Hi again, and hope you are all well.
In this week’s edition of GlobalSign’s security news round-up, you’ll find stories about the ongoing implications of COVID-19, especially continued attacks on the medical sector.
This post also features two specific articles about paying hackers – one story about a company that did, and another one that didn’t. You’ll have to read on to see how it panned out for them.
Other interesting headlines from this week include a decision by the UK’s Information Commissioner’s Office to defer GDPR-related fines British Airways and Marriott International were expected to pay – but now due to COVID-19 likely cannot – and also how the virus has raised concerns at the Council of Foreign Relations about the growing need for a patient-centric approach to the cybersecurity of healthcare technology systems.
Wash your hands, grab a cup of joe and let’s dive in. Stay healthy everyone!
Top Global Cybersecurity Stories
Wall Street Journal (April 9, 2020) WSJ Exclusive: Travelex Paid Hackers Multimillion-Dollar Ransom Before Hitting New Obstacles
"Travelex, known for its ubiquitous foreign-exchange kiosks in airports and tourist sites around the world, was shut down by a computer virus that infiltrated its networks early this year. It responded by paying the hackers the equivalent of $2.3 million, according to a person familiar with the transaction. Travelex’s payment of the ransom, and the amount, hasn’t previously been reported, though the company confirmed the ransomware attack shortly after it occurred.
Forking out ransoms to attackers has become a controversial tactic in the cybersecurity world. One major concern is that ransomware groups don’t always let victims recover data, especially if they are among the proliferating amateur cybercriminals who simply don’t know how to do that."
The Council on Foreign Relations (April 8, 2020) The Cybersecurity of Health
"In the midst of the coronavirus pandemic, nations and their citizens are poised to learn more about the strength and resilience of their health-care systems, not only in their ability to provide treatment for Covid-19, but also in their ability to manage and maintain the confidentiality, integrity, and availability of health technology systems.
These systems include electronic health records and medical devices. Existing diagnoses of national health-care system cyber resilience have indicated severe vulnerabilities and weak points. A recent unsuccessful cyberattack against The U.S. Department and Health and Human Services (HHS) highlights the need for a 'patient-centric' approach to health-care cybersecurity. This approach would emphasize the security of patient data, patient safety, and cooperation between physicians, patients, and their families in the management of treatments, data, and medical devices.
Nearly every patient in the United States has an electronic health record as a result of rules established by the Centers for Medicare and Medicaid Services. These records are intended to be managed in line with the Health Insurance Portability and Accountability Act (HIPAA). Based on records from the HHS’ Office for Civil Rights, in the last eleven years more than 2,500 breaches, each impacting 500 persons or more, resulted in the loss of more than 175.5 million patient records in the United States. Analysis of the breaches indicates that nearly 98 percent of all breaches occurred via networked devices and data repositories."
Bloomberg News (April 7, 2020) Fintech Company Survived Ransomware Attack Without Paying Ransom
"Hackers silently entered the computer network of London-based banking software maker Finastra in mid-March, as the company was focused on developing emergency plans for operating amid the emerging Covid-19 coronavirus pandemic. Moving with precision and speed, they captured employee passwords and installed backdoors in dozens of servers in critical parts of Finastra’s network.
Although hardly a household name, Finastra Group Holdings Ltd. is an essential part of the global financial system, its software and services running everything from banks’ websites to the back-office systems they use to manage their own money. Its more than 8,500 customers include 90 of the world’s 100 largest banks.
For three days, the attack went unnoticed. But the hackers’ activity on one of Finastra’s cloud servers set off a tripwire that alerted the company’s security team and triggered a destructive finale to the intrusion. On March 20, the hackers—apparently aware they were being hunted—began detonating a potent strain of ransomware called Ryuk."
Ars Technica (April 7, 2020) Firefox 75 overhauls the browser’s address bar
"Today, Mozilla rolled out Firefox 75, its latest update for the open source Web browser. The big change is a redesign of the address bar, which comes with some tweaks to how searches work when you're using it.
When you begin using the new search field, you'll notice that it looks a little different; it's larger, and it has a larger font to match.
The drop-down that appears when you click in the search bar will show you multiple options for where to search, like Google or Amazon. That same view will show additional keyword suggestions as you type, with the goal being exposing "additional popular keywords that you might not have thought of to narrow your search even further," according to the blog post announcing the redesign."
CPO Magazine (April 7, 2020) FBI Warns of Healthcare Sector Supply Chain Attacks involving ‘Kwampirs’ Malware
"The FBI has issued an alert over a persistent Kwampirs malware attack targeting the healthcare sector. The healthcare sector supply chain attacks deploy Kwampirs Remote Access Trojan (RAT) that exploits network vulnerabilities of the targeted organization. This is the third time the FBI is warning of the attack after the agency released similar warnings in January and February this year. FBI has been monitoring an advanced persistent threat actor using the Kwampirs RAT to exploit a global network since 2016. The FBI alert warns that Kwampirs malware has already gained access to a large number of global hospitals. Attacks involving the Kwampirs malware have intensified during the ongoing COVID-19 crisis.
The healthcare sector has become an easy target of the Kwampirs malware attacks due to the COVID-19 pandemic. At this moment, the health sector is rushing to expand telehealth services to cater to more patients. Similarly, many workers have been forced to work from home, hence increasing the Kwampirs malware attack landscape. Additionally, health organizations are more likely to pay to avoid loss of life caused by disruptions during the COVID-19 pandemic."
Other Industry News
INTERPOL: #COVID19-Fighting Hospitals Facing Ransomware Deluge
Developers that use mature DevOps and DevSecOps practices are happier
U.S., U.K. Issue Alert on Growing Use of Covid-themed Hacks
GDPR penalties deferred as Covid-19 takes hold
7 PSD2 questions every CISO should be prepared to answer
COVID-19: Potential cybersecurity calamity or digital transformation opportunity?
How Covid-19 is affecting the digital signature industry
3 Keys to Securing Converged IT/OT Environments
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.