Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
The FBI has seen a spike in cybercrime reports since the onset of the COVID-19 pandemic. “We’ve seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion,” says FBI assistant director Tonya Ugoretz, a ZDNet article reports. Additionally, foreign hackers continue to target U.S.-based COVID-19 research, mainly targeting the national healthcare sector and medical research institutes. The National Counterintelligence and Security Center (NCSC) cautions about who you do business with, “With supply chains in turmoil during COVID-19, many organizations are turning to alternate vendors and suppliers. Some vendors may be insecure or compromised by threat actors seeking to access your data. Adversaries increasingly use third-party suppliers as attack vectors.”
The healthcare sector is getting hit from all angles. The temporary hospitals and medical centers are “rife with cybersecurity vulnerabilities,” according to Healthcare IT News, due to the fact that they are remote and sit outside of a defense-in-depth architecture. Tom Burt, corporate vice president of Microsoft Customer Security & Trust, concurs, “They are being set up quite quickly with constrained budgets, and the budget for those is not on IT, it’s on PPE, patient care, getting testing set up, everything a center should be focused on during this crisis.” State actors are looking for the most vulnerable point in a communications network. Burt encourages that healthcare organizations take some immediate steps:
- Make sure software is updated and fully patched
- Enable two-factor authentication for every account to the center’s system
- Ensure the system is backed up offline
Reporter Nathan Eddy makes the point that “hospital administrators already fight on a daily basis to patch, upgrade, and maintain physical systems within predefined facilities, and these systems are available 24/7, 365 days a year, which means there is a constant routine to maintain security hygiene.” Natali Tshuva, CEO and cofounder of Sternum, said it’s the rapid deployment of these temporary medical units that concerns her the most. “Because we are establishing these units so quickly, there simply is not enough time to build the proper IT infrastructure to protect the overall network, either via an effective firewall or through other cybersecurity measures.”
“The novel coronavirus has created a raging contest between cybercriminals piggybacking on the disease for scams and defenders trying to protect a populace more reliant on the Internet than ever,” write Washington Post reporters Joseph Marks and Tonya Riley in a pandemic-meets-cybersecurity article. The U.S. Department of Justice has disrupted hundreds of websites that were exploiting the virus to commit fraud. The FBI’s Internet crime center is urging people to be on guard against strangers requesting personal or medical information.
Increase in phishing scams
Coronavirus phishing scams are taking advantage of employees working from home for the first time. According to ZDNet, there has been a string of attacks designed to exploit confusion, with the goal to steal passwords and login details or steal corporate information. Just this last month, “more than 2,000 online scams related to coronavirus in the last month, including 471 fake online shops selling fraudulent coronavirus-related items, 555 malware distribution sites, 200 phishing sites and 832 advance-fee frauds, where a large sum of money is promised in return for a set-up payment.”
Individuals and organizations of all sizes can double-check these six tips from the UK’s National Cyber Security Centre, detailed in full on the NCSC website:
- Turn on two-factor authentication for important accounts
- Protect important accounts using a password of three random words
- Create a separate password that you only use for your main email account
- Update the software and apps on your devices regularly (ideally set to ‘automatically update’)
- Save your passwords in your browser
- To protect yourself from being held to ransom, back up important data
With an increased remote workforce, individuals need to be aware of the latest Skype phishing attacks that are targeting passwords. According to ThreatPost, reporter Lindsey O’Donnell writes that the campaign is one of many looking to leverage the wave of remote workers who now rely on online conferencing tools such as Webex, Skype, and Zoom. “With this upward spike in online meetings, compromised Skype credentials could be sold on underground forums, or used to log into accounts where sensitive files and data are shared,” she writes. “With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures,” said Cofense researchers, who issued the report.
New email security vulnerabilities have also surfaced around Apple iPhones. TechCrunch’s Zack Whittaker writes that researchers say that hackers have already used this vulnerability to steal data from victims’ devices. The bug is in the iPhone default Mail app. “By sending a specially crafted email to the victim’s device, an attacker can overrun the device’s memory, allowing the attacker to remotely run malicious code to steal data from the device,” said Zuk Araham, chief executive with ZecOps. Until Apple issues a patch, high-risk users should disable the Mail application for now.
Partner blog of interest: Zscaler: 30,000 Percent Increase in COVID-19-Themed Attacks