Welcome back to our latest security news wrap-up!
Well, miraculously we’ve made it through one whole week without a large-scale ransomware attack. How refreshing! Naturally, there are a few smaller-scale events being reported, but nothing the magnitude of what we experienced in 2020. Let’s hope things stay that way! But what is happening? Here’s a rundown.
Some of the laptops distributed by the UK Department for Education to vulnerable students have been found to be infected with malware. The BBC reported that some teachers shared details on an online forum about suspicious files found on devices sent to a school. The malware, detected on laptops at a handful of schools, was supposedly contacting Russian servers. The Department for Education said it was aware and urgently investigating.
The World Economic Forum’s released its annual Global Risks Landscape which said that “cybersecurity failures present a major risk.” The esteemed organization listed cybersecurity failure was listed fourth in a poll among its members. While digitalization marches on worldwide, the report does express concerns about it, arguing that the “rapid digitalization” is significantly increasing companies’ cybersecurity exposures and created more complex and potentially less secure networks.
Once again, the FBI has announced a cybersecurity-related warning, this time regarding an increase in voice phishing attacks aimed at capturing the login credentials of employees. In the specific attacks referenced by the FBI, the criminals speak with company employees on a VoIP call and persuade them to sign into a phishing page to steal their usernames and passwords. After capturing these credentials, the attackers manage to gain access to the corporate network where they can easily cause further damage.
Meanwhile, the U.S. Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than nine million people between late 2013 and May 2015.
Also this week, the Scottish Environment Protection Agency (SEPA) confirmed that it was hit by a ransomware attack last month and is continuing to feel the impact. The organization also confirmed that 1.2GB of data was stolen – including personal information relating to SEPA staff.
Finally, a new California-based coalition of cybersecurity and tech groups is looking to create a roadmap for countering the surge of ransomware attacks that plagued city governments, schools and hospitals in 2020. The group aims to produce recommendations that will help governments and the private sector tackle the scourge of ransomware attacks.
That’s a wrap! Grab a cup of joe to check out this week’s stories. Have a great weekend!
Top Global Security News
Bleeping Computer (January 21, 2021) UK govt gives malware infected laptops to vulnerable students
"Some of the laptops distributed by the UK Department for Education (DfE) to vulnerable students have been found to be infected with malware as reported by the BBC.
The devices are given out for free by the government to support disadvantaged students unable to access remote education during the COVID-19 pandemic, including children and young people who have no digital devices, have only a smartphone, or share a single device with other family members."
Silicon Angle (January 20, 2021) World Economic Forum pegs cybersecurity failure as a major global risk
"Cybersecurity failure presents a major risk facing the world this year and well beyond, according to the Global Risks Landscape 2021 report published by the World Economic Forum.
Although infectious diseases, in particular the ongoing COVID-19 pandemic topped the 'clear and present dangers' short-term risk (up to two years) chart, cybersecurity failure ranked fourth in a poll among WEF members. 'Knock-on effects,' medium-term risks (three to five years) saw cybersecurity rank in eighth place.
'Business, government and household cybersecurity infrastructure and/or measures are outstripped or rendered obsolete by increasingly sophisticated and frequent cybercrimes, resulting in economic disruption, financial loss, geopolitical tensions and/or social instability' the report notes."
Tech Republic (January 19, 2021) FBI warns of voice phishing attacks targeting employees at large companies
"The FBI is cautioning companies to beware of a slew of voice phishing attacks aimed at capturing the login credentials of employees.
In an advisory released last Thursday, the FBI revealed that as of December 2019, cybercriminals have been working together on social engineering campaigns targeting employees at large firms both in the US and abroad. The criminals are taking advantage of VoIP platforms to launch voice phishing, or vishing, attacks.
In the specific attacks referenced by the FBI, the criminals speak with company employees on a VoIP call and persuade them to sign into a phishing page to steal their usernames and passwords. After capturing these credentials, the attackers manage to gain access to the corporate network where they can easily cause further damage."
CyberScoop (January 19, 2021) Health insurer Excellus penalized $5.1M by HHS for data breach
"The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015.
The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR).
The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020."
ZDNet (January 18, 2021) Ongoing ransomware attack leaves systems badly affected, says Scottish environment agency
"The Scottish Environment Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and is continuing to feel the impact.
SEPA's contact centre, internal systems, processes and internal communication have all been affected by the attack, which hit on Christmas Eve. The organisation, which is Scotland's government regulator for protecting the environment, has also confirmed that 1.2GB of data has been stolen as part of the attack – including personal information relating to SEPA staff.
Despite the ransomware attack, SEPA's ability to provide flood forecasting and warning services, as well as regulation and monitoring services, has continued."
The Hill (January 17, 2021) New coalition aims to combat growing wave of ransomware attacks
"A new coalition of cybersecurity and tech groups is looking to create a roadmap for countering the surge of ransomware attacks that plagued city governments, schools and hospitals in 2020.
'You see ransomware as not just an increasing security threat, it is to the level of now where it’s putting hospitals, children, the elderly, financial institutions, everyone at risk,' Philip Reiner, executive chairman of the Institute for Security and Technology’s Ransomware Task Force, told The Hill. 'As a result, we were seized with the idea that creating a collaborative cross-sectoral grouping that is looking at it from a comprehensive, top-down policy approach could potentially have more effect,' Reiner added.
The California-based nonprofit aims to produce recommendations that will help governments and the private sector tackle the scourge of ransomware attacks."
Other Industry News
Microsoft: This is how the sneaky SolarWinds hackers hid their onward attacks for so long
Most Financial Services Have Suffered COVID-Linked Cyber-Attacks
Joker’s Stash Carding Market to Call it Quits
Brazil to appoint data protection officers in all federal government bodies
Challenges and opportunities for insurance brokers placing cyber risk
Chile Opens First “5G” Test Area In Latin America
A hard drive with ‘vital information’ on SEPTA’s ransomware attack has been missing for months
How this Welsh business is tackling Brexit and protecting society from cyber attacks
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.