Here are the top stories of recent weeks:
- Critical Data Stolen From Covid-19 Vaccine Test Center and Dispersed Online
- Malicious Credit Card Skimming Plot Affects Tupperware Site
- Multiple Russian Ransomware Attacks Take Down American Government Systems
- Fraudulent Emails Masquerading as World Health Organization Official Are Circulating
- Data Breach Affects Norwegian Cruise Line
A ransomware group that promised not to target medical organizations during the pandemic, did just that – this past week. The latest victim of this timely attack is Hammersmith Medicines Research, a British company that previously conducted the Ebola vaccine. This test center is said to be on standby, to perform the medical trials on any Covid-19 vaccine. The Maze threat actors published the sensitive data online and demanded a ransom. However, according to Hammersmith Medicines, the cyberattack was spotted in progress, it was stopped, and systems were restored without paying any ransom.
Hackers managed to infiltrate the popular Tupperware site by integrating a malicious iframe that displayed a fake payment form field to shoppers. This ingenious method enabled them to acquire customers personal information, including: first and last name, billing address, phone number, credit card number, credit card expiry date, and the CVV (card verification value, required for online shopping). The attack was meticulously coordinated to keep the skimmer active for as long as possible, however, the organization did not specify how long it had been affecting its platform.
The city of Durham and the Durham county government IT systems were subject to a successful malware attack earlier this month, which aimed at disabling all critical public safety systems, including access to the 911 network. However, the National Guard cybersecurity team proactively mitigated the attack by disabling affected systems promptly, upon receiving immediate notification of the attack. The team's initial response was to shut down affected networks to prevent further spread. Ryuk, a notorious ransomware threat, was responsible for this attack and had previously infiltrated a New Orleans government system, which resulted in the Mayor declaring a state of emergency.
A credential-stealing malware disguised in emails claiming to be from the World Health Organization (WHO), is making its rounds in the latest phishing campaign. HawkEye, a keylogger and credential-stealing malware that is usually dispersed via fraudulent emails and malicious Microsoft Word, Excel, PowerPoint, and RTF files, has been deployed in recent weeks. The extent of the keylogger’s capabilities includes the ability to log keystrokes, capture screenshots, and send stolen data to its operators through encrypted email. As panic surrounding COVID-19 increases, threat actors will continue to take advantage of the public's fear.
There is never a good time to be on the receiving end of a data breach, however, now more than ever organizations must ensure that their networks and critical data housed in the cloud are secure. Covid-19 continues to take its toll on all industries across the globe, including cruise lines which have suspended all operations, however, cybersecurity also continues to play a role in this developing healthcare crisis. As a result of the cyberattack, travel partners are being asked to change their password for the site and any site for which they may have used the same password, and to remain vigilant of any suspicious activity or emails. The personal information exposed in the breach included names of travel agencies and business contact information such as business addresses and email.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.