How Coronavirus leads to increasing cyberattacks
The spread of COVID-19 has created a new wave of phishing and malware attacks, with bad actors looking to use this pandemic as a lure. According to researchers at Checkpoint, there have been over 4000 domains related to Coronavirus, out of which 3 percent are malicious and an additional 5 percent are suspicious. Phishing campaigns include spoofing the domain of the World Health Organization.
As organizations are scrambling their IT infrastructure and deploying work from home policies to ensure business continuity, there has been an uptick in employees using personal, unmanaged devices to access confidential resources without any security purview, leaving organizations at the risk of data loss and breaches. The US Department of Defense has issued a warning to remote workers to take security precautions and guard against potential threats.
Trickbot, a banking trojan, has particularly targeted Italy, a hotspot of COVID-19 spread, with email spam campaigns. While the email subject line is in tune with the daily concerns and talks about the precautions to be taken to prevent the virus spread, the attachment is actually a malicious script to deliver a new Trickbot variant.
Spike in Healthcare data breaches
While the healthcare industry is focused on preventing the spread of coronavirus and working on the vaccine, hacking groups are targeting the industry in full force. The number of healthcare data breaches in 2020 seems to have doubled in recent weeks, and the HIPAA Breach Reporting Tool website of the Department of Health and Human Services lists a total of 105 breaches affecting more than 2.5 million individuals, adding to the tally of 2020. Ryuk Ransomware continues to target medical facilities in spite of the ongoing pandemic. Various healthcare institutes are reaching out to security firms to bolster their defenses against malware and ransomware.
Unprotected Elasticsearch server breach exposes 5 billion records
In one of the biggest data breaches to date, more than 5 billion records were exposed due to an unprotected Elasticsearch database managed by a UK based security firm. The unprotected database was discovered by security researcher Bob Diachenko and housed security incidents of past seven years, including hash types, leak dates, passwords, email addresses, email domains and leak sources.
Unsecured database leaks 425GB of financial records
An Amazon S3 database left unsecured due to a cloud configuration error, has exposed almost half a million (size: 425GB) financial records to the Internet. The exposed data included highly sensitive financial information, such as, credit reports, bank statements, driving license, scanned copies of bank cheques, access information for bank accounts, tax returns, etc. The exposed database was linked to a mobile financial app called MCA Wizard, which was launched in 2018 but is no more available on app stores.