Hello and thanks for stopping by our blog again. It’s been another active week. Here’s a breakdown of some of the top stories in cybersecurity right now.
The US Department of Justice seized and shut down a fake Covid-19 website in the last several days. “Freevaccinecovax.org” appeared to be a website for a biotech company, but in reality it was a site used for fraudulent activities, phishing and malware deployment.
A large healthcare provider in California has been affected for nearly a week after a May 1 cyber attack. As a result of the attack, patients of San Diego-based Scripps Health are resorting to Facebook comments to inquire about the status of their appointments. The organization has also been forced to revert to paper records for documenting patient encounters and has also suspended access to its IT applications, including online patient portal.
In Chicago, Illinois Attorney General's office is trying to recover from a ransomware attack that took place last month. A ransomware gang penetrated the Attorney General's computers and took control of a large amount of confidential files which contain case information and personal data, essentially locking down the system office and statewide. Lawyers for the state are using their own personal email accounts while some private attorneys are unable to access case files and other resources.
Then in Alaska, the court system there was also attacked. The malware attack last week on Alaska’s court system has forced nearly all its IT systems offline. Impacted systems include the state’s electronic filing system, court calendars, online payments of bail and court fees, virtual hearings and external emails for court employees. Currently officials believe that no personal information of employees or court records were compromised, nor do they have evidence that any credit card numbers used to pay fees and fines were exposed.
On the other side of the pond, a large-scale cyber attack has been carried out against Belgium. The attack on Belnet - which counts the Belgian Parliament as a customer, along with numerous higher education, university establishments and research centers - was the target of a large-scale denial-of-service (DDoS) attack on Tuesday. It is worth pointing out that much of the media got this story wrong, stating that it was the Belgium Parliament that was first attacked. But it was not. Kudos to GlobalSign’s Arnaud Vanderroost, who is based in our Belgium office, for sharing the correct information!
Universities, scientific institutions and police services have also been impacted by the attack. The attack, which occurred on Tuesday, was a distributed denial of service (DDoS) attack that overloaded its servers, preventing the availability of online services. Websites with .be domains were impacted.
Finally, a very intriguing article in Wired tells the story of an extremely popular mental health start up in Finland that was attacked several months ago. When hackers broke in, they leaked liiterally everything the patients revealed to their therapists. To add salt to the wound, the hackers then demanded money from the patients. A deeply upsetting story for sure.
That is all for this week. Hope you are finding the stories we highlight each week insightful.
Enjoy the weekend!
Top Global Industry News
ZDNet (May 5, 2021) Justice Department seizes fake COVID-19 vaccine website stealing info from visitors
"A fake COVID-19 vaccine website stealing visitors' data has been shut down by the Justice Department, according to the U.S. Attorney's Office for the District of Maryland.
The people behind 'freevaccinecovax.org' made the website look like it for a biotechnology company working on the vaccine for COVID-19, but it actually was being used by cybercriminals for 'fraud, phishing attacks, and/or deployment of malware.'
The site now has a large banner saying it has been seized by the federal government."
Becker’s Hospital Review (May 5, 2021) Scripps sites still down; patients turn to Facebook for answers
"Scripps Health websites are still down after a May 1 cyberattack, and patients are turning to Facebook to see if their appointments and surgeries are still on.
The San Diego-based system last updated its Facebook and Twitter accounts May 2, noting that it suspended user access to its IT applications, including online patient portal MyScripps and www.scripps.org.
Patients have been using Facebook's comments to inquire about the status of their appointments. When one patient asked whether a procedure scheduled for May 4 was canceled, a Scripps spokesperson asked the user to send a direct message with their name, date of birth, procedure location and physician's name to be directly contacted with more information. The spokesperson advised patients to present for appointments and surgeries as planned unless they hear otherwise."
State Scoop (May 5, 2021) Cyberattack knocks Alaska courts offline
"The Alaska Court System has taken nearly all its IT systems offline following a cybersecurity incident last week.
The deactivated systems include the state’s electronic filing system, court calendars, online payments of bail and court fees, virtual hearings and external emails for court employees. A statement on the Alaska courts’ main website attributes explains the outages were necessary 'to remove malware from its servers.'
The statement goes on to say that officials currently do not believe any employees’ personal information or court records were compromised, nor do they have evidence that any credit card numbers used to pay fees and fines were exposed."
Euractive (May 5, 2021) Belgium suffers major cyberattack
"Belgium suffered a major cyberattack on Tuesday, Belgian media reported, affecting many of its key institutions. It’s origin is still unknown.
Belnet’s internet network, which connects public institutions, higher education and university establishments, research centres and public administrations, has been the target of a large-scale denial-of-service (DDoS) attack since 12pm on Tuesday, spokeswoman Davina Luyten said. A DDoS attack is when a third party overloads servers by sending them a large amount of data.
Although DDoS attacks happen regularly, this one was of a scale which reportedly completely exceeded the capacity of the Belnet network."
Bleeping Computer (May 4, 2021) Twilio discloses impact from Codecov supply chain attack
"Cloud communications company Twilio has now disclosed that it was impacted by the recent Codecov supply-chain attack in a small capacity.
As reported by BleepingComputer last month, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months.
During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers' CI/CD environments."
ABC7 Chicago (May 4, 2021) Cyber-attack on Illinois Attorney General's office appears far worse than first thought
"Illinois' top law enforcement agency has been under attack now since at least April 10. A ransomware gang penetrated the Attorney General's computers and took control of countless confidential files, containing case information and personal data, essentially locking down the system office and statewide.
They are the lawyers for the state and they are having to use personal email addresses to communicate, according to court records. Some private attorneys say they are unable to access needed case files and other resources.
As the attack drags on, cyber thieves apparently are refusing ransom demands. They've already published private information according to The Record, a cybersecurity watchdog."
Other Industry news
Booking.com Fined By Dutch DPA For Breach Notice Delay - Lexology
Alabama school system fends off cyber attack – AL.com
Researchers find two dozen bugs in software used in medical and industrial devices - Cyberscoop
An ambitious plan to tackle ransomware faces long odds - Ars Technica
The Hack of a Small Tech Vendor Casts a Wide Net - Wall Street Journal (requires a subscription)
They Told Their Therapists Everything. Hackers Leaked It All - WIRED
Stop ransomware by preventing Active Directory exploitation – SC Magazine
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
