Last week, some hackers made a promise to take a reprieve from targeting healthcare systems during the coronavirus outbreak; however, Reuters has reported, “Elite hackers tried to break into the World Health Organization earlier this month, part of what a senior agency official said was a more than two-fold increase in cyberattacks.”
Experts continue to warn about hackers exploiting unsuspecting victims with coronavirus scams, and The Hill reported that senators are increasingly concerned about cyberthreats to Internet connectivity during this global pandemic. According to a recent blog post from Trend Micro, attackers are targeting iOS users in Hong Kong with a watering hole attack that has embedded a hidden iframe in links to multiple news stories in order to deliver malicious code.
Indeed, all these threats can cause unrest, particularly for organizations and government agencies that are relying on video conferencing platforms to conduct business. Additionally concerning for many businesses around the globe is that they “do not have the technical infrastructure in place to support long-term remote working,” according to Infosecurity Magazine. We are living in uncertain times, and this can sometimes induce fear, uncertainty and doubt, which is why it is important to balance the FUD with optimism and stories of good will.
And there is lots of good will coming from the security community. Exemplified in what Security Innovation’s Chad Holmes called “The Power of Community,” organizers of cybersecurity conferences have quickly pivoted to offering virtual events where professionals can meet with each other to exchange ideas and educational information. Tech leaders are stepping up to help the UK’s National Health Service (NHS) fight the coronavirus “by analyzing data to determine where resources including ventilators, hospital beds and doctors will be needed most.” Also, as a gesture of good will during the coronavirus outbreak, Kaspersky announced it will give healthcare organizations six months of the company’s free enterprise security software.
Here’s a look at what else has been going on in the industry this week.
Mar. 27: GitHub announced it has paid out over $1 million in bug bounties to security researchers.
Mar. 26: Apple® announced that the latest update to its Safari browser is now able to block all third-party cookies by default.
Mar. 25: KrebsOnSecurity warned that some US government websites are sending the wrong security message by stating (as the US Census Bureau website does) that “The https:// ensures that you are connecting to the official website… .”
Mar. 25: Researchers at Malwarebytes Labs discovered Tupperware had been compromised by Magecart when they noticed the “digital credit card skimmer disguised inside an image file.”
Mar. 25: The FBI reportedly shut down an illicit website that was used as “a clearinghouse for stolen personal data” along with a forum on which cybercriminals were buying and selling stolen goods.
Mar. 25: “Researchers have unearthed an attack campaign that uses previously unseen malware to target Middle Eastern organizations, some of which are in the industrial sector,” Ars Technica reported.
Mar. 24: Veering outside of its normal patching schedule, Adobe released a fix for a critical flaw in its Creative Cloud Desktop Application for Windows.
Mar. 23: According to ZDNet, “the Federal Communications Commission (FCC) has granted AT&T, Verizon, T-Mobile, and US Cellular temporary access to more wireless spectrum access to bolster nationwide access.”