Security News

The US government on Sunday confirmed that its computer networks had been hit by a cyberattack, as The Washington Post reported at least two departments including the Treasury had been targeted by Russian state hackers. "We have been working closely with our agency partners regarding recently discovered activity on government networks," a spokesperson for the Cybersecurity and Infrastructure Security Agency told AFP. "CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises."

Threat actors are targeting K-12 educational institutions in the United States to deploy ransomware, steal data, or disrupt distance learning services. In a joint alert this week, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center warned of continuous attacks targeting K-12 educational institutions.

Ransomware is not the only problem, though - CISA and the FBI said that trojan malwares, distributed denial-of-service attacks, phishing and credential theft, account hacking, network compromises and more have all been on the rise since the beginning of the school year. "Whether as collateral for ransomware attacks or to sell on the dark web, cyber-actors may seek to exploit the data-rich environment of student information in schools and education technology services," according to the joint advisory [PDF], issued Thursday.

Facebook has shut down several accounts and Pages on its platform, which were used to launch phishing and malware attacks by two cybercriminal groups: APT32 in Vietnam and an unnamed threat group based in Bangladesh. "The operation from Vietnam focused primarily on spreading malware to its targets, whereas the operation from Bangladesh focused on compromising accounts across platforms and coordinating reporting to get targeted accounts and Pages removed from Facebook," said Nathaniel Gleicher, head of security policy, and Mike Dvilyanski, cyber-threat intelligence manager at Facebook, in a Thursday post.

A cyberattack targeting coronavirus data at the EU's medicines watchdog lasted two weeks but will not affect the timeline for approval of the jabs, the head of the regulator said on Thursday. "We have been subject of a cyberattack over the last couple of weeks. This is being investigated," EMA chief Emer Cooke told a European Parliament committee.

Another cyberattack has been launched - this time, threat actors were able to break into the European Medicines Agency server and access documentation about the vaccine candidate from Pfizer and BioNTech. "Today, we were informed by the European Medicines Agency that the agency has been subject to a cyberattack and that some documents relating to the regulatory submission for Pfizer and BioNTech's COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed," the Pfizer-BioNTech statement said.

Ransomware attacks in the education sector have increased at the beginning of the school year, with cybercriminals stealing data and threatening to leak it unless the ransom was paid. The three U.S. agencies say that the reason behind the increased incidence of these attacks is the availability of DDoS-for-hire services that enable "Any motivated malicious cyber actor conduct disruptive attacks regardless of experience level."

A late October cyberattack on the computer systems of the University of Vermont Medical Center is costing the hospital about $1.5 million a day in lost revenue and recovery costs, its CEO said. The Oct. 28 attack crippled the computer systems of the hospital system that serves much of Vermont and parts of upstate New York.

The EU's medicines regulator said Wednesday it had been the victim of a cyberattack, just weeks before it is due to decide on special approval for two coronavirus vaccines. "EMA has been the subject of a cyberattack. The agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities," the EMA said in a brief statement.

Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread media attention around the development and distribution of COVID-19 vaccines - as well as recent reports that manufacturers like Pfizer may not be able to supply additional doses of its vaccine to the U.S. large volumes until sometime in Q2. These lures continue to play into the high emotions of victims during a pandemic - something seen in various phishing and malware campaigns throughout the last year.