Latest news in the field of cyber security at the beginning of 2021.
COVID-19 vaccination documents theft.
As stated by ESET specialists, cyber criminals posted some of the documents, related to the vaccination in the public domain. As it turned out, the data was stolen last December, as a result of hacking the European Medicines Agency (EMA) database. In the course of the hack, information from such organizations as BioNTech and Pfizer was stolen. Fortunately, the leakage was only limited by one app, and the main target of the criminals was only data of vaccines and drugs used in it. Among the stolen information were screenshots of email addresses, PDF files, e-presentations and EMA peer review comments.
Data stealing from employees of gaming companies.
Global pandemic of the year 2020 caused by the rapid spread of COVID-19 forced many people to spend their free time on the internet in the safety of their own homes, for example, playing video games. According to experts, by 2022, the revenue of the video game industry will be about 200 billion dollars, so it’s no surprise that internet hackers have become much more interested in this area of the global network. As stated by KELA, about 1 million accounts, owned by employees and clients of 25 large companies were compromised, and about half of them were put up for sale on dark net. The actions of the internet criminals can entail many consequences, starting with the acquisition of intellectual property and gaining access to users’ personal information down to smooth functioning of ransomware on devices own by an organization, which will inevitably lead to monetary losses and threats to the reputation of companies.
As stated by specialists, starting from February 8, significant changes will occur in WhatsApp confidentiality policy. As so, Facebook will be allowed to use some of the customers’ data. It is also said that these users who refuse to comply with the new conditions, will have to stop using the app at all. Facebook will gain access to such data as phone numbers, IP-addresses and some of the information that is listed in the “Information We Collect” section.
Spalax – planned attacks on state organizations and private enterprises.
Spalax is a general name for a series of attacks noticed by ESET specialists, the main targets of which were Columbian companies specializing in metallurgical and energetic industries. The criminals work according to the following scheme – at first, you get a letter on your email address, containing a PDF file, allegedly with a link to download a RAR archive. Popular themes for these phishing emails include taking a mandatory test for COVID-19, driving fines or lawsuits. Cybercriminals carry out attacks using Trojan viruses with remote access (RAT), which provide access to keystroke tracking and allow to take hold of a clipboard, thereby extracting the pooled data.
Security system gaps in Mozilla Firefox and Chrome.
According to ESET, many serious errors in the Chrome browser have been associated with memory damage in various components of Chromium. These flaws can be exploited by cybercriminals to remotely execute code within the browser when the user visits a specially crafted web page. Meanwhile, Firefox came up with a new update to address a critical security vulnerability in Firefox 84.0.2, Firefox for Android 84.1.3, and Firefox ESR 78.6.1. The flaw is the way SCTP handles cookie data. In opinion of professionals, in order to get rid of these inconveniences, the latest versions of Chrome and Mozilla should be installed for the correct operation of both web browsers, which will be updated automatically when you start working.
31 january 2021