NEWS
...Continued from front page
engaged in the virus response” and
added that it has issued a ‘Purple Notice’
alerting police in all its 194 member
countries to the heightened ransomware
threat.
“As hospitals and medical organisa-
tions around the world are working non-
stop to preserve the wellbeing of indi-
viduals stricken with the coronavirus,
they have become targets for ruthless
cyber criminals who are looking to make
a profit at the expense of sick patients,”
said Jürgen Stock, the agency’s secretary
general. “Locking hospitals out of their
critical systems will not only delay the
swift medical response required dur-
ing these unprecedented times, it could
directly lead to deaths.”
Meanwhile, Microsoft has been con-
tacting dozens of hospitals to warn them
that they may have vulnerable VPN
devices and gateways on their networks.
There have been recent examples of the
REvil (aka Sodinokibi) group targeting
Pulse VPN devices to infect targets with
ransomware – the best-known example
being the Travelex breach. And the
DoppelPaymer and Ragnarok groups
have been exploiting the Citrix ADC
(NetScaler) CVE-2019-1978 vulnerabil-
ity to compromise networks.
“We identified several dozen hospi-
tals with vulnerable gateway and VPN
appliances in their infrastructure,” said
Microsoft in a blog post. “To help these
hospitals, many already inundated with
patients, we sent out a first-of-its-kind
targeted notification with important
information about the vulnerabilities,
how attackers can take advantage of
them, and a strong recommendation to
apply security updates.”
The World Health Organisation
(WHO) has come under attack by
sophisticated hackers – possibly mem-
bers of the DarkHotel group, which
has been engaged in cyber espionage
operations since at least 2007. A domain
name was registered that closely mim-
icked that used by the WHO’s internal
mail system.
Flavio Aggio, CISO at the WHO,
told Reuters that the attack was unsuc-
cessful and the identity of the hackers
unknown. He added: “There has been a
April 2020 Computer Fraud & Security
big increase in targeting of the WHO,
and other cyber security incidents. There
are no hard numbers, but such com-
promise attempts against us and the use
of impersonations to target others have
more than doubled.”
The pandemic certainly hasn’t blunted
the ability of China-based hackers to
carry out espionage attacks. Security firm
FireEye said it has seen a spike in activ-
ity by the state-backed group dubbed
APT41, which has been targeting more
than 75 organisations, including manu-
facturers, media companies, healthcare
firms and non-profits. FireEye’s report
said it was “one of the broadest cam-
paigns by a Chinese cyber espionage
actor we have observed in recent years.”
The APT41 group was particularly
focused on exploiting recently disclosed
vulnerabilities in Cisco, Citrix and Zoho
products to attempt penetration of net-
works in the US, Canada, UK, Mexico,
Saudi Arabia, Singapore and more
than a dozen other countries. There’s
more information here: https://bit.
ly/34hb0zG.
Marriott breached
again
M
arriott International has
revealed that it suffered a
data breach earlier this year that
may affect around 5.2 million
guests with Marriott Bonvoy loyalty
scheme accounts.
“At the end of February 2020, we
noticed that an unexpected amount
of guest information may have been
accessed using the login credentials of two
employees at a franchise property,” the
company said in a statement. “We believe
this activity started in mid-January 2020.
Upon discovery, we immediately ensured
the login credentials were disabled, began
an investigation, implemented heightened
monitoring and arranged resources to
inform and assist guests.”
The company also said that there is
no “reason to believe that the infor-
mation involved included Marriott
Bonvoy account passwords or PINs,
payment card information, passport
information, national IDs, or driver’s
licence numbers.”
This is the second breach the firm
has suffered in less than 18 months.
In November 2018 it admitted that
its Starwood Hotels guest reserva-
tion database was compromised, with
unauthorised access going back as far
as 2014. That affected 383 million
customers.
The ramifications of that earlier
breach continue. The UK’s Information
Commissioner’s Office (ICO) said it
intended to fine the company £99m.
The imposition of that penalty was
delayed in January for three months
over legal discussions. And now, due
to Covid-19, the fine has been further
delayed to June 1.
British Airways, which is also facing a
data breach fine from the ICO, has had
its penalty of £183m similarly pushed
back – to May1.
E-commerce fraud to
top $25bn
F raud losses from online payments
will jump by 52% in the next
few years to exceed $25bn a year
by 2024, according to a report from
Juniper Research.
‘Online Payment Fraud: Emerging
Threats, Segment Analysis & Market
Forecasts 2020-2024’ suggests that
stronger security – in large part due to
the EMV initiative – for card-present
payments is driving fraudsters online.
That, combined with the ever-growing
popularity of online shopping, is going
to result in bigger fraud losses for
e-commerce operations, especially in
China, which will account for 42% of
e-commerce fraud by 2024.
Juniper’s predictions take into
account the much-delayed Secure
Customer Authentication (SCA) initia-
tive in Europe. Part of the EU’s PSD2
banking regulations, SCA is now sched-
uled to come into effect at the end of
this year in EU countries and March
2021 in the UK. The regulations will
require that certain types of transac-
tions employ some form of two-factor
authorisation (2FA).
The report is available here:
https://bit.ly/2RgxNX1.
3