Security News

A report released Tuesday by identity verification firm Onfido looks at the increase in ID fraud since the outbreak of COVID-19 and offers tips on how to protect your organization, your users, and your customers from this type of crime. To compile its "Identity Fraud Report for 2020," Onfido teamed up with criminal police organization Interpol to analyze different fraud techniques.

The European Medicines Agency responsible for COVID-19 vaccine approval has suffered a cyberattack of an undisclosed nature, according to a statement posted on their website. The EMA is a decentralized agency for the European Union responsible for evaluating, monitoring, and supervising new medicines introduced to the EU. In a statement on their website, the European Medicines Agency has stated that they have suffered a cyberattack and are investigating with law enforcement.

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a sub-group of APT28, cybersecurity firm Intezer said the pandemic-themed phishing emails were employed to deliver the Go version of Zebrocy malware.

Florida's state police on Monday morning raided the home of coronavirus tracker Rebekah Jones, seizing her electronics as part of a computer hacking investigation. Jones then set up her own COVID-19 dashboard, which frequently reported a higher number of cases than the Department of Health's site.

The agency joins a chorus of security professionals that have concerns about widespread attacks on the COVID-19 vaccine rollout. "The detection of a fake influenza vaccine confirms that criminals seize opportunities as soon as they present themselves," the Europol warning read. "Owing to the pandemic, the demand for the influenza vaccine has been higher than usual and there risks being a shortage. Criminals have reacted quickly by producing counterfeit influenza vaccines. The same scenario is also likely to happen when COVID-19 vaccines do become available."

A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering the COVID-19 vaccine at safe temperatures.

Administrators scrambled to keep the hospital operational - cancelling non-urgent appointments, reverting to pen-and-paper record keeping and rerouting some critical care patients to nearby hospitals. The Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. health care providers hostage as COVID-19 cases surge nationwide.

An unidentified group of malicious sorts impersonated a so-called "Cold chain" company involved in COVID-19 vaccine distribution networks then targeted an EU governmental agency, according to IBM. Infosec researchers from Big Blue's X-Force threat intelligence unit "Uncovered targets across multiple industries, governments and global partners" involved in setting up the vaccine cold chain, it said in a blog post today. The phishing campaign's operators reportedly posed as an executive from the Chinese arm of Haier Biomedical, a business IBM described as "a credible and legitimate member company of the COVID-19 vaccine supply chain and qualified supplier for the CCEOP program."

The attack targeted organizations associated with a public-private global health partnership, called Gavi, the Vaccine Alliance, which is aiming to leverage such cold-chain companies in order to safely transport the COVID-19 vaccine to underdeveloped regions. "However, the established role that Haier Biomedical currently plays in vaccine transport, and their likely role in COVID-19 vaccine distribution, increases the probability the intended targets may engage with the inbound emails without questioning the sender's authenticity."

Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain. The targets? Select executives in sales, procurement, information technology and finance positions at organizations around the world associated with Gavi, The Vaccine Alliance's Cold Chain Equipment Optimization Platform program.