State-sponsored hackers have been targeting UK universities with greater frequency of late in a bid to steal research on developing COVID-19 vaccines, according to a government security agency.
It is thought that Russia, Iran and possibly China have all been probing institutions like Oxford University, which started human clinical trials on a vaccine this week, and scientific facilities.
Although there have reportedly been no successful attacks to date, there’s plenty of opportunity, with dozens of UK organizations working on treatments and tests for the coronavirus.
“Any attack against efforts to combat the coronavirus crisis is utterly reprehensible. We have seen an increased proportion of cyber-attacks related to coronavirus and our experts work around the clock to help organizations targeted,” a spokesperson from the National Cyber Security Centre (NCSC) told the Guardian.
“However, the overall level of cyber-attacks from both criminals and states against the UK has remained stable during the pandemic.”
It is hoped that if the vaccine is successful, the Oxford University researchers will team up with Cambridge-based drug firm AstraZeneca to manufacture and distribute it.
This isn’t the first time the alarm has been sounded over cyber-threats to the UK’s university sector, although the stakes have raised significantly given the current crisis.
The NCSC was forced to issue a report last September highlighting the threat to higher education from both state-sponsored attackers and cyber-criminals.
At the time, the GCHQ body urged universities to improve user security awareness, tighten access controls and revisit network architecture to segment high-value data.
“While it is highly likely that cybercrime will present the most evident difficulties for universities, state-sponsored espionage will likely cause greater long-term damage. This is particularly true for those universities which prize innovation and research partnerships. This damage will extend to the UK’s larger national interest and to those researchers whose work may give others the chance to 'publish first'” the report argued.
New research from IT management and security company Ivanti has revealed that vendor management and contract negotiations are particularly time-consuming endeavors for IT professionals who are struggling with un-unified IT processes.
The firm surveyed more than 1300 IT pros, discovering that 50% work with 11 or more different vendors and 48% can spend weeks, or months, renegotiating vendor contracts each year, with Ivanti noting the greater the number of vendors to manage, the greater the contract negotiation time for IT pros.
What’s more, operations reports are also proving to be time consuming for IT pros. Only 20% spend minutes producing IT operations reports while 52% spend hours, 22% spend days and 6% spend weeks.
These findings highlight the need for more unified IT strategies across businesses, Ivanti claimed.
The majority of respondents agreed that the benefits of more unified IT are compelling, citing the following:
- Consistent data across systems and IT departments: 70%
- Improved user experience: 61%
- Ease of use: 60%
- Consistent and aligned processes across IT departments: 59%
- Cost savings: 58%
The survey also suggested that unified IT strategies will be adopted by respondents as they demonstrate value in helping IT meet priorities and initiatives, including improved patching and security, cutting down time to resolve incidents and improved IT reporting.
“Conflicting initiatives are competing for IT budgets and complicating visibility and reporting processes. This is making it challenging to achieve IT unification,” said Duane Newman, vice-president, product management at Ivanti.
“Compounding the situation is the time IT organizations spend on vendor and contract management. However, by taking a unified approach to the priorities of security, issue resolution and reporting, IT organizations will likely find that they are better able to achieve their highest priorities without added cost or effort.”
Fraudsters are attempting to sell fake vaccines allegedly manufactured using the blood of patients who have recovered from COVID-19.
The nonsense vaccines were among a crock of utter dog wings spotted for sale on the dark web by researchers from the Australian National University's Cybercrime Observatory. Researchers were trawling dark net markets for coronavirus-related medical products and supplies for a report released April 30 by the Australian Institute of Criminology.
A survey of 20 underground markets turned up 645 listings of 222 items from 110 unique vendors across 12 sites. The total estimated value of all the items was $369,000.
While scientists around the world strive to create a proven vaccine for COVID-19, the dark net claims to have plenty available. Of the 645 items found by researchers, 6% were products falsely claiming to be effective vaccines against the deadly virus.
"COVID-19 cure vaccine. Keep quiet on this," read one such listing, while another announced "COVID-19 antidote is here from China."
Any victims tricked into buying one of these fake vaccines would have paid on average $AUS575 for their purchase. However, one vaccine, purportedly sourced from China, where the first animal-to-human transmission of COVID-19 took place, was on sale for between $US10K and $15K.
Researchers warned that the dangers of fake vaccines go beyond individual victims' being ripped off financially.
"First, fake vaccines could worsen the spread of the virus because users may behave as if immune but nevertheless become infected. Second, the premature release of vaccines undergoing animal or human trials would also misguide users as to their immunity, but may also impact the success of these crucial clinical trials."
Nearly half of all unique listings and a third of the total listings were composed of personal protective equipment (PPE), such as masks, gowns, sanitizers, and gloves. One listing offered 10,000 "good quality lab tested face mask for corona" for the sum of $17,952.
Most vendors claimed to be shipping from the United States.
Happily, researchers came across one dark net marketplace where the sale of COVID-related products has been banned for ethical reasons. On the site was posted the message: "You do not, under any circumstances, use COVID-19 as a marketing tool. No magical cures, no silly f***ing mask selling, toilet paper selling. None of that bullsh*t. We have class here."
Police in the Northern Irish capital city of Belfast have issued a warning over a recent rise in cybercrime.
A senior police officer said businesses had experienced a "surge" in cyber-attacks since the outbreak of the novel coronavirus. Many of the attacks are scams concocted by fraudsters seeking to exploit the health pandemic.
Police Service of Northern Ireland (PSNI) assistant chief constable Alan Todd advised businesses to ensure their IT security systems are fully up to date. He also urged businesses to be extra wary of any unusual communications.
“It is very clear that from a strategic level through the National Crime Agency, through the global level, there is a real surge in attempts, at all levels, from individual members of the public right through to business ransomware," said Todd, addressing an online seminar of Northern Irish business leaders organized by the Institute of Directors.
“All of the usual methods of attack have been ramped up at this time, and therefore the risk arising out of this for businesses and indeed householders is higher than it was."
Todd said that the tragic growth in cybercrime related to the outbreak of COVID-19 was expected.
“It was predicted before the start of this, and we are certainly seeing evidence of that.”
According to the officer in charge of the police force's coronavirus response, much of the fresh wave of cybercrime is low-level in terms of impact but could target a high volume of victims. He added that unfamiliarity with new resources, such as grants given to businesses struggling to stay afloat since lockdown measures were imposed, made employees more vulnerable to cyber-threats.
Addressing the seminar, the officer said: “Your staff may be involved in transactions and conversations around schemes that they have no familiarity with. Of course, when you put staff into that position the potential for that to be exploited by fraudsters and others in the cybercrime world is even higher.”
While lockdown measures remain in place in Northern Ireland to slow the spread of COVID-19, Todd said that officers had increased patrols in areas where business premises were closed in a bid to keep crime at bay.
Personal details of 774,000 individuals in Australia's migration system have been exposed in a data breach.
The data was made publicly available via the Home Affairs Department's SkillsSelect platform, which invites skilled workers and entrepreneurs to express interest in moving Down Under.
Partial names, ADUserIDs, and the outcome of applications made by people wishing to migrate to Australia were discovered online by Guardian Australia via a publicly available app hosted on the employment department's domain. Other information uncovered by the newspaper included the age, country of birth, and marital status of applicants.
In total, the breach revealed 774,326 unique user IDs and 189,426 completed expressions of interest, dating back to 2014. By applying filters, the Guardian was able to narrow down an expression of interest to a single entry, then discover other details relating to that particular applicant.
News of the breach comes as the Australian government is asking people to voluntarily adopt a new contact-tracing app, CovidSafe, to slow the spread of the novel coronavirus. A cybersecurity failure in one government app could make Australians reticent to input their personal information into another.
Australian Privacy Foundation board member Monique Mann told Guardian Australia the breach was “very serious . . . especially at a time where the Australian government is expecting trust.”
Mann described the Australian government as having a "consistently poor track record that shows that we cannot trust them with our personal information,” and went on to call the unnecessary exposure of migrant data "absolutely ludicrous."
Privacy academic, cryptographer, and chief executive of Thinking Cybersecurity Vanessa Teague said she thought that the public availability of ADUserIDs on the SkillsSelect platform “looks like a stuff-up.”
When Guardian Australia contacted the Home Affairs Department and the Employment Department in relation to the data breach, the SkillsSelect platform was taken offline and is now "currently undergoing maintenance."
Mann expressed concern that the data breach had not been identified by the Home Affairs Department.
She said: “What processes of auditing and oversight are occurring within department of home affairs? This department is responsible for policing, border protection and intelligence. You would expect a greater level of information security than this.”
President Trump has declared another national emergency: this time over the threat of foreign adversaries launching crippling cyber-attacks against the US power grid.
A new executive order issued on Friday noted that attacks on “bulk power” equipment could have a devastating impact on national defense, emergency services, critical infrastructure and the economy.
It has therefore prohibited the ongoing acquisition and installation of any equipment “in which any foreign country or a national thereof has any interest.
“The unrestricted acquisition or use in the United States of bulk-power system electric equipment designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in bulk-power system electric equipment, with potentially catastrophic effects,” it read.
The order also empowers the energy secretary to find existing systems which have been bought in from abroad and are exposed to cyber-sabotage, and “develop recommendations on ways to identify, isolate, monitor, or replace such items as soon as practicable, taking into consideration overall risk to the bulk-power system.”
A new Task Force on Federal Energy Infrastructure Procurement Policies Related to National Security will include secretaries of defense, commerce, homeland security, the interior and directors of national intelligence and the Office of Management and Budget. It will be set up to develop new procurement policies and make additional recommendations.
Although not named directly, the order is likely to be aimed at Russia and China. Kremlin-backed hackers, such as the Dragonfly and Energetic Bear APT groups, have been probing US energy infrastructure for years, prompting occasional alerts from the intelligence agencies.
An annual Worldwide Threat Assessment report published by the US Senate Intelligence Committee last year warned that the US electric grid could suffer the same fate as Ukrainian energy companies in 2015 and 2016, when Russian attacks left many without power.
“Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage,” it warned.
Asian e-commerce giant Tokopedia is investigating a potentially major data breach after researchers revealed that 91 million user records are up for sale on the dark web.
Breach monitoring service Under the Breach posted screenshots over the weekend that revealed a malicious actor selling records of 15 million users apparently stemming from a March 2020 incident.
According to the post, the database contained emails, password hashes, names and “much more things.” The user said they acquired a copy of the data dump but that crucially it didn’t include the salt needed to crack the hashes.
Unfortunately, the same actor was subsequently found to be selling a much larger data trove containing a purported 91 million records for just $5000. There appears to have been at least two buyers over the weekend.
“This is really bad, make sure you change your passwords for other services in case you are re-using passwords,” advised Under the Breach.
According to reports, Tokopedia is investigating the incident and reiterated in the meantime that passwords are safe.
Backed by the SoftBank Vision Fund and Chinese web giant Alibaba, the Indonesian e-commerce player is said to be looking to raise $1bn or more in pre-IPO funding ahead of plans to go public in the next three years.
The firm claims to have over 90 million monthly active users and more than seven million merchants signed-up to its Amazon-like platform.
“We have detected an attempt to steal data belonging to Tokopedia users. However, we have made sure that our users’ personal information, such as passwords, remain protected,” the company said in a statement to local media.
“Although passwords and other crucial user data remain encrypted, we still encourage Tokopedia users to change their passwords periodically to ensure their safety and security.”
The UK’s National Cyber Security Centre (NCSC) has updated some of the terminology on its website in a bid to “stamp out racism” in the industry.
The GCHQ body’s head of advice and guidance, Emma W, revealed in a blog post that the decision was made after being contacted by a customer, who was concerned over the continued use of the words “blacklist” and “whitelist.”
The terms are commonly used in cybersecurity to denote elements such as applications, passwords or domain names that are either allowed (whitelist) or blocked (blacklist).
“However, there's an issue with the terminology. It only makes sense if you equate white with ‘good, permitted, safe’ and black with ‘bad, dangerous, forbidden’. There are some obvious problems with this,” she explained.
“So in the name of helping to stamp out racism in cybersecurity, we will avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world — but to borrow a slogan from elsewhere: every little helps.”
The NCSC is now using “allow list” and “deny list” on its website, and says the new terminology is also clearer and less ambiguous for readers.
“You may not see why this matters. If you're not adversely affected by racial stereotyping yourself, then please count yourself lucky. For some of your colleagues (and potential future colleagues), this really is a change worth making,” concluded Emma W.
“Finally, a word from the NCSC’s technical director Ian Levy (supported by the full NCSC management board): ‘If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother.’”
A white supremacist from Florida who felt threatened by an African American man announcing his candidacy for city council has pleaded guilty to cyber-stalking and interfering with an election.
Daniel McMahon admitted to using social media platform Gab to threaten a man identified in court as D.G. after learning in January 2019 that D.G. planned to announce his candidacy for Charlottesville City Council in Virginia.
Hiding behind fake online pseudonyms “Jack Corbin,” “Pale Horse,” “Restore Silent Sam,” and “Dakota Stone,” cowardly McMahon posted on Gab his support for violent attacks conducted against people whose skin color differs from his own. He also posted tired old racist stereotypes and slurs in an unoriginal effort to intimidate D.G.
McMahon pleaded guilty yesterday in federal court in the Western District of Virginia to one count of threatening a council candidate because of his race and the fact that he was running for office.
The 31-year-old also admitted using Facebook Messenger to cyber-stalk a female political activist described in court documents as victim 2. Classless act McMahon threatened to sexually assault her daughter—a minor with autism—because victim 2 had taken action to counter white nationalist rallies in her community.
The defendant admitted that over a 12-day period he sent victim 2 a stream of messages in which he threatened her and her daughter and tried to extort information from victim 2 regarding other activists.
In a revealing glimpse into his squalid character, McMahon admitted around the same time that he sent these messages, he used the internet to search for content relating to sexual contact with girls who have autism.
McMahon will be sentenced on July 23, 2020. He faces a maximum sentence of one year in prison for threatening D.G. and five years in prison for cyber-stalking Victim 2.
“Although the First Amendment protects, without qualification, an individual’s right to hold and express abhorrent political views, it does not license threats of violence,” said US Attorney Thomas T. Cullen for the Western District of Virginia.
“The Department of Justice is committed to investigating and prosecuting those who weaponize social media to harm others.”
The finding emerged from the recent COVID-19 Study in which more than 3,700 IT audit, governance, and cybersecurity professionals from 123 countries were questioned about the impact of the global health crisis on their organizations and their own jobs.
Only 51 percent of technology professionals and leaders surveyed said they were "highly confident" that their cybersecurity teams were ready to detect and respond to the surge in cybersecurity attacks that has accompanied the spread of the novel coronavirus.
Just 41 percent said that their cybersecurity teams had the necessary tools and resources at home to perform their jobs effectively.
The survey, which was conducted in mid-April, found that the rapid mass transition to remote working triggered by lockdown measures imposed to slow the spread of COVID-19 has made businesses more vulnerable to cybersecurity threats.
While 80 percent of organizations shared cyber-risk best practices for working at home as shelter-in-place orders began, 87 percent of respondents said the rapid transition to remote work had increased data protection and privacy risk.
This presents a problem, as 58 percent of respondents say threat actors are taking advantage of the pandemic to disrupt organizations, and 92 percent say cyber-attacks on individuals are increasing.
“Organizations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that can leave them vulnerable to threats,” said ISACA CEO David Samuelson.
“A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education. ISACA professionals have an especially critical role to play in protecting their enterprises, customers and stakeholders during this pandemic.”
Questioned over the security of their jobs, 10 percent of respondents feared that they may be fired as a result of the health pandemic, and 1 percent of respondents had been furloughed.
On a positive note, the majority of respondents predicted normal business operations to resume by Q3 2020.
Independent IT and business consulting services firm CGI has been awarded a lucrative contract by the United States government to improve cybersecurity at more than 75 federal agencies.
CGI announced yesterday that it had won a six-year contract to provide cybersecurity consulting services under the US Department of Homeland Security's (DHS) Continuous Diagnostics and Mitigation (CDM) Program for CDM's Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Group F federal agencies.
The contract, worth $267m, was awarded via the US General Services Administration's Alliant 2 government-wide acquisition contract through an acquisition conducted by GSA FEDSIM.
Under the terms of the contract, CGI will create a shared services platform for the DHS's Cybersecurity and Infrastructure Security Agency (CISA) to deliver CDM cybersecurity capabilities to more than 75 non–Chief Financial Officer (CFO) Act agencies.
CGI will also provide a shared services catalog (SSC) of services and capabilities and meet CDM program goals. The SSC will be designed to grow and evolve with the ever-changing threat and technology landscape. This vital resource will enable CGI to develop innovative solutions that focus primarily on cloud native and hosted service solutions.
With 78,000 consultants and other professionals scattered across the globe, CGI Inc. has grown into one of the largest independent IT and business consulting services firms in the world. The business, founded in 1976, reported revenue of C$12.1bn in fiscal year 2019.
"CGI has played a strategic role and been a trusted partner to CISA, for the past four years, though our work on Credential Management and DEFEND Group C," said CGI senior vice president Stephanie Mango.
"In partnership with CISA we have worked across many agencies to identify and address cybersecurity challenges. We look forward to continuing our support of this critical cross-agency initiative and leveraging our wealth of cybersecurity and shared services expertise to help DHS achieve its ultimate objectives."
CGI began working with the CDM program in 2016 after being awarded a contract for identity management services through the Credential Management Task Order, providing design and implementation services to 26 federal agencies.
An online cyber-school has been launched today by the UK government to help develop a new generation of cybersecurity professionals. The free virtual program provides teenagers with the opportunity to learn vital cybersecurity skills at home as schools remain closed due to the COVID-19 lockdown.
Enrolled students will progress through a game play scenario as a cyber-agent, learning how to crack codes, fix security flaws and dissect criminals’ digital trails in the process. There will also be free weekly webinars run by cybersecurity experts covering areas such as digital forensics, cryptography and operating systems.
It is hoped the initiative will provide youngsters with useful skills for future employment as well as encourage interest in pursuing a career in the cybersecurity sector, which is set to become even more vital as the world becomes increasingly digitalized.
UK digital infrastructure minister Matt Warman said: “This new initiative will give teenagers something fun and educational to do from home and provide them with a glimpse into the life of a cybersecurity professional. We have a world-leading cyber-sector which plays a crucial role protecting the country and our digital economy, so it is absolutely vital we continue to inspire the next generation of tech talent to help maintain the UK’s strong position.”
Other steps to enable children to learn these types of skills virtually are also being taken. This includes making the National Cyber Security Centre’s (NCSC) CyberFirst summer courses online this year. Also, this week the National Crime Agency (NCA) and Cyber Security Challenge UK will announce that teenagers can access the online cyber-skills platform CyberLand for free during the coming months.
“Technology is helping us all cope with the coronavirus crisis and is playing an essential role in keeping our businesses moving and our society connected,” added NCSC chief executive officer, Ciaran Martin. “It has never been more important for our young people to keep engaged and learn how to protect our digital world, and I’m delighted to see our instructor-led CyberFirst summer courses made available online.”
The average sum paid by enterprises to ransomware attackers surged by 33% quarter-on-quarter in the first three months of the year, as victim organizations struggled to mitigate remote working threats, according to Coveware.
The security vendor analyzed ransomware cases handled by its own incident response team during the period to compile its latest findings.
It revealed the average enterprise ransomware payment rose to over $111,000 in the quarter, although the median remained at around $44,000, reflecting the fact that most demands from online attackers are more modest.
Sodinokibi (27%), Ryuk (20%) and Phobos (8%) remained the top three most common variants in Q1 2020, although prevalence of Mamba ransomware, which features a boot-locker program and full disk encryption via commercial software, increased significantly.
Poorly secured RDP endpoints continued to be the number one vector for attacks, more popular than phishing emails or exploitation of software vulnerabilities.
“RDP credentials to an enterprise IP address can be purchased for as little as $20 on dark marketplaces. Combined with cheap ransomware kits, the costs to carry out attacks on machines with open RDP were too economically lucrative for criminals to resist,” said Coveware.
“Until the economics of carrying out ransomware balance (by either bringing the monetization success rates down or by making attacks prohibitively expensive) ransomware and cyber extortion will continue to gain prevalence.”
Interestingly, only 8.7% of cases investigated by the vendor involved data exfiltration, although it became much more popular during the quarter. Maze, Sodinokibi, DopplePaymer, Mespinoza, Netwalker, CLoP, and Nephilim were all highlighted as likely to steal data.
Coveware also pointed out that, although the trend of “big game hunting” has been widely publicized, ransomware is more likely to affect smaller firms. The average number of employees in ransomware victims was 625 in Q1, with the median a much smaller 62.
On average, victim organizations suffered 15 days of downtime.
Security researchers have warned of a new Android-based banking Trojan that works across 200 financial applications popular in Europe and the US.
First discovered in March, the EventBot malware abuses Android’s accessibility features to steal financial data, bypass two-factor authentication and read and steal SMS messages.
Among the banking and cryptocurrency exchange apps targeted by EventBot are Paypal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase and paysafecard.
This represents a serious risk to organizations, according to Cybereason Nocturnus.
“Once this malware has successfully installed, it will collect personal data, passwords, keystrokes, banking information and more. This information can give the attacker access to personal and business bank accounts, personal and business data, and more,” the firm explained.
“Letting an attacker get access to this kind of data can have severe consequences; 60% of devices containing or accessing enterprise data are mobile. Giving an attacker access to a mobile device can have severe business consequences, especially if the end user is using their mobile device to discuss sensitive business topics or access enterprise financial information. This can result in brand degradation, loss of individual reputation, or loss of consumer trust.”
Although it’s unclear who’s behind the malware, IT security teams have been urged to keep an eye on EventBot as it continues to evolve rapidly.
“This malware appears to be newly developed with code that differs significantly from previously known Android malware,” said Cybereason. “EventBot is under active development and is evolving rapidly; new versions are released every few days with improvements and new capabilities.”
Businesses are advised to ensure employee devices are up-to-date, with Google Play Protect and third-party AV installed/switched on, and that users are prevented from downloading apps from unofficial stores.
Users should also think twice about granting requested permissions from apps, and if unsure about an application, should check the APK signature and hash in sources like VirusTotal before installing it, Cybereason said.
New data from Absolute has revealed the extent to which heavy device usage has grown across enterprise and education due to the COVID-19 pandemic, whilst also highlighting the rise in security violations and risks as a result.
According to Absolute, heavy device usage is up 49% (enterprise) and 62% (education) compared to pre-COVID-19 levels, despite gaps in device security and an alarming number of Windows 10 devices not being patched.
In fact, the average Windows 10 enterprise device was 90 days behind patching, according to Absolute’s Remote Work and Distance Learning Insights Center, with nearly three in four Windows 10 devices having versions more than a year old. What’s more, one in four enterprise endpoint devices were found to have critical security applications (anti-malware, encryption, VPN or client management) missing, inactive or out-of-date.
Christy Wyatt, president and CEO of Absolute, said: “COVID-19 marks the beginning of a new era where we believe the nature of work will be forever changed.
“As this crisis took hold, we saw our customers mobilize quickly to get devices into the hands of students and employees and navigate the challenges of standing up remote work and distance learning programs. What has become resoundingly clear is there has never been a more critical time for having undeletable endpoint resilience.”
Newspaper Le Figaro has become the latest big name humbled by a human error-based data leak, after a cloud server was found to have exposed 7.4 billion records including readers’ personal information.
Researchers at Security Detectives led by Anurag Sen found the 8TB Elasticsearch database, hosted by a firm called Dedibox, wide open with no password protection.
Although the database belonged to Le Figaro, the server on which it was hosted was owned by Poney Telecom, which the researchers claimed “has a reputation for shady, unethical hosting practices and security issues, and is notorious for many online attacks that seem to originate from within its network of servers.”
The database contained API logs for the past three months, although it was built in March 2019. These logs contained records of new subscribers and previously subscribed users logging in during the period.
Exposed PII data included full names, emails, home addresses, countries of residence and post codes, IP addresses, server access tokens and passwords for new users both in cleartext and hashed with the unreliable MD5 algorithm.
This could provide hackers with a trove of information to launch follow-on phishing or identity fraud attempts. Users’ emails and passwords could also be used in credential stuffing attacks to access other online accounts.
An unspecified number of emails and names of reporters and employees were apparently also exposed in the privacy snafu
Security Detectives estimates at least 42,000 new users were affected by the leak.
The data trove may also have exposed the newspaper to further attacks, according to the researchers.
“The exposed database was an excellent asset for anyone trying to attack Le Figaro’s backend systems,” they said. “It could be leveraged in further cyber-attacks against the company, or to expose other flaws in their system, which could put both the company and its users at risk.”
The CTO of Fairfax County Public Schools has resigned after the district's repeated failure to successfully roll out remote learning during the COVID-19–related school closures.
Fairfax County has twice attempted unsuccessfully to implement a distance learning app that would allow its nearly 200,000 students to access education remotely.
In the midst of the debacle, Maribeth Luftglass, who has served as assistant superintendent of information technology for the district since 1999, tendered her resignation.
Lucy Caldwell, a spokesperson for the school district, said that Fairfax County plans to name an interim chief technology officer soon and is currently searching nationwide for a permanent replacement.
The district began offering remote instruction in partnership with technology platform Blackboard four weeks after shuttering schools on March 13. Almost immediately, students and parents complained of being unable to log on and of experiencing technical glitches, including poor audio and frozen video.
Those who were able to access the system during its April 14 debut encountered inappropriate conduct from students, such as the posting of anonymous hateful messages in chat groups.
According to the Washington Post, Fairfax canceled school for the rest of the week, and school employees bemoaned the district's inadequate preparation for privacy protocol and technology updates.
While students waited for a system that works, Blackboard and district officials have reportedly bickered over who is to blame for the inadequacy of Fairfax County's distance learning solution.
According to Education Week, Blackboard Chief Product Officer Tim Tomlinson said during a recent school board meeting that Fairfax officials had neglected to implement necessary features and updates, while Luftglass said the company hadn't informed her team of those requirements.
After two failed attempts to offer online learning, the district has now parted ways with Blackboard and temporarily canceled face-to-face virtual instruction.
Caldwell said: “We have now moved on and are offering other options for teachers and students to connect.”
The inability of one of the largest and richest school systems in America to provide online learning to its students has prompted the formation of an advisory panel of external technology experts.
The district announced last week that it has retained a law firm to conduct an independent review of the flopped rollout.
Cyber-threats related to the widespread outbreak of COVID-19 chiefly strike during the working week, according to new research.
Daily threat reports studied by researchers at cybersecurity firm Bitdefender covering March and April 2020 indicate cyber-criminals ease off from launching attacks themed around the novel coronavirus on weekends.
"During the working week, there seem to be more reports, while during the weekend, especially during Saturdays, reports seem to go down," wrote researchers.
The team at Bitdefender has theorized that cyber-criminals are timing their attacks to avoid moments at which victims are most likely to be away from their computers.
Researchers wrote: "Perhaps this shows that people spend more time online during the week and choose to spend more time with the family during the weekend."
Analysis of coronavirus threat reports revealed a spike in attacks on March 18 and 19, when 14,350 and 10,516 threats were recorded, respectively.
Researchers also noted a correlation between where threats were hitting and the spread of the deadly virus.
"A heatmap revealing the global evolution of Coronavirus-themed reports during the entire month of March alone also reveals there’s an overlap between countries affected by the Coronavirus and those targeted by Coronavirus-themed malware," wrote researchers.
Countries that have reported the largest number of coronavirus-themed reports appear to be those hit hardest by the pandemic. In March the countries reporting the highest number of threats were the US, Italy, the UK, and Spain. In April, cyber-attackers were striking mostly at the US, South Africa, Italy, and Canada.
Researchers wrote: "Zooming in to look at individual reports during March and April for Europe, an interesting picture emerges. With Europe in full crisis and the pandemic ripping through countries like Italy and the United Kingdom, threat actors focused their campaigns on these geographies as users were more likely to fall prey to deceptive messages."
Similarly, in the US, attackers targeted areas with the highest numbers of confirmed cases of the virus in March and April.
"Based on Bitdefender telemetry during March and April regarding Coronavirus-themed threats, the top affected US states seem to have been California, Texas, Florida, New York, and Ohio," wrote researchers.
"This telemetry is based on the number of unique IP addresses that have reported such themed malware."
Teaching via Zoom has been dropped by a New Jersey school district after a lesson was disrupted by a malicious hacker.
In a Zoom-bombing incident that lasted around 15 seconds, a hacker gained access to an online school lesson being taught to middle school students in Burlington County. The hacker then proceeded to expose the children, their teacher, and the lesson's co-host to foul racist language and pornographic images.
The hacker's Zoom session was ended by the teacher and their co-host immediately after the incident took place, and the school district's administration was alerted.
Lumberton Township Public Schools in Burlington County announced on Monday that use of the video conferencing app as a distance learning aid would be halted while an investigation into the security breach took place.
Superintendent Joe Langowski wrote: “We have worked tirelessly to develop a superior educational experience for the children of Lumberton in these most difficult times, but as always, the safety of our children is paramount. Therefore, we will be suspending the use of Zoom temporarily while we determine if it can continue to be used safely for our students.”
Use of Zoom as a teaching aid has increased rapidly in recent weeks as schools across America were ordered to close to slow the spread of COVID-19. As the video conferencing app has gained in popularity, the number of Zoom-bombing cyber-attacks in which video conferences are deliberately disrupted by malicious hackers has shot up.
The increase in Zoom-bombing has been so significant that last month it prompted a security warning from the Boston Division of the Federal Bureau of Investigation.
In an alert issued on March 30, the FBI stated: "As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language."
The warning came after a Massachusetts high school reported that an unidentified individual dialed into a virtual lesson being taught on Zoom, yelled a profanity, and then shouted the teacher’s home address.
The Health Secretary Matt Hancock has permitted GCHQ to access NHS data.
According to HSJ, GCHQ now has the power to make the NHS disclose any information which relates to “the security” of the health service’s networks and information systems. This move is intended to better protect the NHS from cyber-attack.
A statement claimed that Hancock has permitted GCHQ access to “any information relating to the security of any network and information system held by or on behalf of the NHS or a public health body during the period ending on December 31 2020.”
The statement also noted that “any activities carried out by GCHQ for the purpose of supporting and maintaining the security of any network and information system” which is held by, or on behalf of, the NHS or a public health body, and supports, directly or indirectly, the provision of NHS services or public health services intended to address coronavirus, are permitted.
Jake Moore, cybersecurity specialist at ESET, said that since WannaCry, the NHS has been highlighted as an increasing target by not just financially-motivated hackers, but by mayhem creators too. “They therefore require all the help they can get right now from both the NCSC and the private sector where possible,” he added. “The NHS environment currently needs as much bolstering as possible – although some of this may be difficult to deliver while social distancing is in place.”
Irene Ng, CEO of Dataswift, said that the news is likely to add fuel to already existing privacy concerns around the handling of the COVID-19 pandemic with the use of contact tracing apps. “The debate around these issues tends to focus heavily on whether or not we can trust Governments, and the NHS, with our health data,” she said. “These debates often conflate trust with privacy. If there is trust, then should privacy not follow?”
The news comes as more concerns are raised about the use of contact tracing apps. In a joint statement signed by 192 UK academics, concerns about an NHSX contact tracing app were raised, and the undersigned urged “that the health benefits of a digital solution be analyzed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved.”
With reports claiming that an approach where the de-anonymized ID of someone who is infected, and also the IDs of all those with whom the infected person has been in contact with, is being considered. The academics said: “This facility would enable (via mission creep) a form of surveillance. We note that it is vital that, when we come out of the current crisis, we have not created a tool that enables data collection on the population, or on targeted sections of society, for surveillance.”
The academics also asked NHSX to publicly commit that there will not be a database or databases, regardless of what controls are put in place, that would allow de-anonymization of users of its system at a minimum, and asked how NHSX plans to phase out the application after the pandemic has passed to prevent mission creep.
NHSX has been approached for comment.