Security News > 2020 > May

A new report from researchers with Palo Alto Networks' Unit 42 found that more than 86,600 domains of the 1.2 million newly registered domain names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 are classified as "Risky" or "Malicious." Unit 42's Jay Chen wrote a study analyzing all new domain names containing keywords related to the COVID-19 pandemic and found that the United States, Germany, Russia and Italy had the highest number of malicious coronavirus domains. On average, Chen found that 1,767 malicious COVID-19-themed domains were created every day between March 9, 2020 to April 26, 2020, and of the 86,600-plus domains, 2,829 domains hosted in public clouds were found to be "Risky" or "Malicious." Nearly 80% were hosted on Amazon Web Services, about 15% on Google Cloud Platform, 6% on Azure and less than 1% on Alibaba.

In addition to the attack on the hospital in the Czech Republic, she cited a number of healthcare cyber incidents in France, Spain and Thailand, adding that there needs to be more collaboration worldwide on protecting critical health infrastructure in times of crisis. Ransomware attacks on healthcare providers rose 350% in the fourth quarter of 2019, and Emsisoft research shows that more than 759 healthcare providers were hit with ransomware last year.

On April 4th, INTERPOL delivered a rare warning to hospitals around the world to be on high alert for imminent cyber-attacks. While hospitals struggle to keep pace with a global pandemic, the number of ransomware attacks targeting organizations critical to virus response has also increased.

A threat actor managed to compromise more than 75% of the devices within a company by distributing their malware through a mobile device management server, Check Point reports. As part of the attack, cybercriminals were distributing a new variant of the Cerberus Android malware that was designed to collect large amounts of sensitive data and exfiltrate it to a remote command and control server.

Gould also told Parliament's Human Rights Committee that data harvested from Britons through NHSX's COVID-19 contact tracing app would be "Pseudonymised" - and appeared to leave the door open for that data to be sold on for "Research". Key to those is a big green button that the user presses to send 28 days' worth of contact data to the NHS. Written by tech arm NHSX, Britain's contact-tracing app breaks with international convention by opting for a centralised model of data collection: all the contact-tracing data is kept under one roof in one central government database.

That makes the Love Bug computer virus 20 years old today, depending on your timezone and how early in the infection chain you were. It was 20 years ago today That the Love Bug virus came to play.

A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply. Researcher Mordechai Guri from the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel has shown that a piece of malware can cause a device's power supply unit to generate sounds that can be picked up by a nearby receiver.

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.

The success of contact tracing apps will then depend on the overall active uptake by users, and whether the big data analysts have got their figures right. "Numerous vulnerabilities have been discovered like BlueFrag, which affected IOS and Android." He also warns, "Contact tracing apps need to be regularly tested for vulnerabilities and critical updates must be deployed immediately. These apps must also be prohibited from activating smart assistants. People must limit the location settings to run only when approved and when in use."

The United States has the highest number of malicious domains with names associated with the current coronavirus crisis, a new report reveals. Now, Palo Alto Networks' security researchers say they have identified over 86,600 risky or malicious domains out of 1.2 million domain names registered between March 9 and April 26 that contain keywords related to the COVID-19 pandemic.