Tag: cyberattack

As Russia Invaded, Hackers Broke Into A Ukrainian Internet Provider. Then Did It Again As Bombs Rained Down

One of Ukraine’s major internet providers was hacked twice – once in February just as Russia was invading and again on March 9, a source says. A major Ukrainian internet service provider says it was hacked twice. Sources tell Forbes that the first hack was in February, the second on March 9, and that the hackers managed to reset devices to factory settings.

In the last 24 hours, with Russia continuing its heavy bombardment across Ukraine, parts of the country have seen severe internet outages. One cause appears to be a cyberattack on telecoms provider Triolan, which serves a substantial number of users across the country.

Unverified reports circulated earlier today suggesting Triolan had been hit by an attack. Asked over Facebook if reports of a cyberattack were true, a spokesperson responded, “Yes, unfortunately, there are no details. Engineers are now working on restoring the Internet.”

Three other sources within the company and a former cofounder of the business said a cyberattack had occurred, with one claiming some of Triolan’s internal computers had stopped working because the “attackers reset the settings to the factory level.” They added that recovery was proving difficult because some equipment required physical access to restore, which was not possible due to the risk of life to personnel.

“We haven’t been able to pinpoint the source of the problem and we can’t pinpoint anyone at fault,” the source added. Another added that the attack landed on March 9, when internet outages began.

A post on the company’s Telegram page revealed that the company had, in fact been hacked twice. A source within the company said the first hack hit on February 24 as Russia moved tanks into the country, with the second on March 9, and that they had much the same effect.

Read more: https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/

Triolan said “key nodes of the network” had been hacked and that some routers couldn’t be recovered. It said 70% of those nodes in Kyiv, Kharkiv, Dnipro, Poltava, Odesa, Rivne and Zaporizhia had been restored today.

There may be other reasons for disruption of telecoms at Triolan, given it is based in Kharkiv, which has been bombarded by Russian shelling. But a cyberattack on the internet service provider represents one of the more damaging hits in what has been a fairly muted cyber side to the Russian invasion of Ukraine.

Other attacks on Ukraine included attempts to install malware that would wipe PCs and a number of distributed denial of service attacks, which flooded government and banking websites with traffic to knock them offline.

The effects of the outage will have been felt across its subscriber base. “Triolan is one of the top destinations for internet traffic in Ukraine from our perspective, so it is safe to say that there are likely thousands of Ukrainians that are affected by this outage,” said Doug Madory, director of internet analysis at Kentik, an internet monitoring company.

Data from the Internet Outage Detection and Analysis at the Georgia Institute of Technology showed a sudden drop off in connectivity for Triolan late Wednesday, which has continued throughout Thursday. NetBlocks, another global internet outage tracker, saw similar downtime.

Various outages across Ukraine have been caused by physical destruction of infrastructure. Wednesday saw “major internet disruption” registered across Kherson Oblast, in southern Ukraine, with downtime at providers Ukrtelecom and Volia.

Thomas Brewster

Thomas Brewster

I’m associate editor for Forbes, covering security, surveillance and privacy. I’m also the editor of The Wiretap newsletter, which has exclusive stories on real-world surveillance and all the

Source: As Russia Invaded, Hackers Broke Into A Ukrainian Internet Provider. Then Did It Again As Bombs Rained Down

.

Critics:

Network data from NetBlocks confirm a series of significant disruptions to internet service in Ukraine from Thursday 24 February 2022. Disruptions have subsequently been tracked across much of Ukraine including capital city Kyiv as Russia’s military operation progresses.

On the morning of Thursday 24 February 2022, internet disruptions were registered in Kharkiv, Ukraine’s second largest city. Also on the morning of 24 February, hours prior to the commencement of Ukraine’s invasion of Russia, the Viasat satellite internet network which serves Ukraine and much of Europe was knocked offline in a targeted cyberattack

On Saturday morning as the conflict reached Kyiv, a major disruption was registered to backbone internet provider GigaTrans, which supplies connectivity to several other networks.

While connectivity remained available through other routes and the disruption was brief, the incident is understood to have had significant impact to telecommunications infrastructure.

From 4 March 2022 NetBlocks tracked a loss of connectivity at the Zaporizhzhia nuclear power plant in southeast Ukraine, affecting fixed-lines and mobile services. The loss of communications was subsequently raised as a point of concern by the International Atomic Energy Agency.

On 9 March 2022, internet provider Triolan was targeted by a cyberattack for a second time, with the first instance having been observed on the morning of 24 February when invasion began. Both events have caused significant losses to connectivity at nation scale.

Read more: https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/

On the night of Thursday 10 March, an attack on the Kharkiv Institute of Physics and Technology, which hosts an ADS neutron source facility, was labelled an “act of nuclear terrorism” by the State Nuclear Regulatory Inspectorate of Ukraine. The incident following attacks at Zaporizhzhia and Chernobyl has heightened concerns that Russia might be intentionally targeting nuclear sites.

What’s happening in Ukraine?

Russian leader Vladimir Putin announced military mobilization on the morning of Thursday 24 February 2022 and artillery was fired while as moved into Kharkiv about 25 miles from the Russian border. The security situation deteriorated through subsequent days with Ukrainian authorities advising civilians to get off the streets and seek shelter.

Beside the disruptions to telecommunications infrastructure documented in this report, cyber-attacks have disrupted Ukraine’s defence and banking sectors.

Further reading:

Previously:

More Remote Working Apps:

https://quintexcapital.com/?ref=arminham     Quintex Capital

https://www.genesis-mining.com/a/2535466   Genesis Mining

http://www.bevtraders.com/?ref=arminham   BevTraders

https://jvz8.com/c/202927/369164  prime stocks

https://jvz3.com/c/202927/361015  content gorilla

https://jvz8.com/c/202927/366443  stock rush

https://jvz1.com/c/202927/373449  forrk

https://jvz3.com/c/202927/194909  keysearch

https://jvz4.com/c/202927/296191  gluten free

https://jvz1.com/c/202927/286851  diet fitness diabetes

https://jvz8.com/c/202927/213027  writing job

https://jvz6.com/c/202927/108695  postradamus

https://jvz1.com/c/202927/372094  stoodaio

https://jvz4.com/c/202927/358049  profile mate

https://jvz6.com/c/202927/279944  senuke

https://jvz8.com/c/202927/54245   asin

https://jvz8.com/c/202927/370227  appimize

https://jvz8.com/c/202927/376524  super backdrop

https://jvz6.com/c/202927/302715  audiencetoolkit

https://jvz1.com/c/202927/375487  4brandcommercial

https://jvz2.com/c/202927/375358  talkingfaces

https://jvz6.com/c/202927/375706  socifeed

https://jvz2.com/c/202927/184902  gaming jobs

https://jvz6.com/c/202927/88118   backlink indexer

https://jvz1.com/c/202927/376361  powrsuite

https://jvz3.com/c/202927/370472  tubeserp

https://jvz4.com/c/202927/343405  PR Rage

https://jvz6.com/c/202927/371547  design beast

https://jvz3.com/c/202927/376879  commission smasher

https://jvz2.com/c/202927/376925  MT4Code System

https://jvz6.com/c/202927/375959  viral dash

https://jvz1.com/c/202927/376527  coursova

https://jvz4.com/c/202927/144349  fanpage

https://jvz1.com/c/202927/376877  forex expert

https://jvz6.com/c/202927/374258  appointomatic

https://jvz2.com/c/202927/377003  woocommerce

https://jvz6.com/c/202927/377005  domainname marketing 

https://jvz8.com/c/202927/376842  maxslides

https://jvz8.com/c/202927/376381  ada leadz

https://jvz2.com/c/202927/333637  eyeslick

https://jvz1.com/c/202927/376986  creaite contentcreator

https://jvz4.com/c/202927/376095  vidcentric

https://jvz1.com/c/202927/374965  studioninja

https://jvz6.com/c/202927/374934  marketingblocks

https://jvz3.com/c/202927/372682  clipsreel

https://jvz2.com/c/202927/372916  VideoEnginePro

https://jvz1.com/c/202927/144577  BarclaysForexExpert

https://jvz8.com/c/202927/370806  Clientfinda

https://jvz3.com/c/202927/375550  Talkingfaces

https://jvz1.com/c/202927/370769  IMSyndicator

https://jvz6.com/c/202927/283867  SqribbleEbook

https://jvz8.com/c/202927/376524  superbackdrop

https://jvz8.com/c/202927/376849  VirtualReel

https://jvz2.com/c/202927/369837  MarketPresso

https://jvz1.com/c/202927/342854  voiceBuddy

https://jvz6.com/c/202927/377211  tubeTargeter

https://jvz6.com/c/202927/377557  InstantWebsiteBundle

https://jvz6.com/c/202927/368736  soronity

https://jvz2.com/c/202927/337292  DFY Suite 3.0 Agency+ information

https://jvz8.com/c/202927/291061  VideoRobot Enterprise

https://jvz8.com/c/202927/327447  Klippyo Kreators

https://jvz8.com/c/202927/324615  ChatterPal Commercial

https://jvz8.com/c/202927/299907  WP GDPR Fix Elite Unltd Sites

https://jvz8.com/c/202927/328172  EngagerMate

https://jvz3.com/c/202927/342585  VidSnatcher Commercial

https://jvz3.com/c/202927/292919  myMailIt

https://jvz3.com/c/202927/320972  Storymate Luxury Edition

https://jvz2.com/c/202927/320466  iTraffic X – Platinum Edition

https://jvz2.com/c/202927/330783  Content Gorilla One-time

https://jvz2.com/c/202927/301402  Push Button Traffic 3.0 – Brand New

https://jvz2.com/c/202927/321987  SociCake Commercial

https://jvz2.com/c/202927/289944  The Internet Marketing Newsletter PLR Monthly Membership

https://jvz2.com/c/202927/297271  Designa Suite License

https://jvz2.com/c/202927/310335  XFUNNELS FE Commercial Drag-n-Drop Page Editor

https://jvz2.com/c/202927/291955  ShopABot

https://jvz2.com/c/202927/312692  Inboxr

https://jvz2.com/c/202927/343635  MediaCloudPro 2.0 – Agency Rights

https://jvz2.com/c/202927/353558  MyTrafficJacker 2.0 Pro+

https://jvz2.com/c/202927/365061  AIWA Commercial

https://jvz2.com/c/202927/357201  Toon Video Maker Premium

https://jvz2.com/c/202927/351754  Steven Alvey’s Signature Series 3rd Installment

https://jvz2.com/c/202927/344541  Fade To Black

https://jvz2.com/c/202927/290487  Adsense Machine

https://jvz2.com/c/202927/315596  Diddly Pay’s DLCM DFY Club

https://jvz2.com/c/202927/355249  CourseReel Professional

https://jvz2.com/c/202927/309649  SociJam System

https://jvz2.com/c/202927/263380  360Apps Certification Masterclass

https://jvz2.com/c/202927/359468  LocalAgencyBox

https://jvz2.com/c/202927/377557  Instant Website Bundle

https://jvz2.com/c/202927/377194  GMB Magic Content

https://jvz2.com/c/202927/376962  PlayerNeos VR

Cybercriminals Are Coming for Your Business. Here Are 5 Simple Ways to Keep Them Out

Now, more than ever, is a crucial moment to button up cyber security measures at your company. Small businesses were easy prey for cybercriminals during the pandemic. A shift to remote work meant hackers had their pick of unsecured home networks and devices. Now, even though many businesses have moved back to in-office work, it’s likely they’ll still be targeted by hackers. Savvy thieves often see small businesses as a “Trojan Horse” to the larger businesses with which they partner.

Panelists at a Chamber of Commerce event on Thursday shared tips on what businesses need to keep in mind in order to protect their data and assets from cyberattacks.

Ransomware comes in via email and can hide for several days.

Some cyberattacks will do damage instantly, taking down all of your systems and locking you out. But some, such as ransomware emails, require more time to take root.

“So maybe an employee clicks on an email that goes through their device, and they send that email to somebody else that hits another application or device. It can really be in your system for several days before you notice it,” said Tara Holt, senior product marketing manager at Iron Mountain. The delayed timeline is crucial to keep in mind as you work to nail down when and how a breach occurred.

Backup critical data, both on- and off-site.

Holt and other cybersecurity experts encourage businesses to store a backup of your most critical data as a second line of defense. This should be both off-site and online. Your business may still be able to operate during a cyberattack, even in a limited context, if there’s a backup handy.

Make sure payment processors are PCI compliant.

An overlooked area of cybersecurity is your third-party payment processor. Businesses that make hundreds of transactions per day must ensure that security standards are in place to prevent theft. Most merchants that accept credit cards must adhere to the Payment Card Industry Data Security Standard, or PCI.

A few credit card companies allow merchants that are not PCI compliant, but tread carefully with them — you’ll likely be stuck with the bill in the event of a breach. “If you get a breach, and you’re not PCI compliant, it’s a minimum of $80,000 apiece and MasterCard will have to charge you, because they’re going to have to resubmit new cards for those people whose cards may have also been compromised,” said Renee VanHeel, president of Pay It Forward Processing.

You can pay the ransom, but don’t expect to get your data back.

While taking cybercriminals at their word is always a risky undertaking, when it comes to ransomware, few crooks are honest players. Businesses that pay ransoms must deal with the very likely possibility that any data they get back will either be incomplete or corrupt.

An estimated 92 percent of victims who pay the requested ransom don’t get their data back, according to a 2021 Sophos State of Ransomware report.

Use a “zero-trust network” and multi-factor authentication.

Chances are, your team probably needs a refresher on what makes a strong, unique password, which can go a long way toward securing your systems. Best practices include combining three or more unrelated words — proper nouns are good — with numbers or special characters separating them.

Requiring the use of VPNs is also key. Saïd Eastman, CEO of JobsInTheUS, says his company uses both an internal VPN and a third-party VPN for customers. “We do that because we believe it’s important for us to provide a secure environment for our employees to get in to do their jobs, but also a place for our customers,” he said.

Holt also suggests that businesses create what is called a “zero-trust network” that authenticates users every time they log-in. Multi-factor authentication, where users must enter a passcode that is sent to their phone or email, is another good safeguard.

“Adding in as many different layers of security as you can can really be that first step to protect you,” said Holt.

Take These Small Steps to Stop Cyber Attacks From Creating Big Problems for You

At a time when remote work and its increased security risks have become the norm, ongoing difficulty in safeguarding corporate networks suggests that the status quo isn’t working. That’s why IT security teams are moving from a passive to an active approach. The MITRE Corporation (a nonprofit that manages federally funded research and development centers) recently introduced its Shield framework, in which it clearly states that active defense is critical in overcoming today’s threats. Business leaders who know the latest strategies and recommendations place their companies in a strong position to remain secure.

Related: The How-To: Protecting Your Intellectual Property As A Small Business

The concept of active defense

Shield is an active defense knowledge base developed from over a decade of enemy engagement. With it, MITRE is trying to gather and organize what it has been learning with respect to active defense and adversary engagement. This information ranges from high-level, CISO-ready considerations of opportunities and objectives to more practitioner-focused conversations of the tactics, techniques and procedures defenders can use. This latest framework is aimed at encouraging discussion about active defense,  how it can be used, and what security teams need to know.

Defining active defense

Active defense covers a swathe of activities, including engaging the adversary, basic cyber defensive capabilities and cyber deception. This entails the use of limited offensive action and counterattacks to prevent an adversary from taking digital territory or assets. Taken together, these activities enable IT teams to stop current attacks as well as get more insight into the perpertrator. Then they can prepare more fully for future attacks.

As MITRE notes, the modern security stack must include deception capabilities to truly deter and manage adversaries. In Shield’s new tactic and technique mapping, deception is prominent across eight active defense tactics—channel, collect, contain, detect, disrupt, facilitate, legitimize and test—along with 33 defensive techniques.

Related: Cybersecurity Implementation And Future Strategies For Enterprises

The truth about deception

Threat actors are targeting enterprise networks nonstop, anyone from nation-state attackers seeing proprietary information to more run-of-the-mill criminals looking to cause chaos and obtain some PII they can exploit. Analysts estimate that critical breaches of enterprise networks have increased by a factor of three to six, depending on the targets.

As leaders consider their security strategy,  they need to not only understand what active defense means but also what deception actually is. A prevailing misconception is that deception is synonymous with honeypots, which have been around for a long time and are no longer effective. And to make them as realistic as possible requires a lot of management so that if attackers engage with a honeypot, they won’t be able to detect that it is not a real system and therefore know they’re in the middle of getting caught.

So, it’s time to clear up that notion. In truth, deception technology and honeypots are not synonymous. That’s how deception began, but it has evolved significantly since then. Today’s deception takes the breadcrumb/deceptive artifact approach that leads attackers on a false trail, which triggers alerts so that defenders can find and stop the attackers in real time. Only unauthorized users know the deceptions exist, as they don’t have any effect on everyday systems, so false positives are dramatically reduced. These aspects of deception technology add financial value to the IT security organization.

In addition, some organizations wrongly perceive that deception is too complex and yields comparatively little ROI. Security organizations could enjoy the benefit of using deception technology – which is lightweight and has a low cost of maintenance – but some are hesitant because they think it’s an overwhelming, complex approach that they won’t get enough value from. However, using technology assists like automation and AI, deception eliminates the complexity it has been previously known for.

Organizations tend to think of deception from a technology standpoint, but that’s wrong; it should be thought about from a use case standpoint. For instance, detection is a fundamental element of any security program. Everyone needs better detection capabilities – part and parcel of what today’s deception tools do.

A stronger defense

As cybercriminals’ tactics and tools continue to change, so must defenders’. An expanded threat landscape and new attack types make this job tougher than ever. Many organizations around the world were thrust into rapid digital transformation this year, which created security gaps for bad actors to exploit. The events of 2020 highlight the need for a better approach to securing critical assets. Active defense is part of that approach, as outlined in the MITRE Shield framework. Deception technology is an agile solution worthy of incorporation into an organization’s security strategy.

Related: 5 Types of Business Data Hackers Can’t Wait to Get Their Hands On

Source: https://www.entrepreneur.com/

.

Global Business

How To Go Global With Your Business

How a brand can prepare to go global and what they should consider before setting foot across the sea. Chris Porteous | 6 min read YouTube

Buy on YouTube? The platform is testing a sales tool

By clicking on the “super bag”, users will be redirected to a purchase page where the products, related videos and sale options will be located. Entrepreneur en Español | 1 min read Blue Origin

Jeff Bezos wants to send passengers into space in April: report

Blue Origin, the Amazon co-founder’s space exploration company, would take people into space on its New Shepard ship. Entrepreneur en Español | 1 min read How to Become a Millionaire

Survey: The Top 9 Books Recommended by Millionaires

So you want to be a millionaire? Start reading like one. Hayden Field | 1 min read Marketing

4 trends that will mark digital marketing in 2021

One of the biggest challenges advertisers and media will face in 2021 is being able to communicate with consumers and transact effectively in a cookie-free world. Entrepreneur en Español | 5 min read Success Stories

Mike Ling Came to America to Study Medicine. Now He Runs a Successful Fitness-Tech Company. It All Came Down to Passion.

The 43-year-old FitTime founder sheds light on how a plant-based diet, meditation and Jiu-Jitsu helped him become sturdier and more successful. Kenny Au | 6 min read News and Trends

Will I Get a Stimulus Check? What You Need to Know About the Second Round of Payments.

Here’s what you need to know about stimulus check payments. Megan Pratz | 6 min read News and Trends

Taco Bell Is Working With Beyond Meat to Create a New Plant-Based Protein

Another kind of not-meat is coming to Taco Bell this year. Igor Bonifacic | 2 min read News and Trends

Instacart Offers Employees $25 to Get COVID-19 Vaccine

Eligible workers won’t have to choose between earning income and getting vaccinated. Stephanie Mlot | 2 min read

.

Ben Lovegrove

How to protect yourself against cyber attacks during an age in which we all have to be educated and vigilant at home and at work. Download your copy of Roboform Password Manager for personal and business use: http://ow.ly/o1A530qhvNa In this video I describe some ways in which you can protect yourself and your assets against cyber attacks. It’s not an exaggeration to state that we are in the midst of an epidemic of cyber crime. Even if you take the reported cases at face value it’s bad enough but there are reasons to suspect that the actual situation is much worse because so much is not reported. The police are under resourced, investigations are complex, and consequently the criminals feel empowered to continue and to step up their attacks.

So the onus is on us as individuals and business to strengthen our defences and to mitigate the risks by taking the essential precautions. Some of these tips may seem obvious and yet it’s amazing how many people fail to act on this type of advice. 1: Use strong and unique passwords. Yes, I know, logging in (and clicking away the cookie notice) is a pain but it can be semi automated with a good password manager. I’ve used Roboform for years (see link below) and it includes a tool that will generate cryptic passwords containing a mix of numbers, symbols, and letters in upper and lower case. These are stored in an encrypted file which is synchronised across all my devices; PC, laptops, mobile phones. You should use long, unique, and cryptic passwords of 12 characters or more for everything that requires you to log in – not just your pension account or favourite shopping site, but also the broadband router on your home network – everything. If the log-in process includes the option to send a passcode to your mobile phone then enable it and use it. 2: Be aware of data breaches and react to them. Even with a strong password your details may be compromised if a company fails to protect their network and thieves hack in and steal data. If you see any such reports in the press check to see if you have an account with the company and if you do, change your passwords immediately. This won’t stop you details being sold on the Dark Web but it will prevent anyone from using your now compromised password. Meanwhile, remain vigilant for any calls, mails, or other signs that your identity is being used by a criminal. Continued in the video…

My recommended products on Amazon.com: https://www.amazon.com/shop/benlovegrove My recommended products on Amazon.co.uk: https://www.amazon.co.uk/shop/benlove… My YouTube Channel Information: Subscribe to my channel: https://goo.gl/FhzGmn My most recent upload: https://goo.gl/ujZ7ms My most popular upload: https://goo.gl/ThKf7y My Playlists: Flight Training, Private & Commercial Pilot: https://goo.gl/EuD7wt Learn To Fly, Get Your Pilot’s Licence: https://goo.gl/6Z6h6P General Aviation: https://goo.gl/p8MLZY Aviation Careers: https://goo.gl/bhZWXL Career Training & Business Tools: https://goo.gl/rh9P46 My Social Media Links: Twitter: https://twitter.com/BensBookmarks Instagram: https://www.instagram.com/ben_lovegro… Facebook: https://www.facebook.com/redspansolut… My Secrets Revealed: I create these videos using Vidnami: http://ow.ly/lu1e30qRlhC I optimise these videos using TubeBuddy: http://ow.ly/x7yH30qRlhU Contact me: Go to my channel homepage and click on the About tab to reveal my email address: https://wwww.youtube.com/c/benlovegrove Show your support: Sponsor more videos like this: https://www.patreon.com/redspan Consider leaving a tip: https://paypal.me/redspan Bespoke videos made for you: https://goo.gl/22u4R6 Acknowledgements: This presentation contains images that were used under a Creative Commons License. Click here to see the full list of images & attributions: https://app.contentsamurai.com/cc/734825 This presentation may also include video clips licensed under the Creative Commons Zero (CC0) license and/or video clips of our own.

Cyber Attackers Leaked Covid-19 Vaccine Data After EU Hack

The European Medicines Agency (EMA) has reported that some of the data on the Pfizer/BioNTech COVID-19 vaccine that was stolen during a cyber-attack in early December 2020 was released online illegally shortly after the attack. 

The leak was discovered during an investigation that was launched into the attack by the EMA and law enforcement. It is claimed that evidence of the stolen data was found on various hacking forums as early as 31 December. The EMA stated yesterday (13 January) that action is being taken by authorities.

The EMA is a decentralized agency responsible for evaluating, monitoring and supervising new medicines introduced to the EU. As such, it is accountable for approving any COVID-19 vaccines. On 9 December 2020, the EMA released a statement alerting that it had been subject to the cyber-attack. 

Pfizer and BioNTech then released a joint statement outlining the nature of the breach: “Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”

At the time, it was concluded that only a small number of documents had been accessed, limited to a single IT application as the hackers targeted data relating specifically to the Pfizer/BioNTech COVID-19 vaccine. Nevertheless, according to sources on technology and cybersecurity website BleepingComputer, the threat actors accessed Word documents, PDFs, email screenshots, PowerPoint presentations and EMA peer review comments.

The EMA assured that, despite the breach, its regulatory network is fully operational and that the evaluation and approval of COVID-19 medicines have not been affected by the incident.

THE LARGER PICTURE

The breach of the EMA server is not the only cyber-attack related to COVID-19 vaccines. There has been increasing concern about the safe deployment of the vaccine as cybercriminals attack the vaccine “cold chain”, launching what has been called a “global phishing campaign” against organizations responsible for the transport and sub-zero storage of the vaccine, supposedly in an attempt to gain unauthorized access to private credentials and sensitive information regarding the vaccine’s distribution.

Experian also released a report at the end of 2020 warning of the potential security risks that accompany the technological diversification in healthcare affected by COVID-19. It highlighted the potential risks of overlooking cybersecurity and the increased possibility of misinformation, particularly regarding the COVID-19 vaccine, while Dr Saif Abed also outlined the challenges of cybersecurity during the global mass rollout of the vaccine in a blog for Healthcare IT News.

ON THE RECORD

Responding to the announcement, chief security officer at Cybereason, Sam Curry, called security breaches surrounding the COVID-19 vaccine “diabolical”.

He continued: “Hackers today still see COVID-19 as a strategically valuable asset and it’s likely they will for the foreseeable future. Kudos to the pharma and research companies for working with law enforcement agencies to face these threats head on with advanced cyber tools and improved security hygiene. These companies face a new reality each and every day that motivated hackers will be successful every time they attempt to hack a company because they are well funded and are looking to reap both financial and political fame.

As the protection surface expands to mobile, the cloud and other potential attack vectors, those companies that can detect a breach quickly and understand as much as possible about the hacking operation itself, will be able to stop the threat and minimize or eliminate the risk all together.”

By Sophie Porter

.

More Contents:

.

Bloomberg Quicktake: Now

Hackers posted confidential documents regarding Covid-19 medicines and vaccines on the internet after a data breach late last year at the European Medicines Agency. Timelines related to evaluating and approving Covid medicines and vaccines haven’t been affected, the EMA said in a statement on Tuesday. The agency said it remains fully functional and that law enforcement authorities are taking action on the breach. Caught up in the hack were some documents submitted by Pfizer Inc. and BioNTech SE during regulatory review of their vaccine, approved last month.

The EMA said it would notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access. Pfizer shares fell 2.2% in New York, with BioNTech’s American depositary receipts down 5.1%. Subscribe to our YouTube channel: https://bit.ly/2TwO8Gm Bloomberg Quicktake brings you live global news and original shows spanning business, technology, politics and culture. Make sense of the stories changing your business and your world. To watch complete coverage on Bloomberg Quicktake 24/7, visit http://www.bloomberg.com/qt/live, or watch on Apple TV, Roku, Samsung Smart TV, Fire TV and Android TV on the Bloomberg app. Have a story to tell? Fill out this survey for a chance to have it featured on Bloomberg Quicktake: https://cor.us/surveys/27AF30 Connect with us on… YouTube: https://www.youtube.com/user/Bloomberg Breaking News on YouTube: https://www.youtube.com/c/BloombergQu… Twitter: https://twitter.com/quicktake Facebook: https://www.facebook.com/quicktake Instagram: https://www.instagram.com/quicktake

.

What Caused The Massive Microsoft Teams, Office 365 Outage On Monday? Here’s What We Know

Cloud-based Microsoft applications, including Microsoft Teams, went down across a swathe of the U.S. yesterday.

Users of Microsoft Office 365, Outlook, Exchange, Sharepoint, OneDrive and Azure also reported they were unable to login. Instead, they were presented with a “transient error” message informing them there was a problem signing them in.

These issues appear to have started at around 5 p.m. ET, with services not returning to normal for many until 10 p.m. ET.

Indicative of the times we live in, whenever such an outage impacts so many people, the question of whether it’s an ongoing cyber-attack is front and center.

However, there is no evidence this was the case last night. So what did happen to take down access to Microsoft Teams, with work from home users taking to Twitter to complain of being unable to work, not to mention Office 365 and other cloud-based service disruption? Recommended For You

As was the case in June, when mobile calls and text messaging went down for many in the U.S. and August, when global internet traffic to major sites was disrupted, the cause could be much more mundane than a coordinated cyber-attack.

The first clue came when a Microsoft 365 Status message posted to Twitter revealed that Microsoft had “identified a recent change that appears to be the cause of the issue,” and said this was being rolled back to mitigate the impact.

However, soon after, another tweet poured cold water on that as it confirmed that Microsoft was “not observing an increase in successful connections” as a result of the rollback.

Two hours later, after rerouting traffic to “alternative infrastructure,” Microsoft reported improvements in multiple services.

Wait a moment, does that mean it could have been a massive, and somewhat audacious, distributed denial of service (DDoS) attack after all? Not according to a statement from a Microsoft spokesperson given to CNN Business: “we’ve seen no indication that this is the result of malicious activity.”

Another Microsoft status update message pointed to “a specific portion of our infrastructure” that was not processing authentication requests as expected.

According to some reports, this was a “code issue” that prevented the processing of those authentication requests “in a timely fashion.”

This remains a developing story as far as cause, rather than effect, is concerned. I reached out to Microsoft for a statement regarding what went wrong with the authentication process, but all a spokesperson said at this stage was: “We’ve fixed the service interruption that some customers may have experienced while performing authentication operations. At this time, we’ve seen no indication that this is the result of malicious activity.”

If things were bad at the start of the week, they got worse towards the end. On Thursday, October 1, Microsoft confirmed another outage. This time impacting Outlook users globally. MORE FROM FORBESNew Worldwide Microsoft Outage Confirmed-Here’s What We KnowBy Davey Winder

— Updated September 29 with a statement from Microsoft.

— Updated October 1 with news of another global outage Follow me on Twitter or LinkedIn. Check out my website.

Davey Winder

 Davey Winder

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share

.

The system was down for about four hours on Monday making it impossible for remote employees, businesses and schools who use the programs for remote learning to access. #wakeupcharlotte

%d bloggers like this: