Welcome back to GlobalSign’s weekly news round-up.
According to a new report from the Canadian Internet Registration Authority, more than a quarter of Canadian IT workers say their company was the victim of a Covid-19 related cyber attack this year. In addition, slightly more than half said new cybersecurity protections were implemented as a result of the virus. Also concerning is that 25% of the organizations surveyed reported experiencing a data breach of customer and/or employee data last year. Worse, 38% of organizations were not sure if they had been hit by a data breach or not.
Philadelphia-based eResearchTechnology – a provider of software used in hundreds of clinical trials -- suffered a ransomware attack which began in September. Employees discovered they were locked out of their clinical trial data—data, in some cases, being gathered for COVID-19 vaccine trials. While clinical trial patients were not at risk, researchers who used the software indicated the attack forced them to track patients with pen and paper.
In Europe, ten days following a significant ransomware attack, French container shipping line CMA CGM has yet to get its eBusiness functions back online and is currently relying on Twitter to engage with customers. CMA CGM is also directing clients to a manual booking form to reserve shipments.
In Ireland, Airbnb is in some hot water. The company could face a “massive” GDPR fine for a data breach that allowed some of its users in Europe and globally to view other hosts’ private inboxes last month.
Some Airbnb hosts reported seeing other hosts’ private inboxes, rather than their own, as discussions between hosts and guests, including addresses and codes to enter the properties, were revealed. The reported ‘glitch’ was swiftly communicated in Airbnb group discussions online and confirmed to be worldwide. According to Airbnb, no personal information is believed to have been misused and payment information was not accessible at any point. Time will tell what happens next.
Europol, the European Union’s law enforcement agency, issued a warning this week that cybercrime has spiked over the past year, much of due to the COVID-19 pandemic. It’s findings were detailed in its annual Internet Organised Crime Threat Assessment, released Monday. The assessment highlighted ransomware attacks, such as those targeting health care organizations, as one of the most persistent cyber threats during the pandemic, including attacks involving hackers threatening to auction off data if a ransom is not paid. The report also took a very dark turn as livestreaming of highly disturbing activities involving children has increased during the pandemic. Other concerns have involved SIM swapping, in which the hacker takes over a SIM card on the individual’s phone to intercept a two-factor authentication code, and the increased use of the dark web for criminal activities.
To close out on a humorous note – because it’s so necessary these days – definitely check out the Forbes article below about a hacker who uploaded his own fingerprints to a crime scene!
That’s our update for the week. We’re hoping you’ll take a few minutes to read through the articles we’ve selected. Have a great weekend!
Top Global Security News
InfoSecurity (October 7, 2020) Canada Bombarded with COVID-19-Themed Cyber-attacks
"More than a quarter of Canadian IT workers say their organization has suffered a COVID-19-themed cyber-attack, according to a new survey.
The '2020 Cybersecurity Report' released today by the Canadian Internet Registration Authority (CIRA) surveyed more than 500 Canadian IT security decision-makers to learn more about their experience with cyber-threats.
Key findings of the report include that one-third of respondents said their organization was targeted by a COVID-19-related cyber-attack. Among the threats recorded by the survey were fake contact-tracing apps and phishing attacks that exploited COVID-19 test results."
Splash247.com (October 7, 2020) Ten days on and CMA CGM is still struggling to get all its systems back online
"In the 10th day since French container shipping line CMA CGM was hit by ransomware, the company has yet to get its eBusiness functions back online and is now resorting to Twitter to engage with clients.
The ecommerce websites for CMA CGM, APL, ANL and CNC remain unavailable. In their place, the French liner has installed an online booking link for existing eCommerce accounts, which will be directly processed in the group’s system and confirmed by email by a local agency. This alternative service is available for dry containers and port-to-port.
CMA CGM is also directing clients to a manual booking form as well as INTTRA’s platform to book shipments. With updates in short supply and clients increasingly irritated at the lack of communication on the IT outage, CMA CGM has taken to answering customer questions via direct messages over Twitter in the last 24 hours."
Biospace (October 5, 2020) Clinical Trial Software Company Hit by Massive Ransomware Attack
"Last week, Universal Health Services (UHS) was hit by a massive ransomware attack, which is believed to be one of the largest cyberattacks on a medical institution in the U.S.
Now, Philadelphia-based software company eResearchTechnology (ERT), which offers software used in hundreds of clinical trials, has suffered a ransomware attack. The attack apparently began two weeks ago. Staffers at the company found they were locked out of their clinical trial data—data, in some cases, being gathered for COVID-19 vaccine trials.
ERT indicates clinical trial patients were not at risk, but researchers who used the software indicated the attack forced them to track patients manually—with pen and paper."
The Hill (October 5, 2020) European Union police agency warns of increase in cybercrime due to pandemic
"Europol, the European Union’s law enforcement agency, warns that cybercrime has spiked over the past year in large part due to the COVID-19 pandemic.
Europol’s findings were detailed in its annual Internet Organised Crime Threat Assessment, released Monday. The assessment highlighted ransomware attacks, such as those targeting health care organizations, as one of the most persistent cyber threats during the pandemic, including attacks involving hackers threatening to auction off data if a ransom is not paid."
Short Term Rentalz (September 30, 2020) Airbnb at risk of “massive” fine for data protection breach
"Airbnb is facing a potentially 'massive' fine under GDPR [General Data Protection Regulation] legislation after notifying the Irish Data Protection Commission of a data breach that allowed some of its users in Europe and around the world to view other hosts’ private inboxes last week.
The home-sharing platform informed the data protection tsar in Ireland, which is responsible for the enforcement of GDPR legislation across all of Europe. Incidentally, Airbnb’s European data is hosted by its Dublin branch.
It comes as the company’s users reported a ‘glitch’ in Airbnb group discussions online last Thursday, while screenshots of the errors were shared online on social networks such as Reddit, Twitter and private group chats."
Other Industry News
New Bill from USA for Blockchain Based Digital Signature
Proposition 24: Big Tech quiet in California data privacy initiative fight
Connected Vehicles Covered By Data Protection Laws
What businesses can learn from Hartford’s ransomware attack
Facebook, Belgian Data-Protection Watchdog Face Off at EU High Court
UHS Health System Confirms All US Sites Affected by Ransomware Attack
A Look-Back and Ahead on Data Protection in Latin America and Spain
Hacker Uploads Own Fingerprints To Crime Scene In Dumbest Cyber Attack Ever
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
