Tag Archive for: Coronavirus

US Treasury Warns of Increasing Ransomware Campaigns Against Coronavirus Vaccine Research Institutions

/in


US Treasury Warns of Increasing Ransomware Campaigns Against Coronavirus Vaccine Research Institutions

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a warning that alerts financial institutions in the United States about increasing ransomware attacks against coronavirus vaccine research organizations.

US Treasury Warns of Ransomware Attacks, Phishing Schemes Targeting Covid-19 Vaccine Research Institutions

According to the alert, FinCEN says that fraud, ransomware attacks, and “similar types of criminal activity” target the distribution of Covid-19 vaccines, which could affect their supply chains if proper actions are not taken on time.

The alert reads as follow in regards to ransomware campaigns:

Cybercriminals, including ransomware operators, will continue to exploit the Covid-19 pandemic alongside legitimate efforts to develop, distribute, and administer vaccines. FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines.

Within the attacks, the bureau states that phishing schemes are on the rise by placing misinformation about Covid-19 vaccines as bait to catch victims. The alert provides a series of steps that institutions should follow to report such incidents to FinCEN.

The warning was published the same day that the U.S. Food and Drug Administration (FDA) issued two emergency authorizations for coronavirus vaccines.

Financial Companies That Facilitate Ransomware Payments Could Face Sanctions

But the ransomware campaigns’ incidents have another component that put extra weight on the financial institutions’ back. On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an advisory to highlight the sanctions risk associated with ransomware crypto payments.

In fact, the OFAC warns:

Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC…

Source…

Hackers try to penetrate the vital ‘cold chain’ for coronavirus vaccines, security team reports

/in


The hackers took measures to hide their tracks, and the cyber-sleuths did not name which state might be behind the campaign.

The IBM team said it was not known why the hackers were trying to penetrate the systems. It suggested the intruders might either want to steal information, glean details about technology or contracts, create confusion and distrust, or to disrupt the vaccine supply chains themselves.

The hackers likely sought “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy,” the IBM team said.

As there was “no clear path to a cash-out,” as there is a ransomware attack, it increased the likelihood of a state actor, though the IBM sleuths cautioned it was still possible that criminals could be looking for ways to illegally obtain “a hot black-market commodity,” such as an initially scarce vaccine.

The new generation of RNA vaccines, such as the Pfizer product approved for emergency use by Britain on Wednesday, require sub-Antarctic temperatures for storage and transport. But even more traditional vaccines, such as the candidate being tested by Oxford University and its partner AstraZeneca, must be kept refrigerated.

The hackers targeted organizations linked to Gavi, a public-private vaccine alliance that seeks to supply vaccines to poor countries. The alliance works closely with the World Health Organization, donor countries, the global pharmaceutical industry and the Bill and Melinda Gates Foundation.

The cybersecurity agency encouraged all organizations in involved in the Trump administration’s Operation Warp Speed to be especially alert to challenges to their cold chain systems.

In a blog post, which was distributed to cybersecurity agencies, IBM said an intruder impersonated a business executive at Haier Biomedical, a legitimate Chinese company active in vaccine supply chain, which specializes in refrigeration of medical products. The impersonator sent emails to “executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain.”

It’s unclear if any of the phishing attempts were successful.

In her post, Claire Zaboeva,…

Source…

Coronavirus Vaccine Makers Targeted By North Korean Hackers Who Wanted To Steal Information

/in


KEY POINTS

  • Kimsuky hacker group targeted at least six drugmakers
  • The cyberattacks targeted companies developing COVID-19 treatment
  • Russian and North Korean hackers attacked AstraZeneca in November

A group of North Korean hackers has targeted half a dozen pharmaceutical companies in the United States, United Kingdom and South Korea in a coordinated cyberattack. 

Kimsuky, a notorious hacker group, targeted drugmakers working on potential coronavirus vaccines and treatments as part of an effort to steal sensitive information that could be sold or weaponized by the North Korean regime. 

Authorities said any stolen information could be used to extort victims or give foreign governments a strategic advantage. 

Since August, the hackers have worked to infiltrate U.S. companies Johnson & Johnson and Novavax Inc. The hackers also launched coordinated cyberattacks on South Korean companies Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc., sources told the Wall Street Journal.

Both American drugmakers are working on experimental vaccines for the novel coronavirus, while the three South Korean pharmaceutical companies are holding early clinical trials of their COVID-19 drugs. 

The “Kimsuky” hackers create e-mail accounts that enable them to pose as colleagues or friends. The messages contain malicious attachments that , when clicked on, would allow hackers to penetrate the targets’ computer systems. 

It is unclear whether the hackers have stolen crucial information from any of their target companies. 

The latest hacking attempt came a week after Kimsuky attempted to break into the systems of British biopharmaceutical company AstraZeneca, two people familiar with the incident told Reuters

The hackers reportedly posed as recruiters on LinkedIn and WhatsApp, where they found and approached AstraZeneca employees with fake job offers. They then sent a document containing “more information about the job.” It was later discovered that the files had malicious codes designed to grant the hackers access to their target’s computers. 

The “Kimsuky” hackers targeted multiple employees, including people who were working on crucial coronavirus research. However, the…

Source…

Coalition Against Stalkerware’s One Year Anniversary Recognizes Milestones, New Members and Celebrates UN’s International Day for the Elimination of Violence Against Women | Coronavirus

/in


WOBURN, Mass.–(BUSINESS WIRE)–Nov 25, 2020–

Today, the UN’s International Day for the Elimination of Violence Against Women also coincides closely with the Coalition Against Stalkerware’s one year anniversary. In its first year, the Coalition has more than doubled its membership, expanding both in geography and expertise in its partners including domestic violence advocacy and direct service organizations, IT security vendors, mobile security companies, privacy solutions providers, an association of technology journalists, and organizations focused on cyber safety.

For some years, the problem of stalkerware has been on the rise. Non-profit organizations are experiencing a growing number of survivors seeking help with the problem, and cybersecurity companies are detecting a consistent increase in these harmful applications. Launched in November 2019, the Coalition Against Stalkerware became an important organization dedicated to protecting consumers from abuse, stalking and harassment via commercially-available surveillance software.

Stalkerware programs enable an abuser to intrude into a person’s private life and can be used as a tool for abuse in cases of domestic violence and stalking. By installing these applications on a person’s device, abusers can get access to their victim’s messages, photos, social media, geolocation, audio or camera recordings (in some cases, this can be done in real-time). Such programs run hidden in the background, without a victim’s knowledge or consent.

Data from member organizations has shown a sharp rise in stalkerware apps in recent years.

  • In 2019, Kaspersky detected a 67% year-on-year increase of stalkerware usage on its users’ mobile devices at a global level. The number of stalkerware installations worldwide during the first 10 months of 2020 (from January to October) totaled more than 48,500, which is close to the total (almost 52,000 installations) observed over the same period in 2019.
  • According to Malwarebytes, while these apps have always presented a significant threat to users, the shelter-in-place orders that began taking effect in March 2020 resulted in a dramatic uptick in usage….

Source…