Hello, and hoping that all our readers are staying healthy.
It is probably not much of a surprise, but the current cybersecurity theme is all Coronavirus, all the time. As you’ll see below, hackers are causing even more havoc than usual with phishing attacks.
Late last week, the U.S. Health and Human Services Department suffered a cyber-attack on its computer system, which may or may not have been the work of a foreign actor. Then, Forbes published a report how on Monday alone, the number of coronavirus-themed attacks spiked significantly with a wave of 2,500 infections of just two strains of malware. Throughout the week, hackers then turned their attention to the many millions of people now working from home.
GlobalSign will continue to keep track of all the stories impacting cybersecurity here on our blog. In the meantime, stay informed, and stay strong!
Top Global Security Stories
Tech Republic (March 19, 2020) Healthcare devices at higher cybersecurity risk now due to COVID-19
"Even as the coronavirus continues its unrelenting spread across the country and hospitals are gearing up for what is expected to be a massive influx of sick patients, they are on their back foot when it comes to cybersecurity.
According to research from Atlas VPN, 83% of healthcare systems are running on outdated software. Atlas based part of its findings on a Palo Alto Networks survey of 1.2 million Internet of Things (IoT) devices used in thousands of healthcare organizations across the US. Palo's survey found that 56% of devices were still running on the Windows 7 operating system, which Microsoft stopped supporting in January of this year.
'Due to the COVID-19 outbreak, hospitals are using patient monitoring devices more than ever,' said Rachel Welch, Atlas VPN's COO. 'Research shows that one-in-four such devices have security issues. Based on these numbers, Atlas VPN estimates that cybercriminals will be focusing on the healthcare sector in 2020.'"
Fortune (March 18, 2020) How hackers are exploiting the coronavirus — and how to protect yourself
"Several recent attacks have attempted to leverage the coronavirus by getting people to click on links in messages about the illness, according to a report by cybersecurity firm Nocturnus on Wednesday. Hackers have also tried to use the influx of people working at home because of the virus to their advantage.
Chief among the techniques are coronavirus-themed phishing campaigns targeting countries hard-hit by the coronavirus, including China, Japan, South Korea, and Italy. As with many other phishing efforts, the hackers’ goal is to get a user to click on an emailed link that downloads malicious malware, which can be used to steal victims’ personal data or freeze their computers."
Education Week (March 17, 2020) Coronavirus Compounds K-12 Cybersecurity Problems: 5 Areas to Watch
Cybersecurity experts have warned about coronavirus pandemic-related phishing scams targeting all sectors of the economy, from health care and consumer products to banking. Now, schools are being warned to be extra vigilant too.
Doug Levin, the founder and president of the K-12 Cybersecurity Resource Center, pointed out that schools have long been the subject of “drive-by” phishing scams: mass blasts of dubious emails looking to gather personal information. In recent years, they’ve also been hit with more sophisticated and targeted attacks.
The coronavirus pandemic, Levin said, compounds the problem.
Bloomberg News (March 16, 2020) Cyber-Attack Hits U.S. Health Agency Amid Covid-19 Outbreak
The U.S. Health and Human Services Department suffered a cyber-attack on its computer system, part of what people familiar with the incident called a campaign of disruption and disinformation that was aimed at undermining the response to the coronavirus pandemic and may have been the work of a foreign actor.
“We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly,” John Ullyot, a spokesman for the National Security Council, said in a statement. “HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks.”
He said, “HHS and federal networks are functioning normally at this time.”
Forbes (March 16, 2020) 2,500 Attacks In Less Than A Day: Coronavirus Scammers Just Went Into Overdrive
The number of coronavirus-themed attacks spiked significantly on Monday, a cybersecurity researcher reported.
A wave of 2,500 infections of just two strains of malware were all delivered in COVID-19-themed emails between 10am and 5pm CET today, were discovered by Jiri Kropac, a researcher at cybersecurity company ESET. In the days before, the number of infections were only in the tens, he said.
He told Forbes he thinks hackers are made up of two different groups, though he didn’t have any more information on either. Their malware either tries to get leverage on a computer in order to download more malicious software, or it steals personal information from an infected computer. They both target Microsoft Windows machines only. The top five most-targeted countries include Spain, Portugal, Czech Republic, Malaysia and Germany.