Search This Blog

Showing posts with label COVID-19. Show all posts

Ryuk Ransomware: What Can We Learn From DCH Cyberattack?

Hackers have profited a lot from the Covid-19 pandemic by targeting health institutions, let us look back and learn from these attacks. For a very long time, cybercriminals have been attacking healthcare institutions, one fine example is the "DCH ransomware" attack. E Hacking News in this article analysis the events of the DCH ransomware incident, and how Alabama healthcare dealt with the attack.  

About the attack
Alabama's DCH health system was hit by a ransomware attack in October 2019. The attack forced DHS to shut down its 3 state units named- Fayette Medical Center, Northport Medical Center, and Tuscaloosa’s DCH Regional Medical Center. Because of the attack, the computer systems in the 3 hospitals stopped working and the hospital staff couldn't access important files and patient records. DCH took applied emergency measures to deal with the crisis, the hospitals took in critical patients, whereas non-critical cases were transferred off to other health institutions, and only admitted after 10 days.  

About DCH Ransomware 
Hackers attacked DCH systems using a strain of Ryuk ransomware, the malware used by Wizard Spider, a Russian hacking group. Ryuk uses malicious social engineering techniques and uses phishing attacks to trick users into opening false links. Once opened, the malware deploys itself with the target device. When Ryuk is successfully deployed, it gets into the system codes and stops the device from functioning. It is followed by encryption and the last step is demanding ransom.  

Aftermaths of the Ransomware Attack 
DCH couldn't continue it's healthcare services for 10 days due to the partial disruption caused by the ransomware. Four patients filed a lawsuit against DCH for violating "information privacy law" and affecting their medical treatment during the ransomware attack. The lawsuit stated, "because of the ransomware attack, plaintiffs and class members had their medical care and treatment, as well as their daily lives, disrupted." "As a consequence of the ransomware locking down the medical records of plaintiffs and class members, plaintiffs and the class members had to forego medical care and treatment or had to seek alternative care and treatment."

Security Analysis: The Rise of Cybercrime Underworld and Hacking Groups

During the Covid-19 pandemic, educational institutions, health agencies, and other significant organizations have suffered the most from cyberattacks. As if this was not enough, a massive wave of cyberattacks have risen against these institutions,  a new hacking group has emerged which uses modern techniques to attack its targets. The troublesome part is that these hackers are using an operational structure that is not very uncommon in the hacking underworld. Known as "Egregor," the hacking group has attacked more than 130 targets in recent months. 

The victims include logistics companies, schools, health agencies, the manufacturing industry, and financial agencies. The working of Egregor is similar to other ransomware, i.e. keeping hold of the data until the client pays the ransom money. There is but one minor change, Egregor's methods reveal the present structure of the hacking economy.  Instead of depending solely on lone wolfs (hackers) that orchestrate massive data breaches, or dark web platforms abundant with Russian threat actors, the hackers today work as a kind of unified group/team which acknowledges innovations and changes in the hacking industry. 

In other words, one can say that is a replica of Silicon Valley, but one that thrives on exploiting agencies for profit rather than building interactivity. Cybersecurity expert Jason Passwaters, CEO, Intel 471, says that there exist hackers which were active a long time ago and are still in the hacking game. They offer the same services as they used to back in the time, but the only change is now these hackers rely on each other, rather than working solely. Cybersecurity experts suggest that there might be up to 12 hackers involved in a data breach or a commodity cyberattack. The Egregor group isn't the only one. 

Hacking groups like Thanos, Conti, and SunCrypt that use similar malware strains, have also started operating in a cooperative way.  Cyberscoop reports, "it’s a style with roots in the mid-2000s when a hacker using the name “slavik” released the Zeus malware, a hacking tool that helped accelerate what’s known now as an affiliate model. The FBI has identified a Russian man, Evgeniy Bogachev, as “slavik,” and has listed him on the bureau’s list of most wanted fugitives. Bogachev’s Zeus malware is responsible for financial losses of more than $100 million, the FBI says, even as the creator has posed in ostentatious outfits in social media pictures." 

Hackers Demand Ransom After Major Cyber-Attack on the Antwerp Laboratory


Algemeen Medisch Laboratorium bvba, (AML) in the Antwerp district of Hoboken was attacked by hackers; the laboratory manages about 3,000 Covid-19 tests daily, which is about 5% of the nation's total. The cyberattacks amid the outbreak of Coronavirus have rampantly increased over the past year and this attack was nothing new but yet another addition to the newly surfaced theme of malware and ransomware attacks in the context of 'COVID-19'. 
 
Hackers attacked the laboratory website by installing ransomware into it, it brought the website to a standstill. As we have seen in the past as well in the case of ransomware attacks - the hackers are demanding a ransom before releasing the website from confinement. 
 
ICT manager Maarten Vanheusden has said, “that after detailed analysis by our security teams, it was decided to disengage the network as a safety measure and by this way we can see what exactly is infected”. He also said by this time there is no information of data being stolen and that they are taking all the precautionary measures. Furthermore, the origins of the attack remain unknown as of now. The traces linked back the hackers to China, Russia, and Iran.  
 
AML is the largest private lab in the country which is dealing with the COVID-19 problem. There is no clarity regarding the purpose of the attack, speculations could not exactly suggest that whether the hackers attacked the laboratory merely for ransom or they have other plans as well as data theft. The case is being handled by the federal Computer Crimes Unit after the lab reported the attack to the Antwerp prosecutor`s office. 
 
This is the second time in December that hackers have attacked the sites related to the Covid-19 pandemic. European Medicines Agency (EMA) was targeted in a cyber-attack; EMA is responsible for assessing and approving vaccines for the European Union. German biotech firm BioNTech said, “that the agency was attacked and some documents which were related to the regulatory submission for Pfizer and BioNTech’s Covid-19 vaccine had been unlawfully accessed". 
 
Hackers are targeting many healthcare and medical organizations especially during this Covid-19 outbreak for demanding ransom as well as to obtain the classified information related to the vaccines.

Active Cypher: Great Deal of Orchestration of Our Intelligence in AI into Existing Systems

 
Active Cypher: The company is built upon a socially responsible fabric, that provides information security for individuals and corporations in an increasingly complex digital age. The guest speaker for the interview was Mr. Michael Quinn, CEO, and Mr. Caspian Tavallali, COO Active Cypher. Active Cypher’s Ransom Data Guard utilizes a combination of Active Cypher’s proprietary encryption orchestration, smart AI, and advanced endpoint protection. 
 
Please tell us about your company Active Cypher? 
 

I am Michael Quinn, CEO of Active Cypher. We are a data protection company; we have an ethos within a company that the data needs to be able to protect itself wherever it is created. We have built a product line that offers those capabilities of protection against ransomware attacks through protecting data at the file level in the server environment and in the cloud. What our product allows us to do is be crypto agile. We can work with numerous encryption schemes. Once we are installed we basically back out of the situation and allow the client to run and trust their own data. 

 
Your company talked about game-changing software “Ransom Data Guard” that will protect organizations against ransomware threats. Please describe more about it. 
 
What we developed is a capability where understanding what ransomware has to do in order to take control of the device in a user environment. We built a product just before the Covid-19 and work from home culture started and we realized that people are using shared environments on the same device at home. So we basically allow the organization to encrypt the data down to the device level and protect it. The ransomware protection that we provide basically allows us to manage the files in such a way that they are not accessible to external sources like ransomware. We put this product along with our cloud fortress product to make sure that we were meeting compliance regulations. What we found after working with the law firms is we allow the companies to meet compliance through this capability if the product was ransomed or even if it was exfiltrated because we encrypt the data so the actual data itself is useless. On the ransomware side, the beauty of it is we allow a lot of flexibility in how the data can be stored and used. 
 
Besides ransomware protection, what are the other solutions Active Cypher provides? 
 
We do a great deal of orchestration of our intelligence in AI into existing systems, we integrate into Microsoft tools as well as we have APIs that can write to any of the tools that are out there. We don’t bring in to replace anything or add to anybody’s burden, we integrate into it with our information.  
 
Let’s say somebody opens a doc. file or they load up a doc. file which has an exploit. How do you handle that? 

If somebody uploads an exploit or malware and when it’s opened, because of the process we use to interrogate the document for its integrity, we will stop any process that is trying to intervene with the environment and we’ll put a warning out. What will happen is you’ll get an alert from us, let’s say you open up a “wannacry” as an example, you will get a screenshot saying “your device has been ransomed.” The reality is you can still open all your files. What we do is, with our cloud fortress product, we do a real-time backup. 
 
At a time when hospitals and medical institutions are struggling with Covid-19, how has Active Cypher protected them from ransomware threats? 

In most of the hospitals and medical environments, their IT staff lacked the sophistication to understand what was happening. Earlier, the attackers were not really trying to damage the data, they were trying to ransom it and return it. Now what the attackers are doing is, that they are actually getting into the environment and not going after the data because most of the hospitals have upgraded their capabilities along with using our products. Now, the hackers are attacking the IoT (internet of things) at the device level, which is more life-threatening. What we have done to help healthcare institutions is basically putting a “Data Guard” which is the stand-alone ransomware product on devices. 
 
How do you handle the GDPR (General Data Protection Regulation) and Privacy requirements when it’s the home environment? 

With “Data Guard,” the way the product is designed, it can be installed on a consumer device. In that environment it allows people to protect what they have like personal data or business data that they have on their device is protected. And that’s the simplicity of Data Guard, is the fact that it protects your device and the files on it and ensures that ransomware can’t launch successfully.  
 
With cyberattacks rising, is there any advice you can give to our readers on cybersecurity? 

Everybody has to be aware, you don’t have to be afraid. With the stress of work, particularly with this remote work environment, the user has to be more diligent. So, ease of use and awareness are probably the keys to maintaining good data hygiene.

British Drug maker AstraZeneca Working to Deploy the Covid-19 Vaccine Targeted by Suspected North Korean Hackers

 


There is no denying the fact that cyberattacks against health bodies, vaccine scientists and drug makers have risen to an extreme length during the Coronavirus pandemic as state-backed and criminal hacking groups scramble to acquire the most recent research conducted as well as the data about the outbreak.

Yet another example has come across in the recent times, as a British drug maker company races to deploy its vaccine for the Corona virus and a couple of suspected North Korean hackers attempted to break into its systems. 

According to sources, the hacking endeavored to focus on a "broad set of people" including staff working on the COVID research.

The Reuters report that, by posing like recruiters on the networking site LinkedIn and WhatsApp the hackers approached the staff of AstraZeneca with fake job offers and later sent documents which appeared to be job descriptions that were bound with malevolent code intended to access a victim's computer. 

The source, who basically spoke on the condition of anonymity to examine non-public data, said the tools and the methods utilized in the attacks demonstrated that they were important for a continuous hacking campaign that US authorities and cybersecurity researchers have 'attributed' to North Korea. 

The campaign was previously been centered around defence companies and media organizations however pivoted to Coronavirus related targets as of late, as per three people who have investigated the attacks. 

Microsoft said for the current month alone it had observed two North Korean hacking groups target vaccine developers in multiple countries, including by "sending messages with fabricated job descriptions" Microsoft however didn't name any of the targeted organizations.

The North Korean mission to the United Nations in Geneva though didn't react to a request put forth for their comment. Pyongyang has likewise denied carrying out the previously mentioned cyberattacks.

It has no direct line of contact for foreign media. AstraZeneca, which has arisen as one of the top three Coronavirus antibody developers, also declined to comment. 

As North Korea has been accused consistently by the US prosecutors for a portion of the world's 'most audacious and damaging cyberattacks’, including the hack and leak of emails from Sony Pictures in 2014, the 2016 theft of $81 million from the Central Bank of Bangladesh, and releasing the Wannacry ransomware virus in 2017. 

Pyongyang has consequently portrayed the allegations against it as attempts by Washington to malign its image. 

Reuters however has recently reported that hackers from Iran, China and Russia likewise have attempted to break into leading drug makers and even the World Health Organization this year, yet Tehran, Beijing and Moscow have all denied the allegations.



Federal Agencies Warned the US Healthcare System on Facing An “Increased and Imminent” Threat of Cybercrime

 

A couple of days back the FBI and two federal agencies, the Department of Homeland Security and the Department of Health and Human Services issued a caution that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. 

This news comes after federal agencies cautioned that the US healthcare systems are confronting an “increased and imminent” danger of cybercrime, and that cybercriminals are releasing an influx of coercion endeavors intended to lock up hospital information systems, which could hurt patient care similarly to cases of Coronavirus are on a steady rise. 

The cyberattacks include ransomware, which scrambles information into the hogwash that must be opened with software keys given once targets pay up. Independent security specialists state it has 'already hobbled at least five US hospitals' this week, and might affect hundreds more. 

Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement, “we are experiencing the most significant cybersecurity threat we’ve ever seen in the United States." 

The US has seen a plague of ransomware in the course of the recent 18 months with significant urban cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack shook all 250 US facilities of the hospital chain Universal Health Services, constraining doctors and nurses to 'depend on paper and pencil for record-keeping and slowing lab work'. 

Employees described disorderly conditions blocking patient care, including mounting trauma centers wait and the failure of wireless vital signs monitoring hardware. 

Alex Holden, CEO of Hold Security, which has been intently following the ransomware being referred to for over a year, said he informed the federal law enforcement after monitoring infection endeavors at various hospitals. 

Furthermore, added that the group was demanding ransoms above $10 million for each target and that criminals involved on the dull web were talking about plans to attempt to infect at least 400 or more hospitals, clinics, and other medical facilities.

“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more and they know it.”

The cybercriminals launching the attacks are said to have been utilizing a strain of ransomware known as Ryuk, and while nobody has proved the speculated ties between the Russian government and groups that utilization the Trickbot platform, Holden said he has “no doubt that the Russian government is aware of this operation – of terrorism”.

Impact of Covid-19 Web Threats on Cybersecurity, A Report from Beginning to End

 

Cyberattacks during the Covid-19 pandemic exposed the flawed systems of cybersecurity. We should glance at these attacks and learn new ways to strengthen cybersecurity infrastructure from experience.

Impact of cyberattacks during the pandemic- 

Until the first quarter of 2020, the FBI's cyber division reported a 3-4 times surge in cyberattacks complaints since the start of Covid-19. According to Interpol and FBI data, there has been a massive increase in ransomware, phishing, DDoS and malware attacks; since the coronavirus pandemic. Hackers used email platforms to carry out their web threats. 

Interpol reports, "Cybercriminals are taking advantage of the widespread global communications on the coronavirus to mask their activities. Hospitals, medical centers, and public institutions are being targeted by cybercriminals for ransomware attacks – since they are overwhelmed with the health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay the ransom. The ransomware can enter their systems through emails containing infected links or attachments, compromised employee credentials, or exploiting a system's vulnerability."  

Most of the attacks are disguised under the theme of Covid-19. Hackers copy fake organization platforms like WHO to commit frauds and target victims. Via these platforms, the hackers lure their victims into transferring money, providing banking details, stealing personal user data. All these attacks resulted in making COVID-19 themed attacks the highest in 2020. 

What can we learn from these attacks? 

Hackers use panic and fear to target their victims. The malware and phishing attacks during the Covid-19 pandemic prove that attackers use fear to intimidate their targets. In March alone, experts discovered more than 40000 high risk and 2000 malicious domains. In April 2020, Google reported around 240 million coronaviruses themed malware and spams. Google website says, "Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages. Our ML models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users."

UK National Cyber Security Centre Reveals Russia’s Plan to Disrupt Tokyo Olympics

 

The UK National Cyber Security Centre recently revealed that in an attempt to completely disrupt the 'world's premier sporting event' the Russian military intelligence services were coming up with a cyber-attack on the Japanese-facilitated Olympics and Paralympics in Tokyo. 

The Russian cyber-reconnaissance work covered the Games organizers, logistics services, and sponsors and was in progress before the Olympics was delayed due to Covid-19. 

The proof is the first indication that Russia was set up to venture as far as to disrupt the summer Games, from which all Russian competitors had been prohibited on account of diligent state-sponsored doping offenses. 

The Kyodo news agency said a senior Japanese government official had specified that Tokyo would think about housing a protest with Moscow if cyber-attacks were affirmed to have been carried out by Russia. 

Japan's chief government spokesman, Katsunobu Kato, said the country would do all that is conceivable to guarantee that the postponed Games would be liberated from any and every cyber-attacks. 

“We would not be able to overlook an ill-intentioned cyber-attack that could undermine the foundation of democracy,” Kato stated, including that Japanese authorities were gathering data and would keep on imparting it to other countries. 

The UK government announced with what it reported with 95% certainty that the disruption of both the winter and summer Olympics was carried out distantly by the GRU unit 74455. 

In PyeongChang as well, as indicated by the UK, the GRU's cyber unit endeavored to camouflage itself as North Korean and Chinese hackers when it focused on the opening ceremony of the 2018 winter Games, smashing the site to stop spectators from printing out tickets and crashing the WiFi in the arena. 

The key targets additionally included broadcasters, a ski resort, Olympic officials, services providers, and sponsors of the games in 2018, which means the objects of the attacks were not simply in Korea.

The foreign secretary, Dominic Raab, stated: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.” 

Included later that, “the UK will continue to work with our allies to call out and counter future malicious cyber-attacks.” 

These allegations of the UK are believed to be a part of an endeavor to disrupt Russia's cybersecurity threat through maximum exposure and stop any interruption of a rescheduled summer Games next year.

The Covid-19 Pandemic Forces Businesses To Prioritise Investment In Cybersecurity Despite The Overall IT Budget Cuts

 


As per a Kaspersky report on ‘Investment adjustment: aligning IT budgets with changing security priorities’ organizations and businesses have focused around 'prioritizing investment' in cybersecurity in spite of the general IT budget cuts in the midst of the Coronavirus pandemic. 
The report said that “Cybersecurity remains a priority for investment among businesses. This is despite overall IT budgets decreasing in both segments amid the Covid-19 pandemic, and cybersecurity cuts affecting the most economically hit SMBs,”

And further included that, “external conditions and events can influence IT priorities for businesses. As a result of the Covid-19 lockdown, organisations have had to adjust plans to meet changing business needs – from emergency digitalisation to cost optimisation.” 

The current share of cybersecurity in IT spending has gone up from 23 percent in 2019 to 26 percent in 2020 for especially small and medium businesses (SMBs). For enterprises though, cybersecurity's offer in spending has expanded to 29 percent in 2020 from 26 percent a year ago. 

By and large, 10% of associations agree and implement the fact that they will spend less on IT security. The principle purpose behind the decreased spending on security in the endeavour was supposed to be a conscious choice by the top management to reduce spending, seeing no reason for investing “so much money in cybersecurity in the future.” 

Alexander Moiseev, Chief Business Officer at Kaspersky, nonetheless stresses on the fact that, “2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat…” 

He included later, “even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defences – by turning to free security solutions available on the market and by introducing security awareness programmes across the organisation. Those are small steps that can make a difference, especially for SMBs…”


Cybersecurity Staff Shortage During Covid-19 Impacts Businesses Worldwide




Covid-19 pandemic has impacted business worldwide, primarily online. Due to this, cybersecurity has become a significant concern for organizations. The threat of cyberattacks and hackers has raised questions and new challenges over the issue of security. The foremost challenge that the industry is facing is the cybersecurity shortage of talent. What the industry needs the most right now are brilliant cyber minds.

ESG's 2019 survey reports that around 53% of business organizations have a deficit of cybersecurity staff. Another research by (ISC)2 says that there is a shortage of about 4 Million cybersecurity staff, meaning that organizations would require a growth rate of 142% to fill the staff deficit in the future. Earlier, there was no exact data to predict how much the COVID-19 problem would impact this issue. However, currently, it is quite clear that the pandemic situation is proving to be problematic. The coronavirus situation has compelled companies and their employees to work from home. 

The WFH trend may be beneficial for the companies, but it also raises attacks from hackers and criminal actors. The issue requires organizations and employees to be cautious while working from home, keeping productive strategies and effectiveness in mind all the time. Working from home, employees have to use safe communication platforms to be safe from cyberattacks and hackers. According to Infosecurity, "the loss of sensitive patient information is not the only cybersecurity threat. Taking advantage of a less secure employee environment, cyber-criminals have intensified their attempts at gaining access to sensitive data by using social engineering techniques. A report from Microsoft states that there are around 30,000 attacks per day that exploit this method." 

Besides this, the most important thing is building secure cyberspace for sharing company files over the internet. "Cybersecurity military officers go through intensive training and acquire a wide range of skills to protect their country from foreign invasion of cyber-capabilities, so it is no wonder big tech companies often seek out the most skilled officers. You should pay attention to military veterans from this field since many of them remain jobless," reports Infosecurity.

White House To Update U.S’s Approach To Its Maritime Cybersecurity Strategy In Coming Months

 

With hopes to upgrade the U.S. government's approach to deal with its maritime cybersecurity strategy in the coming months, the Trump administration is presently attempting to improve and further secure down the United States' ability to 'project power at sea' and guard against adversarial cyberattacks. 
Their plan incorporates re-evaluating the national approach to deal with data sharing and better emphasizing the utilization of operational technologies in ports, as per one senior administration official. 

When two officials were approached to comment they declined on revealing any particular data about the administration's plans, saying more info would be very soon be made public. 

Yet, hackers have already begun their work, they have been for long focusing on shipping firms and the maritime supply chain to steal any data associated with the U.S. government or intrude on cargo operations and activities. 

Utilizing a strain of ransomware known as Ryuk, the hackers have undermined computer networks at a maritime transportation office a year ago simultaneously disrupting tasks for 30 hours, as per the U.S. Coast Guard. 

This declaration comes in the midst of a few endeavors at the Department of Defense to test preparedness and readiness against cyberattacks in the maritime domain. 

The Pentagon's offensive unit, Cyber Command, duplicated a cyberattack a year ago on a seaport. The Army is likewise taking an interest in an activity intended to 'simulate adversaries' focusing on U.S. ports this month. 

As of late, the Trump administration has been worried about a ransomware attack focused explicitly on a transportation organization, “affected COVID-19 supply chains in Australia,” which one senior organization official said.

 “Adversaries frequently interfere with ship or navigation systems by targeting position or navigation systems through spoofing or jamming, causing hazards to shipping,” one senior administration official said.

Siemens USA Announced the Launch of Its Technologically Advanced Cyber Test Range

 

As the Coronavirus pandemic prompted an expansion in cyberattacks, this called for the need for certain facilities that would explicitly focus on prevention, discovery, and response solutions. For a similar reason, Siemens USA came up with the launch of its innovatively progressed cyber test go housed at its U.S. R&D headquarters in Princeton, New Jersey. 

The Siemens cyber test range was intended to test developing cybersecurity innovations against real-world situations to help distinguish and moderate potential weaknesses. 

The cyber range has embarked to turn into a hub where data scientists, security experts, and others can come together to perform inventive researches in the field of cybersecurity and prototype and approve new research ideas. 

Siemens' growing collection of operational innovation hardware and software components makes the range more valuable for 'a variety of industrially focused security research'.

The design of the facility was done keeping in mind the adaptability, permitting remote operation and range segments to be moved to different areas like gatherings, colleges, government research labs, and even customer environments. 

Siemens has partnered together with the Atlantic Council to utilize this cyber range to upgrade students' understanding during their 'Cyber 9/12 Strategy Challenge' arrangement through the re-enactment of cyberattacks on frameworks like advanced water treatment and power generation facilities. 

Today, Siemens and its products are upheld by a global association with more than 1,200 digital specialists. The organization's products and solutions have modern security functions that are inherent by design and empowered by default. 

Kurt John, Siemens USA's Chief Cybersecurity Office says “Cybersecurity is at the center of everything we do at Siemens. This cyber range will help Siemens continue to innovate in the field of critical infrastructure cybersecurity and build industry confidence in the secure digitalization of America’s operational technology. With this cyber range, our customers and partners can now join us on our ongoing journey to help mitigate cyberattacks and protect America’s critical infrastructure.” 

This cyber range will undoubtedly be another space for future pioneers to fabricate trust in associated foundation to shape an economical and a strong future and simultaneously for Siemens to ace the innovation foundational to a Fourth Industrial Revolution.

Microsoft's new report suggest a rapid transformation in cyber security due to the pandemic

 In just two months of the pandemic, the digital world went through "two years worth of digital transformation" according to Microsoft and to compute these changes the company did a survey of 800 leaders from companies with more than 500 employees from the United States, United Kingdom, India, and Germany. The report circumcises the pandemic threat landscape, the long term cybersecurity, budget, staffing, and the adjustments companies did to update their security.


The crux of the matter remains that the pandemic bought on a  multitude of attacks and scams but the very thing strengthened the need for better cybersecurity and many businesses realized this and overall we saw a grave change where digital security is concerned.

According to Microsoft's report following are the changes bought on in cybersecurity by the global pandemic in the long term-

Security as a prime factor in Digital Empathy
With scales of business going WFH (work from home), business leaders quickly realized better security is more productive and drives a better end-to-end experience. For most business leaders the main aim was to improve user experience and productivity thus investing in cybersecurity with VPNs and Multi-factor authentications. The reports show a considerable increase in cybersecurity investments in the surveyed countries since the beginning of the pandemic.

Zero Trust Journey
According to csooonline.com, "Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access." Earlier, this Zero Trust capability was an option, now this has become the priority and everyone's on it for a much secure and private environment inside the database of the company.

More Database, Better Threat Intelligence
The pandemic highlighted the advantages of cloud backups and threat tracking. Microsoft tracked around 8 Million threats daily from around the world due to the diverse and large data input. With the help of automated tools, human insights, and large data, many threats could be tracked and stopped before they reached the user. 

Cyber reliance key to business operations
Cyber Security is fundamental for efficient business operations and cyber resilience. For that remote workplace, businesses need to constantly update their security plans and threat assessment as well as employ end to end security solutions.

Microsoft reports, "More than half of cloud forward and hybrid companies report having cyber-resilience strategy for most risk scenarios compared to 40% of the primarily on-premises organization. 19% of companies relying primarily upon on-premises technology do not expect to maintain a documented cyber-resilience plan."

Cloud Security Solutions as Inevitable 
Nearly, 40% of organizations invested in cloud security solutions, followed by Data and Information Security (28%), Network Security(27%), and Anti-phishing tools (26%). Cloud not only protects data but also helps track security issues and provides overall integrated security.





  

Emotet Malware Returned with Massive Malspam Campaign


The Emotet authors are popular for capitalizing on trending events and holidays by disseminating customized templates in form of Christmas and Halloween gathering invites, similarly, the malicious gang has started a new campaign taking advantage of the ongoing global pandemic. They are once again spamming corona virus-related emails to U.S businesses.

Earlier this year, in the month of February, the Emotet malware was being spread actively in pandemic ridden countries via COVID-19 themed spam. However, regarding the US businesses, the malware never had the timely chance to attack by exploiting the pandemic, as the virus encapsulated the USA in the month of March. After disappearing in February, Emotet was seen to be back stronger than ever on July 17th, 2020.

Originally designed as a banking malware, Emotet Malware was first discovered by security researchers in the year 2014, but, the threats by Emotet have constantly evolved over the years. It attempts to sneak onto the victim’s system and acquire personal information and sensitive data. Emotet uses worm-like capabilities that help it spreading itself to other connected PCs. With added functionalities to avoid detection by anti-malware software, Emotet has become one of the most expensive and dangerous malware, targeting both governments as well as private sectors. As per recent sources, Emotet also delivers third-party payloads such as IcedID, Qbot, The Trick, and Gootkit.

Emotet has been pushing malspam continually employing the same strategies the authors did in their previous array of attacks. The spam mail consists of an attachment or a link, that on being clicked, launches the Emotet payload. In this particular COVID-19 themed Emotet spam targeting U.S organizations, the malware has been sending an email that appears to be from the ‘California Fire Mechanics’ reaching out with a ‘May Covid-19 update.’ One important thing to note here is that this email is not a template designed by the Emotet authors, but instead, an email stolen from a prior victim and appropriated into the Emotet’s spam campaigns. The malicious attachment linked in this case is titled ‘EG-8777 Medical report COVID-19. Doc’. It makes use of a generic document template that had been used in older campaigns. Once downloaded on the user’s click, the Emotet gets saved to the %UserProfile% folder under a three-digit number (name), such as 745.exe. Upon execution of the same, the user’s computer will become a part of the operation, sending out further infected emails.

While alerting on 17th July, researchers at Microsoft told,“We have so far seen several hundreds of unique attachments and links in tens of thousands of emails in this campaign,”

“The download URLs typically point to compromised websites, characteristic of Emotet operations.” They further wrote.

Emotet expert Joseph Roosen told to BleepingComputer, "So far we have only seen it as part of stolen reply chain emails. We have not seen it as a generic template yet but I am sure it is just around the corner hehe. There was one reply chain I saw yesterday that was sent to 100s of addresses that were referring to the closing of an organization because of COVID-19. I would not be surprised if Ivan is filtering some of those reply chains to focus on ones that are involving COVID-19,"

Indian Prime Minister Announces a New Cyber Security Policy for the Country


On the celebration of India's 74th Independence Day, the Prime Minister of India Narendra Modi announced his plans about bring up a new cybersecurity policy for the country. 

While addressing the nation, in his speech he highlighted the threats radiating from cyberspace that could affect India's society, economy, and development. 

He emphasized the fact that dangers from cyberspace can jeopardize every one of these parts of Indian life and they shouldn't be taken for granted. The prime minister's comments come against the ever-increasing cyber threats and psychological warfare radiating from nations like Pakistan and China. 

As per news reports, during the border tensions at Ladakh, China and Pakistani social media activists had apparently joined hands to dispatch fake news and misinformation campaigns against India. 

At the point when the conflict happened along the Pangong Lake on 5-6 May, Weibo, the Chinese version of Twitter, had featured images of Indian fighters tied up and lying on the ground, with correlations made to Bollywood's 'muscular portrayal' of the Indian Armed forces.

 "The government is alert on this," Modi reassured the nation, later adding that the government will soon come out with a strong policy on this.

Apart from this, phishing attacks offering info on Covid-19 and equipment, or free testing with the aim to steal personal information have additionally been on a steady rise in India over the last few months. 

As indicated by a Kaspersky report, there is a 37% increase in cyber-attacks against Indian companies in April-June quarter, when compared with January-March quarter, with the reason being the implementation of a nationwide lockdown from March which made organizations and companies permit their employees to work from home.

The United Nations Reports Increase in Internet Usage and Cyber Crime during the Pandemic

 

The U.N. counterterrorism chief reported a 350% increase in phishing websites in just the first quarter of the year, mostly targeting hospitals and health care systems and obstructing their work responding to the current COVID-19 pandemic. 
Vladimir Voronkov told the U.N. Security Council that the upsurge in phishing websites was a part of “a significant rise in cybercrime in recent months” revealed by speakers previous month's first Virtual Counterterrorism Week at the United Nations. 

The weeklong gathering was attended delegates from 134 nations, 88 civil society and private sector organizations, 47 international and regional organizations, and 40 United Nations bodies. 

He said the U.N. furthermore; the global experts haven't yet completely comprehended “the impact and consequences of the pandemic on global peace and security, and more specifically on organized crime and terrorism.” 

Voronkov says, “We know that terrorists are exploiting the significant disruption and economic hardships caused by COVID-19 to spread fear, hate, and division and radicalize and recruit new followers. The increase in internet usage and cybercrime during the pandemic further compounds the problem.” 

Undersecretary-General Voronkov said the discussions demonstrated a mutual understanding and worry that “terrorists are generating funds from illicit trafficking in drugs, goods, natural resources, and antiquities, as well as kidnapping for ransom, extorting and committing other heinous crimes.” 

He said U.N. member nations are rightly focused around handling the currently increasing health and human crisis brought about by COVID-19 however he urged them not to overlook the threat of terrorism. 

In many parts of the world, Voronkov stated, “terrorists are exploiting local grievances and poor governance to regroup and assert their control.” 

Ghada Waly, executive director of the Vienna-based U.N. Office on Drugs and Crime, told the council meeting on the linkage among counterterrorism and transnational organized crime that the links are "complex and multifaceted," and “the COVID-19 crisis poses a host of new challenges to national authorities.” 

“Organized criminal groups and terrorists may seek to capitalize on and exploit new vulnerabilities,” she said, “and transit patterns are shifting in view of travel restrictions and lockdown measures, adding further challenges for border security.”

Lastly, she added a rather important point which highlights the fact that during these dark times comprehensive and cooperative responses are needed more than ever.

Online Exam Tool ProctorU Breached, Half A Million User Accounts Leaked Online


Around half a million online users were affected due to the breach of online examination software called "ProctorU," a platform widely used in teaching institutes. The hackers, belonging to Shiny Hunters Group, recently posted the leaked data on the web, which contained details of 444,267 users, confirm the cybersecurity experts. ProctorU is a tool that provides institutions automatic monitoring options while conducting the examination. ProctorU, an American firm, built the application.


The data leaked belong to different individuals and organizations, including various education institutes, companies, and users of the breached software. The data leak is part of a bigger scheme of the Shiny Hunters Group, say some sources. They have posted other leaks in the recent weel. More than 386 Million users' data was published online in the past week by hackers. The companies affected include- Couchsurfing, WattPad, Minted, Bhinneka, Dunzo, Dave.com, and many others. The data leaked online include sensitive user information like which include usernames, passwords, full names of the individuals, contact no, and residential address.

Various universities worldwide have been affected by this breach, as they relied on ProctorU for conducting online examinations, keeping the social distancing in mind due to the coronavirus. Sydney University had done the same and used ProctorU to conduct its semester examinations. The University released a statement related to the breach expressing concern for the event. But the University of Sydney has come under a lot of criticism from the users as well as experts. According to them, ProctorU violates the student privacy policy, as given in the University.

Students have complained that the techniques ProctorU uses to keep a watch can be very intrusive and personal. During the examination, the tool asked students to show their surroundings, and also had control over the user's computer. It could be possible that ProctorU could send these data to third parties. "We consistently warned the University that this could happen. We demand the University immediately suspend the use of ProctorU, as that is the only way to guarantee that students are not exposed again in the future," said the Student Council of the University.

COVID-19 used as a lure for Cyber Attacks: Report suggest massive increase in Phishing Trends


Since the starting of the year, 2020 has been a bearer of bad news and Covid seems like a bad punch line. With 14 Million cases, the pandemic has wreaked havoc not only on human life but other sectors of business and economy as well; especially impacting cybersecurity, giving a sweet opportunity for hackers and scammers to con people.


According to recent research by Positive Technologies, there has been a 25% increase in phishing attacks in quarter one (Q1)of this year as compared to Q4 of 2019 and 13% of these phishing attacks were related to COVID-19. One of the analysts at Position Technologies said, “Hackers were quick to use common concerns about coronavirus as lures in phishing emails. One out of every five emails was sent to government agencies.”

The researchers also noted that 23 of the tenacious and active APT (Advanced Persistent Threat) groups targeted financial and medical institutions, government agencies, and industries. Around 34% of the attacks on organizations were ransomware ( malware attackers demanding money ransom in order to decrypt files and to not reveal stolen data). One out of every 10 ransomware was targeted at an organization.

This year has seen ransomware evolving into much-feared threat with Maze ransomware collaborating with other ransomware groups and publishing the stolen data on their website. Another ransomware Snake released in the beginning of this year, even deletes backups and snapshots.

Many security analysts discourse that the report from the research isn't all that surprising as COVID-19 has been used as a lure and click-bait to trap users desperate for info on the pandemic.

Jamie Akhtar, CEO of CyberSmart says, “enormous spike in phishing campaigns, fake websites and social profiles that were deliberately impersonating COVID-19 and healthcare-related authorities as hackers exploited the unprepared public.”

 Adding, “Many of these phishing emails can be extremely convincing and are not likely to end soon.

“Businesses and their employees can protect themselves against these attacks in the future by using email filtering that will detect and flag suspicious email addresses and malicious links or attachments, but these often don't catch everything. Training employees on how to spot suspicious and phishing emails is the best way to prevent these kinds of attacks.”

Importance of Cybersecurity in the Healthcare Sector


Hackers and cybercriminals have targeted the healthcare sector for a long time. Among the healthcare industry, hospitals are generally the primary target for hackers, as they generate a lot of money. The hospitals hold very sensitive information of the patients, including credentials and personal data, and the hackers can take advantage of that. Due to the coronavirus pandemic, hospitals have received a large number of funds from the government and other agencies to deal with the issue, and the hackers are after the money.


The critical issue is that healthcare IT systems store patient credentials, including banking details, ID, and credit card details. Besides this, information such as patient's HIV details can be exposed, and cybercriminals can exploit for extortion. On the dark web, ID credentials can be sold for very profitable money, so the government and healthcare industry should take extra precautions to stay safe from cyber attacks. In the present pandemic crisis, blackmail has become one of the most common cyberattacks threats. Blackmail is different from ransomware; in the latter, the player holds company data as ransom by encrypting malware. Whereas, while blackmailing, the hacker threatens to expose critical data, unless his demands are met, which is mostly money.

In this scenario, the hospitals don't have any option but to compensate the cybercriminal as revealing patient information is not only dangerous but also against the doctor-patient confidentiality. In the starting phase of the COVID-19 outbreak, hackers across the world didn't target the healthcare industry. It created a false sense of security among the government and experts that the healthcare sector was safe from hackers and cyber attacks. It was all but long when the hackers finally decided to take a toll on cyberattacks on healthcare.

Therefore, the healthcare industry should step-up and create a robust cybersecurity infrastructure that ensures patients' privacy and security. General awareness of cybersecurity among citizens is also essential, especially sensitizing the hospital staff. Most important and the last one, healthcare institutes should team up with cybersecurity agencies that provide protection and security from cyber attacks and hackers.

Enterprises Improving Their Response to Cybersecurity Incidents, Yet Contributing To Reduce the Effectiveness of Defense


IBM recently released the results of a global survey, which recommended that while investment and planning are on the uptake, adequacy isn't on a similar 'incline', with reaction endeavors hindered by complexity brought about by divided toolsets.

Conducted by the Ponemon Institute, the research highlighted reactions from more than 3,400 security and IT staff across the world.

This research was IBM's fifth annual Cyber Resilient Organization Report, which says that while organizations are improving in cyberattack planning, identification, and response, their capacity to contain a functioning threat has declined by 13%.

By and large, enterprises send 45 cybersecurity-related tools on their networks yet the widespread utilization of an excessive number of tools may add to an inability not only to distinguish, yet additionally to shield from dynamic attacks.

While it creates the impression that the enterprise cybersecurity scene is achieving another degree of development, in any case, with 26% of respondents saying that their organizations have now embraced formal, all-inclusive Cyber Security Incident Response Plans (CSIRPs), there's been an expansion from 18% five years ago.

In total, nonetheless, 74% of respondents said their cybersecurity planning posture despite everything fails to be desired, without any plans, especially ad-hoc plans, or irregularity still a thistle in its IT staff.

Furthermore, among the individuals who have adopted a reaction plan, just a third has made a playbook for basic attack types to keep an eye out for during daily tasks.

"Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face," the report notes.

As indicated by IBM, an absence of planning and response testing can prompt a damages bill up to $1.2 million higher than a cyberattack would have in any case cost a victim company and the expense can be high as far as disruption is concerned.

Thus IBM responded that "With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that many businesses are relying on out-dated response plans which don't reflect the current threat and business landscape."

This is all considering the COVID-19 pandemic and the rapid and sudden changes a large number of us have encountered in our workplaces, CSIRP arrangements should be inspected, and if need be, changed to adjust to the working from home environment.