The COVID-19 pandemic will accelerate sharing as governments and the private sector work to find solutions, not only in healthcare but in other sectors of the economy impacted by the current crisis.
According to Forrester, “in times of crisis, the need for information is critical” and the COVID-19 pandemic provides a clear illustration of this as healthcare officials and policy makers need data to inform their responses; researchers need data to drive the search for solutions; and leaders across sectors need data to understand the impact of the crisis on their businesses.
An advisory written by Forrester analysts Jennifer Belissent and Enza Iannopollo stated that in the current situation “data sharing is a recovery imperative” and as companies recover from closure, they will need to apply insights to improve their chances of success.
They said: “The recovery could prove a pivotal time to implement new technologies and redefine business processes. Data literacy is a key element to ensuring that employees are future fit.”
In a second advisory, Iannopollo said that COVID-19 “has reminded us of the power of collecting and sharing data” and as a result, an increasing number of individuals will be willing to share their personal data in real time in the hope of protecting themselves and others.
“Don’t assume that they will pay less attention to a brand’s values or that they will accept limits on their privacy rights,” Iannopollo said. “Even in the middle of the crisis, employees and employers have forced European regulators to provide guidance on collecting, sharing, and processing personal sensitive data.
“European consumers will remain vigilant of their privacy, especially their health data. And with an unemployment crisis looming, trust and values will drive European consumers’ potentially limited choices.”
Speaking to Infosecurity, Iannopollo said that before GDPR came into force, companies only cared about what data they collected and it didn’t matter what the purpose was with it, as data sharing “is a great driver in the economy, but there are enormous risks with it” as for a long time we’ve been trained to think of data as an asset, and “the more you have the better.” Then GDPR “came along and businesses had to clarify to people” what they were doing with it.
According to an announcement released today, NHS Digital and NHSX have introduced GP Connect to all practices, which will enable the secure sharing of patient records across primary care, meaning that health and care professionals have the information necessary to give patients the care they need quickly and effectively, regardless of whether they are registered at that practice or have accessed that service before.
Additional Information will be automatically added to the Summary Care Record of any patient who has not expressed a preference that information isn’t shared and will include significant medical history (past and present), reasons for medications, care plan information and immunizations.
Richard Alcock, interim director of Primary Care Technology at NHS Digital said: “This step is crucial to support clinicians so that they can give timely, accurate clinical advice to their patients at a time when they are already under unprecedented stress and having to work in completely new ways to deliver care.”
Iannopollo said she had seen this working in the Netherlands, where if you cannot see your GP another doctor can see you if you’re willing to share your medical details. She praised efforts to do better information and data sharing, but said the worry is that what is used in an emergency “will outlive the emergency and generate a backlash.”
Google has taken steps to crackdown on fake or misleading advertising as fraudulent ads and counterfeits surge during the COVID-19 pandemic.
The tech giant revealed in a post on Thursday that it would be extending its identity verification policy from political ads to all advertising on its platforms, in a bid to improve transparency.
“As part of this initiative, advertisers will be required to complete a verification program in order to buy ads on our network,” explained director of product management, John Canfield.
“Advertisers will need to submit personal identification, business incorporation documents or other information that proves who they are and the country in which they operate.”
By hovering over an ad listing, users will soon be able to see the name, location and other information about the advertiser.
“This change will make it easier for people to understand who the advertiser is behind the ads they see from Google and help them make more informed decisions when using our advertising controls,” claimed Canfield. “It will also help support the health of the digital advertising ecosystem by detecting bad actors and limiting their attempts to misrepresent themselves.”
Although the program will start in the US this summer, it could take years to complete, which may be too late to stop the surge in scams peddling counterfeit and fake COVID-19 products.
Earlier this month, industry bodies the Anti-Counterfeiting Group (ACG) and Transnational Alliance to Combat Illicit Trade (TRACIT) urged stay-at-home consumers to exercise caution as they are bombarded with ads for counterfeit and ineffective products.
These include surgical face masks, hand sanitizers, testing kits, thermometers, cleaning solutions, toilet paper, anti-bacterial wipes, indoor sports equipment, refrigeration appliances , food products and more.
“The expectations are that the availability of these products on the internet will increase dramatically, especially with the closure of retail stores and the imposition of social distancing,” argued ACG director general, Phil Lewis.
“People must be especially careful when ordering online from websites, e-commerce platforms and social media where outright fraud and advertising of fakes is already a major problem.”
At the end of March, INTERPOL announced a $14m seizure of counterfeit medical and pharmaceutical supplies. Over 100 arrests were made and 37 organized crime groups supposedly dismantled.
Twitter has updated its policy on unverified claims in a bid to tackle misinformation surrounding the COVID-19 pandemic that has already led to attacks on 5G infrastructure in the UK.
The social network said its updated guidance means that claims which have “the potential to incite people to action, could lead to the destruction or damage of critical infrastructure, or cause widespread panic/social unrest,” are now considered policy violations.
“Examples include, ‘The National Guard just announced that no more shipments of food will be arriving for two months — run to the grocery store ASAP and buy everything’ or ‘5G causes coronavirus — go destroy the cell towers in your neighborhood!’,” it explained in an update this week.
At least 20 5G phone masts have been vandalized across the UK in recent weeks and scores of incidents have been reported where engineers have been confronted by angry members of the public who believe there's a link between the tech and the pandemic, according to reports. Celebrities have reposted the fake news to millions of followers online, further disseminating the falsehoods.
Twitter and Facebook have come in for criticism over recent weeks for failing to act quickly enough in taking unverified rumors about the pandemic down.
Most notably, US President Donald Trump has repeatedly made false claims about the virus, including that it could be treated with an anti-malarial drug, which led to shortages for people who actually needed the medication.
There have also been question marks surrounding Twitter’s use of machine learning algorithms to police content. It admitted in a post last month that mistakes would be made as they are less accurate than human moderators.
Accounts would therefore only be suspended after human review, it said, which could create delays.
Earlier this week an expert claimed that far-right agitators were waging a months-long online campaign of harassment and fake news against high-profile health organizations.
The World Health Organization (WHO) has confirmed reports earlier this week that thousands of staff emails and passwords were leaked online, adding that it has seen a “dramatic increase” in cyber-attacks since the start of the COVID-19 crisis.
Rita Katz, director of SITE Intelligence Group, said earlier this week that suspected Neo-Nazi groups had posted the details online, on platforms including 4chan, Pastebin and Twitter.
This was part of an alleged months-long harassment campaign of staff at the organization and others fighting the pandemic, including the Centers for Disease Control and Prevention, the World Bank, the Gates Foundation and the National Institutes of Health.
In a brief update yesterday, the WHO confirmed that 450 active WHO email addresses and passwords were leaked online, plus thousands belonging to “others” working on COVID-19 response.
Despite describing the log-ins as “active,” it claimed that the credentials didn’t pose a security risk as they were old. However, an “older extranet system” used by current and retired staff and partners was affected, it admitted.
Steps are being taken to improve authentication security on the site, presumably by mandating two-factor authentication or similar.
More generally, the WHO claimed it had seen a dramatic surge not only in attacks aimed at its staff but in phishing emails spoofing its name to trick the general public.
It pointed in particular to scams aimed at soliciting donations to fictitious funds, although there are many others, designed to covertly install malware and harvest credentials.
The number of attacks in general has increased five-times over the number seen during the same period last year, WHO claimed.
“Ensuring the security of health information for member states and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic,” said WHO CIO, Bernardo Mariano.
“We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together.”
Speaking on an online press conference this week Eugene Kaspersky, founder and CEO of IT security giant Kaspersky Lab, likened cyber-attacks on hospitals during the COVID-19 pandemic to acts of terror.
“Cyber-criminals are very likely to stay active,” he said. “They are used to working from home and their circumstances have not changed drastically. They will keep trying to attack businesses and individuals and it is our job to keep working hard and defend our customers.
“Any attack made on a hospital at this time can be seen as equivalent to a terrorist attack.”
Kaspersky was joined on the press conference by Costin Raiu, Kaspersky’s director of global research and analysis team, who also spoke strongly to condemn cyber-criminals targeting hospitals, and Yury Namestnikov, the company’s head of global research and analysis team for Russia, who reflected on some of the key COVID-19-related threats Kaspersky has detected.
Raiu argued that any malicious individuals or groups that carry out attacks on healthcare organizations should be heavily reprimanded.
“The message must be clear to cyber-criminals that anybody targeting medical institutions will be hunted down by LEAs and cybersecurity companies like ourselves to make sure they are brought to justice,” he added.
Raiu pointed out that not only are hospitals under severe pressure to ensure healthcare processes are functioning and effective, the current cyber-threat circumstances they are facing make this an even greater challenge.
“People in hospitals are understandably having to concentrate on looking after their patients and saving lives. They are not necessarily worried about updating their systems. They may also be managing and prioritizing resources differently and if they need to choose between investing in cybersecurity solutions or buying medical equipment, there is only one clear choice.”
Namestnikov said that, in the last few months, there has been a significant rise in both opportunistic and targeted attacks, with spear- phishing campaigns in particular causing challenges as they target users with fake coronavirus-related advice.
“We are seeing a spread in COVID-19 messaging to trick people into opening malicious links or attachments and downloading malware,” he added. “We saw a 43% growth in this sort of attack between January and March 2020.”
The generous gesture was part of HackerOne's Hack for Good initiative, which invites hackers to hand over what they earn from companies by discovering bugs in their products and systems to charitable causes.
HackerOne's 13-day virtual hacking event attracted 50 hackers from 13 countries. The event had been scheduled to take place in Singapore earlier this month but was pushed back and moved online due to the widespread outbreak of COVID-19.
Currently, Singapore has over 11,000 confirmed cases of the novel coronavirus. At time of writing, 12 Singaporeans had died after contracting the novel coronavirus, while 924 had recovered.
A spokesperson for HackerOne said: "To keep the spirit of an in-person event alive, in addition to hacking, the virtual event included several panels, virtual couch-side Q&As, and healthy competition in the form of virtual Pictionary and a push up challenge—giving hackers the opportunity to collaborate more closely with the target than ever before."
During the course of the event, more than 250 security vulnerabilities were submitted in Verizon Media assets and over $673,000 in bug bounties was awarded to hackers who succeeded in sniffing out vulnerabilities.
Topping the earnings charts was hacker mayonaise, who broke the record for the most bounties earned during a live hacking event. In addition, the closing days of the event marked the biggest week of bounty pay-outs ever with over $2.4m paid to hackers in bounties in just six days.
Asked how they felt about attending a virtual event versus an in-person affair, hacker Sébastien Morin said: “This first Virtual Live Hacking Event was very fun and a complete success! It felt like a Live Hacking Event marathon which lasts 2 weeks. It was amazing to be together even in this tough time.”
The absence of celebratory/commiseratory get-togethers in the bar was felt by hacker none_of_the_above.
They said: “I missed the drinks, the endless supply of cold Red Bull, the SWAG, the CTF-esque atmosphere. But all those things were replaced with all sorts of activities throughout the event which made us feel closer."
One in five small businesses admit that they could do better when it comes to securing customer data.
New research published today by The Manifest has found that in a survey of 383 small-business owners and managers, 20% thought that the security of customer data storage at their company could be improved.
On the positive side, more than half of the respondents (57%) said that their small business had not faced a cybersecurity challenge in 2019. However, 15% either suffered a hack, saw their system infected with a virus, or experienced a data leak.
Researchers found that the data most commonly collected by companies is contact information (61%), customer name (52%), customer location (39%), physical address of customer (36%), and payment details (31%).
For almost a quarter of respondents, lack of funding for cybersecurity was an issue. Researchers observed that 23% of survey respondents admitted that more resources needed to be injected into their company's cybersecurity.
The majority of respondents won't need persuading in the face of pressure to increase funding in their business for cybersecurity. Researchers found that 64% of respondents considered it likely that they would devote more resources to cybersecurity in 2020.
By asking questions regarding current cybersecurity practices, researchers discovered that the most popular small-business cybersecurity measures include limiting employee access to user data (46%) and data encryption (44%).
Requiring strong user passwords and training employees on data safety and cybersecurity best practices were two further methods used by 34% of respondents. Fewer than a third of businesses (29%) used two-factor authentication to enhance password security.
The Manifest specifically surveyed small-business owners and managers who use a mobile app and/or website to connect with customers.
"Cybersecurity has become only more important in 2020 due to dramatic increases in remote work and online business," wrote researchers. "We wanted to understand small businesses’ experience with and plans for data safety—the process of protecting information from unauthorized access."
Commenting on their findings, researchers wrote: "Our research shows that small businesses use a range of data security measures to protect their data, including limiting employee access and encryption, and are considering investing in more cybersecurity resources in the future."
The acquisition of cybersecurity firm Coalfire by funds advised by Apax Partners was officially finalized.
Coalfire, a provider of cybersecurity advisory and assessment services, today announced that its acquisition was now complete following full regulatory approval. The financial terms of the deal have not been publicly disclosed.
Coalfire made the news earlier this month when Anne Bayerkohler, the company's director of quality and compliance, was honored by Consulting Magazine's Women Leaders in Technology Awards in the Excellence in Leadership category.
Commenting on the acquisition, Coalfire CEO Tom McAndrew paid tribute to the company's former owners.
"We appreciate the stewardship of our previous owners, The Carlyle Group and Chertoff Capital, that has set the course for this opportunity with our management," said McAndrew.
Describing what's next for the freshly acquired company, McAndrew said remote operations would be a new focus.
He said: "We're very pleased with Apax Partners' acquisition of Coalfire and look forward to driving our growth through new technology investments, strategic acquisitions, and service expansion focused on optimizing the pervasive shift towards multi-cloud environments and remote operations."
Elsewhere in the company, it will be business as usual. Current Coalfire Federal president Bill Malone will remain at the helm, and Coalfire will continue to provide services to help Department of Defense suppliers prepare for and meet new CMMC (Cybersecurity Maturity Model Certification) regulations.
Apax Partners expressed the belief that, supported by the Apax Funds' investment, Coalfire is perfectly poised for growth.
"Coalfire is an established and highly-respected cybersecurity advisory and assessment services firm that is well-positioned for further growth due to cybersecurity trends and the vision of its strong management team," said Rohan Haldea, partner at Apax Partners.
"The Apax Funds' investment will assist the company in particular by increasing Coalfire's investment in technology; continuing to invest in thought leadership, especially with respect to securing cloud environments; and deepening capabilities across assurance standards while scaling its penetration testing and cyber risk services business."
During its more than 40-year history, Apax Partners has raised and advised funds with aggregate commitments of around $50bn. The Apax Funds invest in companies across four global sectors of Tech & Telco, Services, Healthcare, and Consumer.
Around 38% of people never update their passwords, according to a survey by Specops Software which has revealed some concerning trends regarding password safety.
Another finding was that a third of the population use the same password for streaming services such as Netflix as they do for more sensitive accounts like online banking. Additionally, just 3.45% of respondents changed their password twice a year and 29.03% said they don’t use more than one password across all their accounts. Overall, 32.26% thought that it is not that serious to have just one password. This is despite the advice of security experts that passwords should be changed regularly and vary across different accounts.
Specops undertook the survey of 1353 people following the hacking of the social app Houseparty, in which users’ details were stolen. This led to a spate of other hacks as many of the victims used the same password across multiple accounts. Only 13.79% changed their passwords in an attempt to prevent hackers accessing other accounts once news broke of the attack, while 62.07% were not worried at all about it affecting other accounts.
Sharing the passwords of streaming services with friends and family was also shown to be commonplace, with 51.51% saying they did this. Amongst Netflix users in the survey, password sharing was practiced by 66.67%. Worryingly, 21.43% said they did not know whether the people who they share passwords with shared them with other people.
Specops Software set out the following tips for people to reduce the risk of being hacked:
- Regularly change your passwords (at least once a year)
- Don’t use the same passwords for social media, streaming and other non-sensitive accounts as you do for sensitive accounts like online banking
- Use more than one password, reducing the risk of hackers accessing multiple accounts with ease
- Create strong passwords, using numbers, letters, varying capitalized and non-capitalized letters and avoiding anything personal that could easily be guessed
Two-thirds of remote workers in the UK haven’t received cybersecurity training over the past year, raising fears that they may be more susceptible to attacks as hackers adapt their tactics during the current crisis.
Norwegian app security firm Promon polled 2000 remote workers to better assess where organizations may be exposed during the pandemic.
It found that, as well as the majority not having received training over the previous year, 77% said they aren’t worried about security while working from home. Over-confidence can often lead to users making mistakes which land them in trouble.
What’s more, over three-fifths (61%) said they were using personal rather than corporate-issued devices to work remotely, increasing the chances that they aren’t properly protected, configured or aligned with corporate security policies.
“Lack of cybersecurity awareness training combined with distributed business software and applications that run within untrusted environments are some of the biggest issues organizations of all sizes are facing," Promon co-founder, Tom Lysemose Hansen, told Infosecurity.
"This is particularly prevalent in SMBs, often due to insufficient funding. Organizations must ensure that they run business-critical apps in trusted and protected environments. There are many inexpensive cybersecurity awareness platforms on the market, which are specifically designed to help SMBs remain safe from attacks and, very crucially, protect endpoint devices.”
Such threats can be used to deliver ransomware, BEC, credential-harvesting phishing, VPN malware and more.
Cyber-criminals are looking to capitalize on the widespread appetite for more information about the pandemic, as well as urgent communications between bosses, partners and employees, to trick users into clicking through.
With the entire family forced to stay indoors, home workers may also be more distracted than they would normally be.
Twitter has been forced to take down thousands of breached email addresses and passwords from US and global health organizations first disseminated by alleged Neo-Nazi groups.
Rita Katz, director of SITE Intelligence Group, said the log-in combos were linked to the US National Institutes of Health (9938), Centers for Disease Control and Prevention (6857), the World Bank (5120), the Gates Foundation (269), Wuhan Institute of Virology (21) and the World Health Organization (2732).
She tweeted that “the far-right seized on the data with a harassment campaign as part of a months-long initiative to weaponize the pandemic.”
Right-wing groups have been blamed for spreading fake news and questioning scientific evidence about the COVID-19 pandemic.
“The far-right is growing an enormous capacity to disseminate such content—from conspiracy theories to ‘hacked’ data like yesterday’s,” said Katz.
However, it’s not clear whether these groups were behind the original hacking of the leaked accounts.
Katz explained that they appear to have been first posted to 4chan, although they subsequently went up on Pastebin and Twitter.
The BBC, which revealed the news of Twitter’s takedown efforts, claimed that at least some of the data was sourced from old attacks.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, explained that stolen credential lists like this are widely available on dark web marketplaces and hacking forums.
“Most of these types of password collections contain a considerable number of redundant, outdated or even deliberately fake data. Given that most business-critical systems now use 2FA and other security mechanisms to prevent password-reuse attacks, I don’t see any material risks stemming from the reported ‘leak’,” he added.
“The impacted organizations should, however, rapidly conduct an internal investigation to ascertain they didn’t fall victims to a sophisticated data breach amid the pandemic.”
The UK’s mobile and finance industries have teamed up with GCHQ’s National Cyber Security Centre (NCSC) to better detect and block SMS phishing attempts designed to capitalize on the COVID-19 crisis.
Known as smishing, these attacks use similar social engineering and spoofing techniques as phishing emails but arrive as texts, tricking users into clicking on malicious links and/or divulging personal and financial information.
The current initiative is part of an ongoing NCSC-backed project by the Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance centered around the MEF-developed SMS SenderID Protection Registry.
Organizations that sign up to the registry can protect their text message headers, making it difficult for fraudsters to impersonate their brand in fake SMS phishing attempts. The system will check to see if a message is being sent by a genuine organization and block it if not.
According to Mike Fell, head of cyber-operations at HM Revenue and Customs (HMRC), the current project builds on an HMRC trial which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams.
Some 50 banks and government organizations have signed up to have their text messages protected, with 172 SenderIDs registered to date. Over 400 unauthorized text variants are being blocked thus far, but the blacklist is growing all the time.
All of the UK’s major operators — BT/EE, O2, Three and Vodafone — have signed up, as have leading messaging providers including BT’s Smart Messaging Business, Commify, Firetext, Fonix Interactive, HGC Global Communications Limited, IMImobile, mGage, OpenMarket, SAP Digital Interconnect, Sinch, TeleSign, Twilio and Vonage.
“We are pleased to be supporting this experiment which is yielding promising results,” said NCSC technical director, Ian Levy. “The UK government’s recent mass-text campaign on COVID-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kinds of scams.”
It said more than 80 malicious web campaigns were taken down in a day after 5000 suspicious emails were flagged to the automated service for investigation.
Perspecta Labs—the innovative applied research arm of Perspecta Inc.—has been awarded a defensive cyber-contract potentially worth $14.5m by the United States Army.
The lucrative contract was handed out by the US Army Combat Capabilities Development Command (CCDC), Command, Control, Computers, Communications, Cyber, Intelligence, Surveillance and Reconnaissance Center (C5ISR), Space and Terrestrial Communications Directorate.
Perspecta Labs has been chosen by C5ISR to work on the Autonomous Defensive Cyber Operations program. The objective of the program is to create a suite of autonomous cyber-capabilities for the US Army that are adaptable, secure, and resilient to any deceptive tactics practiced by America's adversaries.
Another key feature of the cyber-solution that Perspecta Labs has been tasked with developing is that it must be easy to configure and deploy.
Perspecta Lab's role within the program will be to research, design, develop, demonstrate, and deliver a machine learning for defensive cyber-operations solution. This tool will be used for training, rapidly deploying, and retraining containerized cyber-sensors that detect both new and previously discovered vulnerabilities, attacks, and malware.
The aim is to come up with an automated solution that can respond to threats much faster than a system that relies on human intervention.
"Perspecta Labs will leverage its extensive expertise in machine learning, cybersecurity and tactical networking to provide innovative and effective autonomous defensive cyber operations to the Army," said Perspecta Labs president Petros Mouchtaris.
"We are honored to have been selected to develop a solution that meets the Army's tactical needs for autonomy, security, ease of use, adaptability, efficiency and robustness."
Perspecta Labs said that the solution it develops will utilize the company's novel machine learning paradigm, LUPI (Learning Using Privileged Information) to "create highly accurate cyber sensors in a heterogeneous environment."
These cyber-sensors are not only resilient to adversarial machine learning attacks but also can be dynamically retrained to take into account the large variations present in the tactical environment.
A spokesperson for Perspecta Labs said: "The solution's architecture harnesses these cyber sensors to detect diverse attacks and incorporates a cognitive agent for automatically generating courses of action for the cyber-defender."
A database containing what appears to be the data of thousands of UniCredit S.p.A employees is being advertised for sale on cybercrime forums.
The Italian global banking and financial services company has more than 8,500 branches in 17 countries and employs over 97,775 people. Data allegedly belonging to around 3,000 of those employees went on sale on the dark web on April 19.
Advertising the data for sale is a hacker located in Romania who claims to have compromised UniCredit's systems and exfiltrated the data. Information allegedly stolen by the hacker includes names, email addresses, phone numbers, and encrypted passwords.
Buyers can purchase the data for sale in units of rows. The cost of 150,000 rows of data is $10,000.
Telsey, a unit of Telecom Italia S.p.A, believes the hacker's claims of stealing data from UniCredit are genuine. The company said that the database was found available on at least two cybercrime- and hacking-related forums.
In a statement published on its website on April 20, Telsey wrote: “By the first technical details retrieved, the database appears to be genuine and the potential result of a SQL Injection attack. Alternatively, it could be the result of extensive compromise of the victim network with the dump of the database directly from one of the internal servers."
If Telsey's SQL attack theory is correct, then the hacker used a malicious code-insertion technique to access UniCredit's data. According to Telsey, the information being offered for sale appears to be UniCredit data dating from 2018–2019.
UniCredit said that it was investigating the matter, hinting that any possible data breach may have occurred via a third party.
“UniCredit became aware that its name has been mentioned in relation to an alleged case of data breach in Romania related to an HR recruiting platform provided and managed by a third party,” UniCredit told Bloomberg News.
“There is no evidence of any UniCredit systems' having been accessed.”
The alleged hack comes just six months after the Italian financial giant confirmed that the records of three million of its customers had been exposed in a catastrophic data breach. Information exposed in the breach included names, phone numbers, and email addresses of UniCredit customers.
A ransomware attack has thrown operations at New Jersey company Cognizant into disarray, compromising internal systems.
The IT services provider confirmed on April 18 that it had fallen victim to a ransomware attack perpetrated by the threat group Maze. Services to some of the company's clients have been affected by the incident.
Maze group has earned a reputation for exfiltrating data from its victims and publishing that data online should its targeted cash cow refuse to moo up the ransom payment.
In a statement published on its website last Saturday, Cognizant wrote: "Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.
"Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident."
Cognizant confirmed that "the appropriate law enforcement authorities" had been made aware of the incident.
On Sunday, April 19, the company posted an update to its cybersecurity incident notification statement, adding that it had been in contact with its customers to warn them of the dangers posed by the attack.
"We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature," wrote Cognizant.
Cognizant is a Fortune 500 company that provides on-premises and cloud-hosted IT services and IT consultancy services. Among Cognizant's clients are several high-value customers in the banking, healthcare, and manufacturing industries.
Commenting on the attack, Jonny Milliken, director of Security research & SOC at Cygliant, said size is no guarantee of safety when it comes to ransomware attacks.
“Threat actors are constantly probing businesses of all sizes for weaknesses," said Milliken. "Even organizations which measure revenue in the billions can fall prey to dedicated attackers—another cautionary tale for us all to be vigilant in our cyber defenses.”
Under the Breach has speculated that Maze purchased access to Cognizant's data from a hacker who was advertising the sale of access to a huge IT company's data for $200k. The ad was posted on April 11 and removed the day before the ransomware attack on Cognizant.
The volume of attacks on cloud services more than doubled in 2019, in line with the trend of organizations increasingly moving operations to the cloud, according to the 2020 Trustwave Global Security Report. Amongst a range of cybersecurity trends from 2019 that were highlighted, cloud services are now the third most targeted environment by cyber-criminals. In total, this amounts to 20% of investigated incidents, representing an increase of 7% from the previous year.
Corporate remains the most targeted environment at 54%, down by 2% on the previous year. This is followed by eCommerce at 22%, a reduction of 5% compared with 2018.
The report also showed that, for the first time, ransomware attacks overtook payment card data in the frequency of breach incidents, with success rates of ransomware, at 17%, slightly higher than the total percentage of incidents involving card-not-present and track data.
Another major finding in the study was that there was a substantial reduction in the amount of spam emails hitting organizations, at 28.3% in 2019 compared with 45.3% in 2018. This is due to several large spamming operations either reducing activities or completely eradicating them.
The report is comprised of information gained by Trustwave on a trillion logged security and compromise events, hundreds of hands-on data breach and forensic investigations, penetration tests and red teaming exercises, network vulnerability scans and internal research. It has highlighted how cyber-criminals are constantly evolving their tactics to target organizations and individuals.
“Our 2019 findings depict organizations under tremendous pressure contending with adversaries who are methodical in selecting their targets and masterful at finding new pathways into environments as the attack surface widens,” commented Arthur Wong, chief executive officer at Trustwave. “We continue to see the global threat landscape evolve through novel malware delivery, inventive social engineering and in the ways malicious behaviors are concealed. How fast threats are detected and eliminated is the top cybersecurity priority in every industry.”
Concerns regarding “solutions” to the current COVID-19 pandemic, including contact tracing apps, have been raised with some resolutions offered by global scientists and researchers.
In a joint statement on contact tracing signed by over 300 professors and academics from around the world, it was stated that “contact tracing is a well-understood tool to tackle epidemics, and has traditionally been done manually” but “manual contact tracing is time-consuming and is limited to people who can be identified.”
Whilst the academics acknowledged that contact tracing apps on a personal smartphones may improve the effectiveness of the manual contact tracing technique, and allow a person who has been infected to be notified, they argued that “we need to ensure that those implemented preserve the privacy of users, thus safeguarding against many other issues,” noting that such apps can otherwise be repurposed to enable unwarranted discrimination and surveillance.
The concerns center around where the GPS data is stored, as the academics said it was vital that “we do not create a tool that enables large scale data collection, either now or at a later time,” and apps “which allow reconstructing invasive information about the population should be rejected without further discussion.”
The use of a highly decentralized system, with no distinct entity that can learn anything about the social graph, was encouraged, particularly where matching between users who have the disease and those who do not is performed on the non-infected users’ phones as anonymously as possible, whilst information about non-infected users is not revealed at all.
The academics applauded efforts by Google and Apple to develop infrastructure to enable required Bluetooth operations in a privacy protective manner “as it simplifies — and thus speeds up — the ability to develop such apps.”
The statement follows an announcement by the European Parliament on April 17 to approve the creation of a decentralized approach. The European Commission recommended developing “a common EU approach for the use of such applications” and pointed that any use of “applications developed by national and EU authorities may not be obligatory and that the generated data are not to be stored in centralized databases, which are prone to potential risk of abuse and loss of trust and may endanger uptake throughout the Union.”
A group of European privacy experts proposed a decentralized system for Bluetooth-based COVID-19 contact tracing, named Decentralized Privacy-Preserving Proximity Tracing (DP-PPT), last week, while Italy and the UK have both detailed plans for contact tracing apps this month.
The academics claimed that there “are a number of proposals for contact tracing methods which respect users' privacy, many of which are being actively investigated for deployment by different countries,” and it urged all countries to rely only on systems that are subject to public scrutiny and that are privacy preserving by design (instead of there being an expectation that they will be managed by a trustworthy party).
Hackers are turning their attention to streaming services in an ongoing bid to capitalize on the current COVID-19 pandemic and increase their own profits, according to Mimecast.
The email security vendor revealed that it had detected the registration of over 700 suspicious domains designed to impersonate the Netflix brand in under a week. The recently launched Disney+ service is also coming under increasing scrutiny from black hats, it claimed.
The reason is simple: COVID-19-related government lockdowns have forced the population of many countries to stay indoors, with some companies furloughing or letting go workers. With parents, children and students all obliged to stay at home, streaming services have understandably soared in popularity.
Providers are said to have cut bandwidth usage to prevent service outages, while Disney claimed last week that paid subscriptions of its streaming service climbed past 50 million, almost double its February figure.
According to Carl Wearn, head of e-crime at Mimecast, hackers are doing what they usually do and following the money.
“The COVID-19 pandemic and its resulting lockdown has left people with a lot more time on their hands at home. One way that British people are filling this time is with streaming services. This binge-watching comes with security risks, as cyber-criminals look to take advantage of the uptick in television viewing,” he explained.
“We have seen a dramatic rise in suspicious domains impersonating a variety of streaming giants for nefarious purposes. These spoof websites often lure unsuspecting members of the public in with an offer of free subscriptions to steal valuable data. The data harvested includes names, addresses and other personal information, as well as stealing credit-card details for financial gain.”
Phishing campaigns like these are not limited to streaming services, of course. There has been an uptick in general COVID-19-themed attacks designed to trick users into clicking through.
Google claimed to be blocking 18 million malicious and phishing emails with coronavirus lures every day.
The UK’s National Cyber Security Centre (NCSC) this week launched a dedicated reporting service for members of the public to submit suspicious emails to.
Thousands of US businesses may have had personal information (PII) leaked online after a government agency error led to problems with applications for economic relief.
The Small Business Administration (SBA) admitted the error in a letter to affected companies widely reported in the US this week.
It claimed that a problem was discovered with the online portal used by businesses to apply for Economic Injury Disaster Loans (EIDLs). Unspecified “personal identifiable information” linked to 7900 businesses may have been disclosed to other applicants of the program.
This included Social Security numbers, income amounts, names, addresses and contact information, according to Politico.
“We immediately disabled the impacted portion of the website, addressed the issue, and relaunched” the portal, an SBA spokesperson told NPR in an emailed statement.
EIDLs predate the current coronavirus pandemic but have been ramped up with more federal funding to keep the nation’s small businesses afloat with grants of up to $10,000. They’re part of a massive $2tn stimulus package designed to help the country weather the current global health and economic crisis.
Another instrument used by Washington, the $349bn Paycheck Protection Program (PPP), is not thought to be affected.
However, the SBA has come in for criticism for technical glitches and administrative failings that have meant US businesses experiencing significant delays to their emergency government funding.
Jack Mannino, CEO at app security firm nVisium, argued that rigorous testing is essential before rolling out new services, even under strict time frames.
“The coronavirus pandemic has led to many public services scrambling to scale their systems and to build new functionality outside of their normal practices and methods,” he added. “It’s important to understand how these new services affect existing components and expose your users to new threats as you build secure development into your systems engineering.”
Speaking at the Genetec Connect’DX digital conference, Mathieu Chevalier, lead security architect and Laurent Villeneuve, product marketing manager, video surveillance, both at Genetec, discussed the biggest trends in cybersecurity in 2020, the nature of cyber-threats currently being faced by organizations and how companies can effectively mitigate the risks.
Whilst the speakers explored important trends such as advancing attack vectors and evolving regulatory frameworks, unsurprisingly, Chevvalier said that the biggest and most impactful security risks affecting organizations right now are the threats brought about by the current COVID-19 pandemic.
“The current pandemic situation requires everyone to adapt,” he explained. “Confinement means lots of people are working from home; organizations are doing their best to support that migration, but there is a double effect here whereby systems are more exposed than ever and attackers see the current situation as an opportunity.”
For example, Chevvalier added, the number of devices exposing RDPs to the internet has increased by 42% in the past month, whilst there was a 667% increase in targeted phishing attempts using the coronavirus as bait.
What’s more, state actors have also been exploiting COVID-19 to hurt geopolitical rivals and disrupt hospitals/healthcare organizations, he continued.
The deluge of problems being faced are therefore diverse, said Villeneuve, and mitigating them requires organizations to “set some solid bases” around risk management.
“The approach can be very similar to a standard conversation about physical security,” he argued. “Organizations need to assess the level of risk around their business and then work with their security vendors and consultants to figure out where to add layers of defense that make sense in their environment.”
Villeneuve advised starting with the basic calculation of: Risk = Probability × Impact.
Once the level of risk to an organization has been deduced, Chevvalier said that more advanced steps of risk mitigation can be addressed. “When it comes to risk mitigation, it’s useful to use a divide and conquer approach,” he advised, breaking this down into three main categories.
- Authentication: prevent unauthorized access by providing access only to known entities for whom identity can be verified
- Authorization: ensure your authorized users can see and do the right things
- Encryption: prevent unauthorized access and protect sensitive information in and out of your organization