COVID-19 | Breaking Cybersecurity News | The Hacker News

A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev , an Ontario resident, was  originally arrested  in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with doing so." News of Vasiliev's jail term was  first reported  by CTV News.  The defendant, who had his home searched by Canadian law enforcement authorities in August and October 2022, is said to have kept a list of "prospective or historical" victims and screenshots of communications exchanged with "LockBitSupp" on the Tox messaging platform. The raid also uncovered a text file with instructions to deploy LockBit ransomware, the ransomware source code, and a control panel used by the e-crime group to deliver the file-locking malware.

Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest in a long list of cybercrimes  capitalizing  on the  coronavirus  pandemic. "A new and troubling phenomenon is that consumers are buying COVID-19 vaccines on the black market due to the increased demand around the world,"  said  Anne An, a senior security researcher at McAfee's Advanced Programs Group (APG). "As a result, illegal COVID-19 vaccines and vaccination records are in high demand on darknet marketplaces." The growing demand and the race towards achieving herd immunity means at least a dozen underground marketplaces are peddling COVID-19 related merchandise, with Pfizer-BioNTech vaccines purchasable for $500 per dose from top-selling vendors who rely on services like Wickr, Telegram, WhatsApp, and Gmail for advertising and communications. Darknet listings for the supposed vaccines are being sold

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working from home. Like in an eerie doomsday movie, servers were left on in the office, but nobody was sitting in the chairs. While everyone hopes that the world returns to its previous state, it's evident that work dynamics have changed forever. From now on, we can assume a hybrid work environment. Even companies that will require their employees to arrive daily at their offices recognize that they have undergone a digital transformation, and work from home habits will remain. The eBook "5 Security Lessons for Small Security Teams for a Post-COVID19 Era" ( download here ) helps companies prepare

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky  detailed  two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting similarities in the post-exploitation process, leading the researchers to connect the two attacks to the North Korean government-linked hackers. "These two incidents reveal the Lazarus group's interest in intelligence related to COVID-19," Seongsu Park, a senior security researcher at Kaspersky, said. "While the group is mostly known for its financial activities, it is a good reminder that it can go after strategic research as well." Kaspersky did not name the targeted entities but said the pharmaceutical firm was breached on September 25, 2020, with the attack again

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol's  COVID-19 Cybercrime Analysis Report , based on the feedback of 194 countries, phishing/scam/fraud, malware/ransomware, malicious domains, and fake news have emerged as the biggest digital threats across the world in the wake of the pandemic. Image source: interpol.int There are primarily two reasons for emerging cyber threats in 2020: Most of the population is working, learning, shopping, or running their business from home, where they're using personal devices from the home/public internet connection, which are usually unsafe and hence highly vulnerable to cybercrimes. The cybercriminals are using the COVID-19 theme to exploit people and

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM), cybersecurity firm Intezer said the pandemic-themed phishing emails were employed to deliver the Go version of Zebrocy (or Zekapab) malware. The cybersecurity firm told The Hacker News that the campaigns were observed late last month. Zebrocy is delivered primarily via phishing attacks that contain decoy Microsoft Office documents with macros as well as executable file attachments. First spotted in the wild in 2015 , the operators behind the malware have been found to overlap with GreyEnergy , a threat group believed to be the successor of BlackEnergy aka Sandworm , suggesting its role as a sub-group with links to Sofacy and

A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor,  IBM Security X-Force researchers  said the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering the COVID-19 vaccine at safe temperatures. The development has prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to  issue an alert , urging Operation Warp Speed ( OWS ) organizations and companies involved in vaccine storage and transport to review the indicators of compromise (IoCs) and beef up their defenses. It is unclear whether any of the phishing attempts were successful, but the company said it has notified appropriate entities and authorities about this targeted attack. The phishing emails, dating to September, targeted organizations in Italy, Germany, South Korea, the Czech Republic, greater Europe

Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible, is taken. While many have anecdotally suggested ways in which Covid-19 related cyberattacks would unfold, we have little data supporting the actual impact of Covid-19 on cybersecurity. Several have reported that the number of malicious emails with the subject related to Covid-19 has grown several hundred percent and that the majority of Covid-19 related emails are now malicious. Beyond the anticipated increase in Covid-19 related malicious emails, videos, and an array of downloadable files, which we all anticipated, what else is going on behind the scenes? Interestingly, cybersecurity

For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the situation wasn't ideal from a cybersecurity standpoint. And hackers all over the world knew it. Almost immediately, Google reported a significant increase in malicious activity, and Microsoft noted trends that appeared to back that up. The good news is that the wave of cyberattacks unleashed by the pandemic peaked in April and has since died down. Fortunately, that's allowing IT professionals and network administrators everywhere to take a deep breath and take stock of the new security environment they're now operating in. The trouble is, there's still so much uncertainty

The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work. There are several trends taking place as a consequence of the outbreak, which has only continued to heighten the need for the tightest possible cybersecurity. Tools for Collaboration There has been a massive spike in the adoption of Tools for Collaboration as a consequence of COVID-19. Concerns about the coronavirus have caused an enormous increase in remote working, with many organizations requiring or at least encouraging their workers to stay at home—especially when cities, states, and even some entire nations are ultimately into lock down in a bid to spread the stem of the disease. Meanwhile, with millions working from home for many weeks now, there has been a spike in the video conferencing and online collaboration software, many of which are fortunately entirely free, allowing orga

As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. The new research, published by Palo Alto Networks and shared with The Hacker News, confirmed that "the threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis." While the security firm didn't name the latest victims, it said a Canadian government healthcare organization and a Canadian medical research university both suffered ransomware attacks, as criminal groups seek to exploit the crisis for financial gain. The attacks were detected between March 24 and March 26 and were initiated as part of the coronavirus-themed phishing campaigns that have become widespr

The Coronavirus quarantine introduces an extreme challenge for IT and Security teams to maintain secure environments during the mass transition of employees working remotely and the surge in cyberattacks targeting its inherent security weaknesses. In a webinar for security service providers taking place on April 22nd ( register here ), a leading MSSP will share how they conquer and overcome the coronavirus quarantine challenges to grow their customer base. The webinar sheds light on the opportunities and challenges this new reality introduces to MSSPs from the perspective of a leading Canadian MSSP. While it might sound strange to discuss the opportunities Coronavirus brings, especially with the changes it imposes on the IT environment, but it does bring a shift in priorities. It turns out that cyber threats that were normally considered a reasonable risk to contain, suddenly become regarded as a critical need to address. Thus, organizations that did not have advanced threat

Tech giants Apple and Google have joined forces to develop an interoperable contact-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. As part of this new initiative, the companies are expected to release an API that public agencies can integrate into their apps. The next iteration will be a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to allow for contact tracing on an opt-in basis. The APIs are expected to be available mid-May for Android and iOS, with the broader contact tracing system set to roll out "in the coming months." "Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders," the companies said. The rare collaboration comes as governments worldwide are increasingly turning to technology such as phone tracking and facial recognition to

In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money. Unfortunately, to some extent, it's working, and that's because the attack surface is changing and expanding rapidly as many organizations and business tasks are going digital without much preparation, exposing themselves to more potential threats. Most of the recent cyberattacks are primarily exploiting the fears around the COVID-19 outbreak—fueled by disinformation and fake news—to distribute malware via Google Play apps , malicious links and attachments, and execute ransomware attacks. Here, we took a look at some of the wide range of unseen threats rising in the digital space, powered by coronavirus-themed lures that cybercriminals are using for espionage and commercial gain. The latest development adds to a l