Friday Five: 3/20 Edition
Hackers take advantage of the COVID-19 pandemic, Magecart group targets NutriBullet, and many countries could be at risk for violating data privacy laws - catch up on the week's infosec news with this roundup!
1. Czech Hospital Hit by Cyberattack While in the Midst of a COVID-19 Outbreak by Catalin Cimpanu
One of the Czech Republic’s biggest COVID-19 testing laboratories, the Brno University Hospital in Brno, was hit by a cyberattack in the middle of the ongoing coronavirus outbreak. There have been 117 infections confirmed in the Czech Republic and that number is growing, so ensuring the hospital is working at full capacity is critical. It is unclear what the nature of the security breach was and whether the hospital’s testing capability was impacted but incident is considered a severe one and is being treated with the utmost urgency. The infection took place at around 5 a.m. the morning of March 13, and forced the hospital, as well as the Children’s Hospital and the Maternity Hospital, to shut down its entire IT network. Brno University Hospital was also forced to postpone urgent surgical interventions and re-route new acute patients to a nearby hospital. The Czech National Cyber Security Center (NCSC), Czech police, and the hospital’s IT staff are all working together onsite to stop the attack and recover the hospital’s IT network.
2. Hackers Find New Target as Americans Work from Home During Outbreak by Maggie Miller
With a staggering amount of Americans working from home amid the COVID-19 outbreak, experts are warning of a new wave of cyberattacks using coronavirus concerns to prey on individuals. Tom Kellermann, who served on a presidential cybersecurity commission during the Obama administration, told The Hill this week that hackers are actively taking advantage of the situation at hand, and stressed that “we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting.” Virtual private networks (VPNs), which enable employees to access an organization's files remotely, can serve as an entry way for hackers to get in and steal sensitive information. Malicious actors are also increasing the amount of phishing emails, specifically those that relate to coronavirus fears, in order to steal teleworkers’ usernames and passwords. Another way in can be home Wi-Fi networks, which are generally less secure than protected corporate networks. Hacking groups remain relentless even in this difficult time, so it's critical that employees are aware of the threats they are facing in order to fight back against these attacks.
3. Blisk Browser Vendors Leaked Data Via Unsecured Database Server by Abeerah Hashim
Security researchers this week discovered an unsecured server that was leaking Blisk browser vendor data. Blisk is a dedicated browser for web developers and its userbase had amassed data on prominent customers like Apple, Microsoft, NASA, eBay, and UNICEF, since its launch in 2014. The unprotected Elasticsearch database contained 3.4GB of customer data including more than 2.9 million records. This information is said to have included users’ email addresses, user agent details, and IP addresses. The security researchers quickly informed Blisk vendors of the matter after coming across the unprotected server, and the company pulled the database offline in a few days. Blisk has publicly confirmed that the incident did not affect any sensitive data, but researchers still fear that the exposed information could lead to future security threats for users.
4. NutriBullet’s Website Injected with Skimmer Three Times by Magecart Group 8 by Bradley Barth
It was reported this week that a group dubbed Magecart Group 8, a faction under the Magecart umbrella, targeted the website of the blender manufacturer, NutriBullet. The group injected the same Java-based payment card skimmer program three times into the company’s international website in an attempt to steal the payment card data of its online customers. The web-skimming code was first inserted on the website on February 20, and every time a skimmer was removed from NutriBullet’s website, the criminal actors would reintroduce another skimmer into the breached web environment. The skimming functionality of this code grabs victims’ payment information as they enter data into the payment field on the website, and then exfiltrates it to attacker-controlled servers. NutriBullet has publicly stated that they remediated the website compromise on March 17 after they were notified, but researchers with the firm RiskIQ posted a report that does not support this assertion. In a blog post, threat researcher Yonathan Klijnsma said, “until NutriBullet acknowledges our outreach and performs a cleanup, we highly advise against making any purchases on the site as customer data is endangered.” NutriBullet has not publicly responded to the claims made in the blog post.
5. Location Data to Gauge Lockdowns Tests Europe’s Love of Privacy by Jonathan Tirone, Thomas Seal, and Natalia Drozdiak
Officials in Austria and Italy are joining the growing list of nations using mobile phones to help contain the COVID-19 pandemic. The countries are using tracking technology, developed by Invenium Data Insights GmbH, to track and analyze population movements in areas of lockdown. The technology is said to provide “anonymized data” to authorities in order to help countries keep track of the growing disease. Other companies in China, Israel and Vietman are using similar applications to help contain the pandemic. Google is also in the process of developing a platform that includes user location for the United States. Although this technology may help contain the spread of coronavirus, it could combine some of the most sensitive types of information companies could collect about individuals. This is almost certain to put many companies at risk for breaking privacy laws, especially in Europe where some of the world’s strictest rules around accessing mobile phone location data exist.