7:54 AM 7/12/2020 - The Covid-19 Pandemic Cyberattacks: Is there a significant increase, and are these attacks a part of the Bio-Info-Warfare package? | Hospitals see rise in patient data hacking attacks during COVID-19
- Get link
- X
- Other Apps
The Covid-19 Pandemic Cyberattacks: Is there a significant increase, and are these attacks a part of the Bio-Info-Warfare package? - GS
Michael_Novakhov shared this story from  Disease X-19 and Security from Michael_Novakhov (10 sites). |
Between March and April, IBM saw a 6,000% increase in spam attacks on information technology systems, leveraging COVID-19, many of them at ...
7:54 AM 7/12/2020
Selected Posts: The Disease X-19
____________________________________________________
Audio News: | VOA Newscasts | NPR News Now | NPR News Now On RSS Dog | Michael Novakhov - SharedNewsLinks | ||
|---|---|---|
| 7:54 AM 7/12/2020 - The Covid-19 Pandemic Cyberattacks: Is there a significant increase, and are these attacks a part of the Bio-Info-Warfare package? | Hospitals see rise in patient data hacking attacks during COVID-19 | ||
The Covid-19 Pandemic Cyberattacks: Is there a significant increase, and are these attacks a part of the Bio-Info-Warfare package? - GS 7:54 AM 7/12/2020
| ||
| Hospitals see rise in patient data hacking attacks during COVID-19 | ||
BOSTON On the day before the July 4 holiday weekend, Mount Auburn Hospital's information technology team identified some unusual activity. Alarmed, they quickly took steps to disconnect the Cambridge hospital's computer system from the internet. They switched to backup manual procedures instead of automatic ones.
No patient data was compromised, and the Harvard-affiliated hospital continued its normal operations, according to hospital officials.
Such attempted attacks are a daily if not hourly occurrence at America's hospitals. And they dont always end as well as Mount Auburns did.
More than 80% of medical practices have been the victims of cyberattacks, according to a national survey. Over half reported patient safety concerns from the hacks, and 20% said that their business had been interrupted for more than five hours.
That can be the difference between life and death, said Wendi Whitmore, a cybersecurity expert and vice president of IBM X-Force, a commercial security research team.
And the situation has only gotten worse during the months-long coronavirus pandemic, as more employees switched to working from home, and medical facilities were cash-strapped and stretched thin because of COVID-19.
Between March and April, IBM saw a 6,000% increase in spam attacks on information technology systems, leveraging COVID-19, many of them at health care facilities, Whitmore said, describing the situation as a continuous cat and mouse game between criminals and institutions.
Whitmore said theres been a huge increase in security incidents in recent months, climbing about 75% in North America and 125% in Europe and the Middle East.
Seattle Childrens, for instance, saw a doubling of attempted hacking attacks in March, specifically phishing emails, hunting for someone on the staff who would click on a malicious link and allow malware into the health system'snetwork, said Gary Gooden, chief information security officer at the Washington-based health system.
The reason: Hackers can make a lot of money. Globally, cybercrime adds up to billions of dollars a year, Gooden said.
Stealing a credit card number might be useful for only a day or two, until the person realizes it and cancels their card. But an electronic medical record is far more valuable.
The FBI reported in 2014 that a stolen credit card or even social security number was worth just $1 on the black market, while an electronic health record would fetch about $50 $1,000 if it belonged to a celebrity or public figure.
Electronic health records, according to the FBI report, can be used to file fraudulent insurance claims, obtain prescription medication, and advance identity theft. Health record theft also is more difficult to detect, taking almost twice as long to recognize as normal identity theft, the report found.
Stealing a newborn or toddlers electronic health record is even more prized, Gooden said, because thieves are rarely caught. You have a free run for 18 years to utilize these personas. They also try to steal the identities of children who die at the hospital, hoping they wont get caught, he said.
Phishing attacks a favorite tactic
Cyber criminals are particularly fond of phishing attacks that entice people to click on email links that provide the thief access to their computer networks. Corporate email protectionscan identify and remove nearly all potentially malicious emails before a user within the health care system ever sees them, Gooden said. But for the final few, the vigilance of employees remains crucial.
The lures for getting people to open these spam emails have evolved over the course of the pandemic, said Ryan Witt, managing director at Proofpoint, a technology security company based in Sunnyvale, California.
In February, he said, most of the phishing attempts provided basic information about the coronavirus, often by impersonating health authorities. At the height of the early pandemic in March, the emails offered access to face masks or other personal protective gear. We found a source of equipment for you! was a typical offer.
Then in April, these tempting emails offered advice on how to get stimulus funding checks. Lately, theyve shifted yet again, he said, and now the focus is on getting first in line for a vaccine though one doesnt yet exist.
Typically, theres a seasonality to cyber-attacks, with more coming during traditional vacation times, when criminals assume defenses are lowered and staff is reduced, said Colin Zick, a partner and co-chair of the privacy and data security practice at Foley Hoag, a Boston-based law firm.
He expects phishing attacks to go up in September, if people return to their offices after working from home.
Another change in workflow, Zick said. Its the perfect opportunity for someone to send a phishing email, that says Im still out, but I want you to do this.
Cybersafety requires eternal vigilance
To protect against these ever-changing approaches, Gooden said, hospitals and medical facilities have to constantly pivot and stay ahead of the curve in terms of technology and practices.
Whitmore agrees. She advises institutions to require multi-factor authentication using a cellphone to corroborate a person's identity warn staff about spam, back up their most critical information offline, and encrypt patient information.
Its about installing a series of tripwires that allow organizations to detect when there are attacks against their environment, she said. That buys us time.
But every medical institution is vulnerable.
You have to be eternally vigilant, Zick said. As long as weve got an open internet that is highly unregulated, thats the downside.
Theres not much an individual can do to protect their own medical information, Zick and others said, except trust their health care providers to do it for them.
Zick requests his medical file periodically to ensure he has access to his own records if they were ever lost for good. And he said if he saw a provider acting carelessly with his data such as not using two-factor authentication he would offer them some free advice.
Hacker ransom demands skyrocking
On June 3, information technology staff at the University of California San Francisco realized that their networks security had been breached two days earlier. They quarantined several IT systems within the School of Medicine as a safety measure, and isolated the activity from the UCSF network, according to a statement from the university.
Patient care remained unaffected, the school said, but the attackers launched malware that encrypted a few servers within the School of Medicine, "making them temporarily inaccessible.
The university paid less than half the demanded ransom about $1.14 million in exchange for the stolen data. The FBI is investigating.
Just a few years ago, criminals were asking for $1,200, Whitmore said, but "now we're seeing ransomware demands ranging from $10,000 to $25 million." Attackers do release ransomed data when paid, because otherwise organizations would stop paying, but once the criminals access a computer system they may leave behind the means to do it again.
Large institutions are getting more sophisticated at protecting themselves, Whitmore and others said. But they may still be vulnerable when one of their suppliers or, say, a small specialty medical clinic, is hacked. If the computer systems are linked, the criminals can try to access the bigger facility through the smaller one.
Your security is only as good as your collective security, said Dr. Titus Schleyer, a professor of biomedical informatics at the Indiana University School of Medicine and a research scientist at the Regenstrief Institute, a research organization in Indianapolis. If you have a weak partner all your security doesnt help you.
Zick said the sweet spot is mid-sized medical practices that have tens of thousands of health records, but arent big enough to hire dedicated IT staff to protect the data.
Cash and information are cybertargets
Cybercriminals range from those have no idea what theyre doing, to sophisticated rings of computer scientists, often from the former Eastern Bloc countries, Schleyer said.
Most attacks are aimed at getting money. But some, backed by countries like Russia and China, as well as many others, are looking for information perhaps the results of a clinical trial for a new COVID-19 therapy, or candidate vaccine.
You do have government actors in the hacking space, no question about it, Schleyer said, adding that he did not know of any specific attempts to get COVID-related information.
Zick said he expects China and Russia will be looking for information, ideally without the victims knowing theyve been spied on. More ransomware originates tends to originate from North Korea and Eastern Europe, he said, where hackers dont care about the information, only the money it can yield.
Going forward, what cyber security experts worry about the most is quantum computing, Schleyer said. Quantum computers, which operate differently than classic ones, will be able to decode current protective systems.
We need to be ready for that moment, Schleyer said. Thatll upset IT around the world when that happens.
Health and patient safety coverage at USA TODAY is made possible in part by a grant from the Masimo Foundation for Ethics, Innovation and Competition in Healthcare. The Masimo Foundation does not provide editorial input.
| ||
| Cyber attacks stayed at same level during pandemic, says infosec pro | ||
Chester Wisniewski, a principal research scientist at security outfit Sophos, told iTWire during an interview: "I see no evidence of that [and ] I have no idea what they're talking about. The number of attacks related to the pandemic, of course, have increased dramatically, but the total number of attacks hasn't changed.
"We saw attacks change from fake shipping notices into 'you've got COVID, click here'. But we didn't see an increase in the number of attacks at all, not an increase in the number of spam attacks, not an increase in the number of ransomware attacks."
Wisniewski said he had not seen a dramatic change in any of the numbers in Sophos' data from the beginning of the year. "So if we look at January, February, we don't see a big change from January, February versus March and April," he added.
In his day-to-day role, Wisniewski, whose interest in security and privacy was piqued while learning to hack from bulletin board text files in the 1980s, analyses the attack data gathered by SophosLabs in a bid to improve understanding of evolving threats.
He has helped organisations design enterprise-scale defence strategies, has served as the primary technical lead on architecting Sophos' first email security appliance, and also consulted on security planning with some big global brands.
A great deal of the interview with Wisniewski focused on how things would look post-COVID, and he agreed that there would be some changes as compared to the period before the lockdown.
For one, he said employers would be keen to look at any savings that could be made by continuing with some COVID-era practices, without jeopardising the welfare of employees.
He pointed to his own organisation as an example. "Look at the real estate that Sophos has here in Vancouver for 300 staff. And that square footage in that building costs us a fortune in the CBD. If we could cut the amount of square footage in half, the savings would be monumental to the company just for the space, let alone the coffee and the other perks."
Wisniewski said adapting to a return to office would mean different things, depending on the industry. Sectors like shipping, logistics and manufacturing tended to have a somewhat immature security model compared to sectors like finance, technology and government. And the bigger the organisation and the bigger the IT staff,. the less the issues that would be encountered.
But the fact that organisations, in general, had been moving towards a zero trust networking model would ensure that there was no calamity when people went back to work. Wisniewski pointed to the fact that today more than 90% of sites were using encryption, a far cry from the situation a decade ago.
"You know, when [Edward] Snowden leaked all the NSA stuff, less than 20% of all the websites in the world were encrypted. Everything was leaking everywhere. We were worried about Wi-Fi security, we were worried about VPNs, we were worried about this, we were worried about that. Now it's over 90% of all websites in the developed world that are encrypted and the 10% that aren't are literally like an eight-year-old soccer blog for your kids League Soccer that's not maintained anymore.
"So the safety of using TLS encryption means that I don't really care if your home Wi-Fi isn't perfect. Or if you're working from the local cafe, it doesn't matter anymore. We're generally using the same safety no matter where we are. What's important is that visibility and monitoring where I started out with is present no matter where I'm at.
"I need to know that your computer is safe, that it's, you know, patched or it's up-to-date, that your security software is not turned off. I need to know those things are in place, no matter where you are, whether you're at the cafe, whether you're at home, whether you're at the office. And if we accomplish that, then it's up to the business to decide if they're for it. I don't really think there's that much security risk."
He anticipated that some machines, taken home by workers to use during the lockdown, would need a rash of patches. But again, these were not the majority. There were some organisations where machines needed to be on the internal LAN to receive their weekly or monthly dose of patches.
"We've had some of this internally where we use Microsoft System Centre Configuration Manager to manage some of our machines. Then other machines, we were managing patches externally through just controlling which Windows Updates got automatically downloaded from Microsoft.
"All the machines that were pointed at Microsoft, no matter where they're in the world, they've been getting their updates according to policy. And we've been able to keep an eye on that.
"But a few of the legacy machines, the four- and five-year-old machines that we were just getting ready to replace, some of those were pointed at internal update points. So they are only getting updates when they VPN in; the problem is the user may only VPN in for a half an hour a day and never get that two gigabyte Windows Update downloaded. And that that update may not have happened."
Wisniewski said he had suggested the equivalent of quarantine for unpatched machines. "I've been recommending that organisations look at creating, either bringing those machines in onto the guest Wi-Fi, or creating a quarantine Wi-Fi, until IT is able to give a quick check of those machines to be sure they're fit for duty."
He said he did not anticipate a rash of malware infections when people returned to work. "I would hope not to see too much on the malware infection side. From what I'm seeing, nothing has gotten particularly worse. I think the biggest thing is going to be regulatory and data being spread around places it doesn't belong.
"You know, I think there's going to be a lot of company documents shared in places they don't belong. Policies breached, that kind of stuff. I think it's prudent to make sure those patches are in place. And you know, antivirus stuff.
"But to be honest, I don't expect that to be a big problem. I don't think we're going to see big outbreaks when people come back. One of the things we'll see is some that shadow IT will continue to be used even though it may be prohibited by policy."
| ||
| Cyberattacks and Covid-19: who is behind them, and are they the clue to understanding the nature of Pandemic as the Weapon? - Google Search | ||
Search Results | ||
| Cyberattacks and Covid-19: who is behind them, and are they the clue to understanding the nature of Pandemic as the Weapon? - Google Search | ||
Search ResultsWeb resultsCOVID-19 Exploited by Malicious Cyber Actors | CISA - US-Cert
us-cert.cisa.gov ncas alerts
us-cert.cisa.gov ncas alerts
Apr 8, 2020 - It includes a non-exhaustive list of indicators of compromise (IOCs) ... APT groups are using the COVID-19 pandemic as part of their cyber ... Specifically, it is likely that they will use new government aid packages responding to COVID-19 ... GitHub list of IOCs used COVID-19-related cyberattack campaigns ...
Missing:
COVID-19 Cyber Attacks - WebARX Security
www.webarxsecurity.com covid-19-cyber-attacks
<a href="http://www.webarxsecurity.com" rel="nofollow">www.webarxsecurity.com</a> covid-19-cyber-attacks
COVID-19 Cyber Attacks - As a web security company, over the past weeks, we have been ... list of the cyber attacks and threats related to the global pandemic. ... online, this page serves the purpose of making it easier to spread awareness. ... about half of the respondents said they aren't offering security education that ...
| ||
| Google Alert - Coronavirus and cyber attacks: A game of 'cat and mouse': Hacking attacks on hospitals for patient data increase during ... | ||
Between March and April, IBM saw a 6,000% increase in spam attacks on information technology systems, leveraging COVID-19, many of them at ... | ||
| Iran: Misaligned radar led to Ukrainian jet downing | ||
Iran: Misaligned radar led to Ukrainian jet downing
People walk near the wreckage of a Ukrainian plane tha crashed near Imam Khomeini airport in Tehran on January 8, 2020, killing everyone on board. (AFP)
Short Url
<a href="https://arab.news/purs3" rel="nofollow">https://arab.news/purs3</a>
Iran: Misaligned radar led to Ukrainian jet downing
TEHRAN: Iran said that the misalignment of an air defense units radar system was the key human error that led to the accidental downing of a Ukrainian passenger plane in January.
A failure occurred due to a human error in following the procedure for aligning the radar, causing a 107-degree error in the system, the Iranian Civil Aviation authority said in a report late Saturday. | ||
| 6:59 AM 7/12/2020 - North Korea's Military Can Kill a Lot of People | ||
 Hamburg Sex Workers Demand Germany's Brothels Reopen | World News | US News _________________________________________________________________
1. All Saved Stories | Trumpism And Trump http://trumpismandtrump.com | Review of news and opinions | Michael Novakhov SharedNewsLinks http://michael_novakhov.newsblur.com/ | The FBI News Review https://fbinewsreview.blogspot.com/ | Trumpism And Trump GS
Michael Novakhov SharedNewsLinks | Michael Novakhov SharedNewsLinks on RSS Dog | Michael Novakhov SharedNewsLinks In Brief | Trump Investigations News In Brief http://feed.informer.com/share/CGD4YTZW07 | Trump Investigations News Page Link News In Brief | Tweets | Videos | Michael Novakhov SharedNewsLinks Page
|
The FBI News Review.
GANNETT Syndication Service.
Blog di Psicologia, ricerca, curiosità | PsicoSocial.it.- Hospitals see rise in patient data hacking attacks during COVID-19 https://www.usatoday.com/story/news/health/2020/07/12/hospitals-see-rise-patient-data-hacking-attacks-during-covid-19/5403402002/ …
- iTWire - Cyber attacks stayed at same level during pandemic, says infosec pro https://www.itwire.com/security/cyber-attacks-stayed-at-same-level-during-pandemic,-says-infosec-pro.html …
- Cyberattacks and Covid-19: who is behind them, and are they the clue to understanding the nature of Pandemic as the Weapon?https://images.app.goo.gl/E2NPEbMCUFZafZHt5 …
- Cyberattacks and Covid-19: who is behind them, and are they the clue to understanding the nature of Pandemic as the Weapon? - Google Search https://www.google.com/search?q=Cyberattacks+and+Covid-19%3A+who+is+behind+them%2C+and+are+they+the+clue+to+understanding+the+nature+of+Pandemic+as+the+Weapon%3F&rlz=1C1CHBF_enUS733US733&oq=Cyberattacks+and+Covid-19%3A+who+is+behind+them%2C+and+are+they+the+clue+to+understanding+the+nature+of+Pandemic+as+the+Weapon%3F&aqs=chrome..69i57.125412j0j7&sourceid=chrome&ie=UTF-8 …
- Iran: Misaligned radar led to Ukrainian jet downing https://www.arabnews.com/node/1703581/middle-east …
- 6:59 AM 7/12/2020 - North Korea's Military Can Kill a Lot of People
The FBI News Review: 6:59 AM 7/12/2020 - North Korea's Military Can Kil... https://fbinewsreview.blogspot.com/2020/07/659-am-7122020-north-koreas-military.html?spref=tw … - Hamburg Sex Workers Demand Germany's Brothels Reopen | World News | US News https://www.usnews.com/news/world/articles/2020-07-12/hamburg-sex-workers-demand-germanys-brothels-reopen …
- Death toll in U.S. increases as hospitals are overwhelmed - The Washington Post https://www.washingtonpost.com/nation/2020/07/10/coronavirus-live-updates-us/ …
- Covid-19-Review: 5:53 PM 7/11/2020 - Disease X-19 - News Review https://covid-19-review.blogspot.com/2020/07/553-pm-7112020-disease-x-19-news-review.html?spref=tw …
- Covid-19-Review: 5:17 PM 7/11/2020 - News - rats in nyc https://covid-19-review.blogspot.com/2020/07/517-pm-7112020-news-rats-in-nyc.html?spref=tw …
- 9 - Bodies donated to science in Paris are being eaten by rats
8 - NYC rats are going after COVID street diners
The Nine News Nuggets You Need To Know! | KFI AM 640 | Gary and Shannon https://kfiam640.iheart.com/featured/gary-and-shannon/content/2020-07-10-the-nine-news-nuggets-you-need-to-know/ … - NYC restaurants now battling rat problems amid COVID-19 https://nypost.com/2020/07/11/nyc-restaurants-now-battling-rat-problems-amid-covid-19/ …
- Rats Are Taking Over New York City - The New York Times https://www.nytimes.com/2019/05/22/nyregion/rat-infestation-nyc.html …
- New York's hungry rats torment alfresco diners after lockdown famine | New York | The Guardian https://www.theguardian.com/us-news/2020/jul/10/new-york-rats-diners-outdoor-restaurants …
- Michael Novakhov Retweeted“Stone is the central figure in the greatest scandals in U.S. history. Ames, Hanssen, the Rosenbergs, Alger Hiss, [Trump]. And now he [gets] a commutation ... from the president he” protected from charges that he stole office with Russia’s help. Cool.
https://www.theatlantic.com/ideas/archive/2020/07/roger-stone/614068/ …
- Michael Novakhov RetweetedGhislaine Maxwell filmed US politicians with underage girls, former pal claims https://trib.al/Mnij3H9
- rats caused the Pandemic! Rat population was amplified deliberately & globally as the tool & vector of the future Pandemic. | Rats and the COVID-19
Covid-19-Review: 3:06 PM 7/11/2020 - Vice versa: rats caused the Pa... https://covid-19-review.blogspot.com/2020/07/306-pm-7112020-vice-versa-rats-caused.html?spref=tw … - Vice versa: rats caused the Pandemic! Rat population was amplified deliberately & globally as the tool & vector of the future Pandemic.
Rats and the COVID-19 pandemic: Early data on the global emergence of rats in response to social distancing | medRxiv https://www.medrxiv.org/content/10.1101/2020.07.05.20146779v1 … - Rat plague following COVID-19? https://www.news-medical.net/news/20200709/Rat-plague-following-COVID-19.aspx …
Comments
Post a Comment