Security News

British eavesdropping agency GCHQ is actively hacking Russian attempts to undermine coronavirus vaccine efforts, according to The Times. Some weeks ago a Russian misinformation campaign was brought to light, again by The Times, aiming to sow distrust of the safety and efficacy of a COVID-19 vaccine being developed by drug company AstraZeneca and Oxford University in the UK. The campaign reportedly claimed that because AZD1222 uses a replication-deficient chimpanzee viral vector, it could "Turn people into monkeys".

Hackers are breaking into online loyalty card accounts using stolen credentials or easily obtainable information, and then not only ransacking the profiles' balances but also harvesting victims' personal data for subsequent identity theft, Akamai has warned. In its Loyalty for Sale - Retail and Hospitality Fraud report published today, Akamai reckoned that ne'er-do-wells began actively targeting retail, travel, and hospitality sectors with a wave of credential-stuffing attacks that accelerated as the COVID-19 pandemic forced most retail activity onto the web.

As if things were not going badly enough for the UK's COVID-19 test-and-trace service, it now seems police will be able to access some test data, prompting fears the disclosure could deter people who should have tests from coming forward. As revealed in the Health Service Journal [paywall], the Department for Health and Social Care and the National Police Chiefs' Council have agreed that officers can access test results to determine whether or not a "Specific individual" has been told to self-isolate.

In the absence of a working contact tracing app, the UK government has been forced to rely on manual data collection and human-powered tracing to identify potential cases of exposure to the Covid-19 virus. As this information is recorded and stored digitally, any concerns regarding an app-based approach to contact tracing also apply to manual contact tracing.

Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure - though overall volumes of phishing did decrease a touch. Observed attack attempts included an Emotet banking trojan campaign targeting Japan in January after the nation confirmed its first coronavirus infection.

Security vendor Fortinet found several important similarities between how enterprises responded, and how they plan to adapt, to a future of remote work. Enterprise security vendor Fortinet has released a report highlighting some of the many problems businesses faced as a result of coronavirus-driven shifts to remote work.

Moving employees to a work-from-home model means your security infrastructure has to change quickly. Most organizations prior to COVID-19 were already moving to a cloud adoption, cloud security model, moving their data to the cloud, moving their security to the cloud.

Moving employees to a work-from-home model means your security infrastructure has to change quickly. Some recent breaches highlight the importance of cybersecurity.

We've seen phishing emails and malicious content centered around the initial spread of the virus, the resulting lockdown, the transition to remote working, the stimulus payments, and the return-to-work effort. One especially sensitive area found in many phishing emails has been the promise of a coronavirus vaccine.

As most people have been busy grappling with the impact of the coronavirus pandemic so too have cybercriminals been busy, but for more nefarious reasons. The spread of COVID-19 has provided fertile ground for criminals to launch different types of attacks that have exploited not just the virus but also the resulting lockdown and stay-at-home situation.