The rapid rise and outbreak of COVID-19 has led to many temporary and makeshift treatment centers. These treatment centers will likely utilize remote-care devices and will be connected to their system networks. This poses a security concern as temporary hospitals are remote and sit outside of a defense-in-depth architecture.

The pop-up care centers are rife with cybersecurity vulnerabilities due to time constrainst and budgeting issues. The top level concern for hospital administrators are to provide for patients and staff members, and this would include PPE such as masks and growns, ventilators, patient care, and setting up testings. To help reduce risk, IT administrators could make sure that all software is updated and fully patched daily, as well as enabling two-factor authentication for accounts within the temporary care center.

Multiple US agencies including the FBI and DHS issued warnings about a looming state sponsored cyber attack by North Korea. In response, the US government is offering up to $5 million for information regarding the cyber attacks.

North Korea have been associated with mulitple cyber attacks in the past, including the WannaCry ramsonware attacks and the Sony data hack. The current threats primary target financial institutions and digital currency exchanges. With waves of attacks coming from cyber criminals during the virus panic over the past 2 months, it would be a surprise if North Korea didn’t try to take advantage of the situation. Hopefully, someone will be smart enough to try to claim the $5 million reward.

Information on past or present opertaions are eligible for an award, and could be claimed on the the Department of Justice webpage.

It’s a good thing people have limited their travels recently, because two websites belonging to San Franciso Internation Airport were breached last March. SFO recently announced incidents on SFOConnect.com and SFOConstruction.com. The two websites were mainly used by employees to access work contents and details on construction projects related to the airport.

The incident involves accessing the websites using Internet Explorer on either a personal PC or a device not maintained by SFO. The attackers were able to steal device login creditials. Luckily, it wasn’t website creditials.

As a preventative measure, SFO required all employees emails and network passwords to be changed, in case the stolen credentials could be used to logged into other networks.

It’s important to use a broswer that offers more security than IE, and to also update and keep your passwords separate from other accounts. That way, if one account is hacked, the attackers can’t attempt to use the stolen password to access another account on a different network.

Zoom Video Communications has seen a huge surge in attacks recently due to the demand in remote work and online meeting sessions. Besides worrying about privacy data sharing with certain companies such as Facebook, zoom bombings classrooms, and malware injection, researchers have uncovered 2 new zero day exploits on Mac OS that could give hackers privileged root access. This would allow them to access the user’s microphone and camera. As of Thursday, the two vulnerabilites have been patched, and it’s important to keep with your systems application updates and turn them to automatic.

Other security measures to know when using Zoom is to not post the links publicly, and to not click on any links within Zoom chat meetings. Hosts could also disabled comments in the chatbox, as well as lock new participants from joining once the session is underway. Kicking out selected participants, as well as have a holding room before new participants could join will prevent zoom bombings. Of course, it may be difficult to manage if the class size is too large to keep track of incoming and outgoing students.

Civil defense traditionally involves rescue workers, air wardens, and medics workers. In this current day and age, it involved cyber professional fighting against cyber criminals who look to exploit critical infrastructure systems in times of need. Cyber Security companies in Canada have recently formed an all-volunteer cyber defense initiative that will help protect critical systems such as healthcare facilities and municipalities from cyber attacks during the Covid-19 crisis.

With the majority of the world in a pandemic, health care workers are over worked and health care facilies are spread thin. The 475% spike in coronavirus related attacks on health care institions this past month shows that cyber criminals are hoping to cash in on all the panic, fear, and anxiety. Criminals are hoping to find a vulnerability in all the chaos, and expects that victims are more willing to pay instead of wanting to deal with ramsonware.

The spike in health care attacks comes as a surprise for me, as I remember cybercrime groups promising not to target health care related facilities. I guess we should have known better than to trust promises coming from strangers and criminals.

https://www.cbc.ca/news/politics/covid19-cyber-companies-1.5508570

A college drop out made headlines after becoming an entreprenuer and starting a company of his own. The former student and his accomplice ran a fake call support center in India. Since January of last year, the team stole over 8 million dollars from over 40 thousand victims.

People who called the tech support company were asked to go online and click on pop-ups, which would download malwares that stole financial information from the users.

The scheme was only brought to light after a victim posted the fake operation on Youtube. India’s Cyber Crime Cell raided the tech support company after news of the fake operation was posted online. It’s getting difficult to know who to trust online these days, especially if the company is supposed to provide tech support.

https://www.infosecurity-magazine.com/news/fake-tech-support-company-dupes-40k/

The US Department of Homeland Security reports that an unidentified gas compression facility had recently shut down due to a cyber attack. The attack left the facility without access and visibility to certain data and operations, and management decided to shut down operations as a precaution. Other geographic compression facilities also had to halt operations because of pipeline dependencies on the attacked facility.

Cyber criminals used a spearphishing link to obtain access to the facility IT network before pivoting over to the operational technology network. The Department of Homeland Security and CISA has alerted and encourage other energy infrastructure firms to review their cybersecurity, and take steps to protect themselves against similar ransomware attacks.

https://www.insurancejournal.com/news/national/2020/02/19/558805.htm

Plastic surgery images and invoices were leaked from an unsecured database. Images included patients’ nude bodies, faces, open surgery, before and after pictures, and private parts. The unsecured database from a French company call NextMotion allowed anyone with the right IP address to view it’s file, says researchers from vpnMentor. Some laws that would be violated include HIPAA (Health Insurance Portability and Accountability Act) in the US and GDPR (General Data Protection Regulation) in the European Union.

The leak is one of the latest in data exposure from an unsecured cloud database. The problems stems from companies moving their data to the cloud without having proper privacy protocols in place.

https://www.cnet.com/news/plastic-surgery-images-and-invoices-leak-from-unsecured-database/

Coming straight out of a spy movie, hackers can now exfiltrate sensitive data from an air-gapped computer by simply adjusting the screen brightness of a computer. What is an air-gapped computer? An air-gapped computer is one that is isolated from unsecured networks and is not connected to any other systems that is connected to the internet. It is also physcially isolated, meaning that data can only be passed in or out to it physcially. It is a procedure that is usually implemented in a high security environments such as military or banks.

So how does information get extracted from an air-gapped computer? Cybersecurity researchers have been able to demostrate an innovative way to covertly exfiltrate data by exploiting a computer’s emmission components such as light, sound, heat, radio frequencies, and even fluctuations in power currents. A computer infected with malware would encode the collected data as stream of bytes and then modulate it as binary 1 and 0 signals. In one case, the signals could be subtle changes in the computer screen brightness that is then captured by a compromised security camera.

https://thehackernews.com/2020/02/hacking-air-gapped-computers.html

With the world in panic over the current novel coronavirus (2019-nCoV) outbreak, cyber criminals are hoping to exploit the situation by spreading computer viruses in online files. The cyber criminals hope to prey on people’s sense of urgency and wanting information to protect themselves by claiming that the files contain important updates regarding the coronavirus. Officials with the Kaspersky cybersecurity firm have found the dangerous files posing as either PDFs, MP4s, or Docs. The files would contain software threats, taking personal data and spreading to other files just like the coronavirus.

To help prevent the spread of this virus, officials recommend opening links or documents from trusted sources, and to check to make sure documents or video files have the right extensions.

https://www.wxii12.com/article/coronavirus-cybersecurity-computer-viruses-warning/30738057