COVID-19: CYBERSECURITY WATCH #33 – April 1, 2021

In light of the current health crisis, the CERT of digital.security (CERT-DS) will implement a monitoring and alert system linked to the impacts and consequences of COVID-19 on cybersecurity. This monitoring, which can be shared freely, is intended to:

  • Identify the biggest threats to computer systems;
  • Share the resources and tools necessary to grasp and prevent ISS risks;
  • Highlight the best digital practices to adopt in the face of this crisis.

In order to better understand the threats, we will also do a “threat focus” on one of the attacks reported each week. A detailed description and modus operandi of the attack will be made.

Each week’s main news items are grouped into four categories: Threats, Fraud, Useful Resources and Other News.

  • Threats” include malware, phishing and ransomware campaigns, as well as cyberattacks on major infrastructures;
  • Fraud” includes scams and fake news;
  • Useful Resources” refers to the information and tools needed to deal with this health crisis;
  • Other News” combines a variety of information such as government measures taken in the area of cybersecurity.

 

THREATS

Attack: English education sector hit by cyberattacks
Method: Ransomware
Target: The University of Northampton and the Harris Federation
Publication date: 03/27/2021 and 03/29/2021
Description: On March 23, the National Cyber Security Centre (NCSC) acknowledged in an alert the increase in ransomware attacks against the education sector. With the pandemic and the growth of online learning platforms, attack vectors are multiplying. The University of Northampton and the Harris Federation have reported being targeted by cybercriminals. In the first case, the attack paralyzed systems as well as IT and phone servers. In the second case, a ransomware attack disabled computer systems on laptops loaned to students
Link(s):
https://www.ncsc.gov.uk/news/alert-targeted-ransomware-attacks-on-uk-education-sector
https://www.bbc.com/news/uk-england-northamptonshire-56500434
https://www.harrisadvice.org.uk/  

 

FRAUDS

Attack: Fake COVID-19 test results and vaccination certificates sold on the darkweb
Method: Scam
Surface/Application: Darkweb
Publication date: 03/22/2021
Description: In anticipation of the increased vaccination campaigns and the upcoming reopening of borders, fake COVID-19 negative test results sold for 25 dollars and fake vaccine passports sold for 250 dollars are being offered on the darkweb and various hacker forums. Cybercriminals also continue to exploit the sale of fake vaccines, as we reported in a previous watch bulletin.
Link(s) :
https://blog.checkpoint.com/2021/03/22/a-passport-to-freedom-fake-covid-19-test-results-and-vaccination-certificates-offered-on-darknet-and-hacking-forums/

 

USEFUL RESOURCES

Type of resources: Palo Alto Networks publishes a report on the types of phishing campaigns that used COVID-19 as a theme during the year 2020
Target: General public
Publication date: 03/24/2021
Description: The objective of Palo Alto Networks’ report is to understand the vulnerabilities that attackers can exploit to conduct phishing campaigns. The report details, with graphs and examples, the evolution of tactics based on the latest trends related to the pandemic. Palo Alto also presents scenarios on potential targets (healthcare and life sciences industries) and attack vectors (vaccine deployment) as well as recommendations.
Link(s): 
https://unit42.paloaltonetworks.com/covid-19-themed-phishing-attacks/

 

Type of resources: Pinterest announces initiatives to fight against COVID-19 vaccine misinformation
Target: General public
Publication date: 03/11/2021
Description: In February 2021, Pinterest started a campaign banning misleading advertising on COVID-19 while promoting the exposure of expert publications. The platform confirms this policy by collaborating with the Association for Healthcare Social Media (AHSM), partnering with medical organizations that serve underrepresented groups and supporting the non-profit organization Advertising Council, which promotes educational content.
Link(s):
https://newsroom.pinterest.com/en/post/pinterest-announces-new-initiatives-to-fight-against-covid-19-vaccine-misinformation 

 

OTHER NEWS

Country: United States
Subject: The California Department of State Hospitals (DSH)
Publication date: 03/18/2021
Description: A DSH employee improperly accessed patients and employees personal data when reviewing the personnel’s access rights to Atascadero State Hospital data servers as part of his information technology (IT) job duties. The leak involves 1415 patients and 617 employees. The exposed data contains names, COVID-19 test results and health information needed to track the disease. DSH said it is investigating the breach and that there is no evidence that the servers were compromised. 
Link(s):
https://www.dsh.ca.gov/Legal/docs/Data_Breach%20_News_Release_03012021.pdf
https://pasoroblesdailynews.com/data-breach-reported-at-atascadero-state-hospital/123724/

 

Country: United States
Subject: Launch of a digital health passport in New York
Publication date: 03/29/2021
Description: On a voluntary basis, the Excelsior Pass allows Americans to certify with a QR code scan that they have been vaccinated or recently tested negative for COVID-19. The certificate would allow participation and access to public events. Developed by IBM, this technology encrypts and protects health data, preventing any criminal collection or use of the individuals’ information.
Link(s):
https://eu.usatoday.com/story/news/health/2021/03/26/covid-vaccine-passports-new-york-first-vaccination-proof-system/6976009002/

 

Country: New Zealand
Subject: A Computer error reveals personal information of patients booking COVID-19 vaccine appointments
Publication date: 03/27/2021
Description: The Canterbury District Health Board (CDHB) has announced a coding error in a software program used in a local Canterbury medical appointment system. People registering were able to access the name, gender, age and National Health Index number of the 716 applicants.  In a statement, the Ministry of Health (MoH) said the system has been shut down and an investigation has been launched.
Link(s):
https://www.cdhb.health.nz/media-release/covid-19-vaccination-booking-system-error/