Security News

In some cases, countries are not even aware of major cyberattacks against them; Iran only belatedly realized it had been attacked by the Stuxnet worm over a period of years, damaging centrifuges being used in the country's nuclear weapons program. In the paper, the scholars largely examined scenarios where countries are aware of cyberattacks against them but have imperfect information about the attacks and attackers.

The U.S. Department of Homeland Security, plus the Treasury and Commerce departments, have been hacked in an attack related to the FireEye compromise last week, according to reports. SolarWinds acknowledged the bug in an advisory over the weekend, saying that exploitation of the issue must be done in a "Narrow, extremely targeted, and manually executed attack," and was likely the work of a nation-state.

Norwegian cruise company Hurtigruten announced Monday that it had been hit by a major cyberattack involving what appeared to be "Ransomware", designed to seize control of data to ransom it. The company said it had alerted the relevant authorities when the attack was detected overnight Sunday to Monday.

The US government on Sunday confirmed that its computer networks had been hit by a cyberattack, as The Washington Post reported at least two departments including the Treasury had been targeted by Russian state hackers. "We have been working closely with our agency partners regarding recently discovered activity on government networks," a spokesperson for the Cybersecurity and Infrastructure Security Agency told AFP. "CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises."

Threat actors are targeting K-12 educational institutions in the United States to deploy ransomware, steal data, or disrupt distance learning services. In a joint alert this week, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center warned of continuous attacks targeting K-12 educational institutions.

Ransomware is not the only problem, though - CISA and the FBI said that trojan malwares, distributed denial-of-service attacks, phishing and credential theft, account hacking, network compromises and more have all been on the rise since the beginning of the school year. "Whether as collateral for ransomware attacks or to sell on the dark web, cyber-actors may seek to exploit the data-rich environment of student information in schools and education technology services," according to the joint advisory [PDF], issued Thursday.

Facebook has shut down several accounts and Pages on its platform, which were used to launch phishing and malware attacks by two cybercriminal groups: APT32 in Vietnam and an unnamed threat group based in Bangladesh. "The operation from Vietnam focused primarily on spreading malware to its targets, whereas the operation from Bangladesh focused on compromising accounts across platforms and coordinating reporting to get targeted accounts and Pages removed from Facebook," said Nathaniel Gleicher, head of security policy, and Mike Dvilyanski, cyber-threat intelligence manager at Facebook, in a Thursday post.

A cyberattack targeting coronavirus data at the EU's medicines watchdog lasted two weeks but will not affect the timeline for approval of the jabs, the head of the regulator said on Thursday. "We have been subject of a cyberattack over the last couple of weeks. This is being investigated," EMA chief Emer Cooke told a European Parliament committee.

Another cyberattack has been launched - this time, threat actors were able to break into the European Medicines Agency server and access documentation about the vaccine candidate from Pfizer and BioNTech. "Today, we were informed by the European Medicines Agency that the agency has been subject to a cyberattack and that some documents relating to the regulatory submission for Pfizer and BioNTech's COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed," the Pfizer-BioNTech statement said.

Ransomware attacks in the education sector have increased at the beginning of the school year, with cybercriminals stealing data and threatening to leak it unless the ransom was paid. The three U.S. agencies say that the reason behind the increased incidence of these attacks is the availability of DDoS-for-hire services that enable "Any motivated malicious cyber actor conduct disruptive attacks regardless of experience level."