is a wrap for this week. Check out all the stories included in this post – there’s lots of good stuff here.
Have a great weekend!
Amy
Top Global Security News
BusinessInsider India (January 13, 2021) Online scammers are trying to sell COVID-19 vaccines on the dark web for as much as $1,000 in bitcoin
"Vendors on the dark web have been releasing ads for the coronavirus vaccine asking for payments for as much as $1,000 worth of bitcoin, according to a Tuesday report from cybersecurity firm Check Point.
While vaccine scamming on the dark web has been prevalent since the first vaccine was authorized for emergency use in December, the number of ads and price for the unspecified vaccine doses have continued to go up. Check Point found over 340 ads in 34 pages, while there were only 8 pages worth of advertisements last month.
The ads did not specify whether they were selling the Moderna or Pfizer vaccine. Several listings even offered faulty information regarding the vaccine doses, with one advertisement claiming the vaccine required 14 doses per person. Official medical protocol calls for two doses."
ZDNet (January 13, 2021) Iranian cyberspies behind major Christmas SMS spear-phishing campaign
"An Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) has used the recent winter holiday break to attack targets from all over the world using a very sophisticated spear-phishing campaign that involved not only email attacks but also SMS messages.
'Charming Kitten has taken full advantage of this timing to execute its new campaign to maximum effect,' said CERTFA, a cybersecurity organization specialized in tracking Iranian operations.
'The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents,' it added."
InfoSecurity (January 12, 2021) World's Largest Illegal Dark Web Marketplace Taken Down
"What could be the world's largest illegal marketplace on the dark web has been taken offline in an international operation involving law enforcement agencies in Australia, Denmark, Germany, Moldova, Switzerland, Ukraine, the United Kingdom, and the USA.
At the time of its closure, DarkMarket had almost half a million users and more than 2,400 vendors selling a broad range of illicit merchandise. Among the goods advertised for sale were stolen credit card details, illegal drugs, counterfeit money, anonymous SIM cards, and malware.
At least 320,000 transactions were carried out via the marketplace, involving the transfer of more than 4,650 bitcoin and 12,800 monero (a sum equivalent to more than $170m). Because of its location on the dark net, DarkMarket was accessible only to internet users with specialized identity-cloaking tools."
The Hill (January 12, 2021) European agency says hackers leaked stolen COVID-19 vaccine
"The European Medicines Agency (EMA) announced Tuesday that hackers had leaked information on COVID-19 vaccines stolen as part of a breach discovered late last year.
'The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet,' the EMA reported in a statement. 'Necessary action is being taken by the law enforcement authorities.'
The update comes a month after both Pfizer and BioNTech, and later Moderna, said the EMA had informed the companies that some evaluation documents had been accessed in the cyberattack on the agency."
Bleeping Computer (January 11, 2021) United Nations data breach exposed over 100k UNEP staff records
"Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP).
The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated with UNEP employees.
Ethical hacking and security research group Sakura Samurai have now disclosed their findings on a vulnerability that let them access over 100,000 private records of United Nations Environment Programme (UNEP) employees."
DW.com (January 10, 2021) New Zealand central bank hit by cyberattack
"On Sunday, New Zealand's central bank reported that it was responding with urgency to a 'malicious' breach of one of its data systems.
The Reserve Bank of New Zealand (RBNZ) announced that a third-party file-sharing service used by the bank to share and store some sensitive information was illegally accessed.
RBNZ Governor Adrian Orr said the breach had been contained and the bank's main functions 'remain sound and operational.'"
Other Industry News
Here's How Tech Policy Will Change In The Biden White House: NPR
A Facebook case in Belgium could open the floodgates for GDPR privacy suits
New proposed rule requires banks to notify regulators within 36 hours of a cybersecurity incident
Third malware strain discovered in SolarWinds supply chain attack | ZDNet
Russia-linked postcard was “sent to FireEye’s CEO after cybersecurity firm uncovered hack”
More municipalities turn their attention to cyber insurance solutions
Snapshot: The countries where cyberattacks on LatAm (apparently) originated in 2H20
States, Local Areas See Common Tech Challenges for 2021 (govtech.com)
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
