Tag Archive for: vaccine

Vaccine scheduling site hit with ransomware. Cyberespionage hits Southeast Asian telcos. RATs in the wild. BlackMatter speaks?

/in


Attacks, Threats, and Vulnerabilities

Five Southeast Asian telcos hacked by three different Chinese espionage groups (The Record by Recorded Future) At least five major telecommunication providers from Southeast Asia have been hacked over the past years by different Chinese cyber-espionage groups.

Hackers Take Down Italian Vaccine-Booking Site (Wall Street Journal) A cyberattack took down an Italian region’s vaccine-scheduling website, highlighting hackers’ ability to topple Covid-19 infrastructure.

Hackers block Italian Covid-19 vaccination booking system in ‘most serious cyberattack ever’ (CNN) Hackers have attacked and blocked an Italian Covid-19 vaccination booking system, a source from Italy’s cybercrime police told CNN on Monday, marking the worst cyberattack the country’s health service has ever seen.

New sophisticated RAT in town: FatalRat analysis (AT&T Alien Labs) This blog was written by Ofer Caspi and Javi Ruiz.

Summary

AT&T Alien Labs™ has recently observed the presence of a new remote access trojan (RAT) malware in its threat analysis systems. The malware, known as FatalRAT, appears to be distributed via forums and Telegram channels, hidden in download links that attempt to lure the user via software or media articles.

Key takeaways:

AT&T Alien Labs performed a malware analysis of the FatalRAT threat.
We have observed a

Suspected Chinese hackers took advantage of Microsoft Exchange vulnerability to steal call records (CyberScoop) Hackers with ties to China took advantage of vulnerabilities in Microsoft Exchange for several months starting in late 2020 to steal call logs from a Southeast Asia telecommunication company, researchers at Cybereason report.ucting the same kinds of operations. The […]

An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and REvil (The Record by Recorded Future) A representative of the BlackMatter group talked to Recorded Future expert threat intelligence analyst Dmitry Smilyanets.

Inside a Ransomware Negotiation: This Is How ‘Asshole’ Russian Hackers Shake Down Companies (The Daily Beast) The Daily Beast obtained transcripts of a victim negotiating with a ransomware gang this…

Source…

Fake vaccine and test certificates pose threat to ‘Covid passport’ plans

/in


Covid passport schemes could “unravel” unless measures are taken to combat fake vaccine and counterfeit test certificates, experts have warned.

Cybersecurity experts at Check Point Research issued the warning today amid rising concerns over the volume of fake Covid credentials being sold on the dark web.

Between March and May, Check Point research revealed a 500% increase in the number of forged certificate vendors. This increase, researchers suggested, highlights a growing demand to evade inspections and circumvent rules.

New EU legislation coming into effect in July will provide free certificates in the form of a QR code on a smartphone, or as a paper document.

These new certificates will show that a person is either vaccinated, has immunity to the virus, or has recently received a negative PCR test result.

Similarly, UK travellers who have had both vaccine doses will be able to use the NHS App as a vaccine passport and are expected to be covered under the EU scheme as a third country.

Other nations, including France and Germany, are also exploring the launch of their own Covid passport schemes. However, Check Point researchers warned that without a unified global approach to verify certificates, “fragmented rules and ambiguity” will play into the hands of hackers and fraudsters.

“We urge governments to come together and act quickly to combat the increased sales of fake certificates on Telegram and the Darknet. Without a central system, it becomes much easier for hackers and fraudsters to fall through the cracks,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point Software.

According to Check Point, many customers could be people who have tested positive, refused to take a test or are unwilling to have the vaccine.

It could also be down to the exploitation of innocent users looking for information and guidance, some of whom are lured to fraudulent or suspicious domains in the belief that they are legitimate.

Travellers need to be wary of misspelled websites and only install verified apps from official sources, Vanunu explained.

Similarly, travellers should also be wary of QR codes as these can serve as a…

Source…

The Pfizer-BioNTech COVID vaccine is a top target of conspiracy theories

/in


The Pfizer-BioNTech coronavirus vaccine became a target of conspiracy theories and disinformation campaigns as soon as it was announced, reaching millions of people on sites like Twitter, Reddit and 4chan, according to a recent analysis from a cyber defense firm.

COVID-19 conspiracy narratives, like the false belief that the vaccine was delayed for political reasons, flourished on social networks in the fall and early winter, according to the New York tech security firm Blackbird. The firm created an algorithm to analyze posts in real-time by hunting for signals of what CEO Wasim Khaled calls “synthetic amplification,” which indicate activity by botnets and anti-vaccination influencers. 

These bogus notions about the vaccines, amplified by a relatively small number of fake accounts and real influencers, reached millions of people, Khaled said. 

bb-report-vaccine-disinformation.png
An algorithm discovered that COVID-19 conspiracies increased as the Pfizer vaccine was announced in 2020.

Blackbird AI


Botnets and inauthentic accounts — automated accounts not actively managed by humans — have behavioral signatures that are easy for AI to identify, but hard for social networks to eradicate. Companies like Facebook and Twitter use both machine-learning algorithms and human moderators to reduce the spread of conspiracies, but Khaled said botnets are effective because they’re inexpensive and easy to deploy.

“Bots and influencers work in tandem,” he explained. “We can’t prove if they collude behind the scenes, but social media data shows clearly that they influence each other by sharing the same links, repeating the same phrases, tagging the same accounts and jumping in on trending hashtags.” 

For example, some botnets reach real influencers by spamming conspiracy links to trending hashtags. Another common tactic is to generate fake trends by synchronizing hundreds of posts using similar anti-vaccine and pseudoscientific claims.

bb-report-user-example-1.png
Mainstream influencers can amplify COVID-19 vaccine misinformation and conspiracies.

Twitter

Source…

Hackers target ‘Indian vaccine makers SII, Bharat Biotech’

/in



NEW DELHI:

A Chinese state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the country’s immunisation campaign, cyber intelligence firm Cyfirma told Reuters.

Rivals China and India have both sold or gifted Covid-19 shots to many countries. India produces more than 60% of all vaccines sold in the world. 

Goldman Sachs-backed Cyfirma, based in Singapore and Tokyo, said Chinese hacking group APT10, also known as Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world’s largest vaccine maker. 

“The real motivation here is actually exfiltrating intellectual property and getting competitive advantage over Indian pharmaceutical companies,” said Cyfirma Chief Executive Kumar Ritesh, formerly a top cyber official with British foreign intelligence agency MI6. 

He said APT10 was actively targeting SII, which is making the AstraZeneca vaccine for many countries and will soon start bulk-manufacturing Novavax shots. 

“In the case of Serum Institute, they have found a number of their public servers running weak web servers, these are vulnerable web servers,” Ritesh said, referring to the hackers. 

“They have spoken about weak web application, they are also talking about weak content-management system. It’s quite alarming.” 

China’s foreign ministry did not reply to a request for comment. 

SII and Bharat Biotech declined to comment. The office of the director-general of the state-run Indian Computer Emergency Response Team (CERT) said the matter had been handed to its operations director, S.S. Sarma. 

Sarma told Reuters CERT was a “legal agency and we can’t confirm this thing to media”. 

Cyfirma said in a statement it had informed CERT authorities and that they had acknowledged the threat. 

“They checked and they came back,” Cyfirma said. “Our technical analysis and evaluation verified the threats and attacks.” 

The U.S. Department of Justice said here in 2018 that APT10 had acted in association with the Chinese Ministry of State…

Source…