|
Cyber Daily: Covid-19 Vaccine Scams Grow, Leveraging Confusion on How to Get the Shot | U.S. Ambassador for Cyberspace
|
|
|
|
|
|
Hello. Cybercriminals are targeting Covid-19 vaccine seekers in a big way, WSJ Pro’s Brooke Henderson reports. U.S. officials have analyzed almost 80,000 Covid-19 domain names looking for fraud and made multiple arrests, including those of three men who allegedly tried to sell doses at an impostor Moderna website.
Also: Will the U.S. name a cyber ambassador? WSJ Pro’s David Uberti reports on a renewed call for a role that created friction between Congress and the Trump administration.
Other news: Extortion campaign linked to Accellion hack; Apple chips are targeted; warrantless data collection; Harvard Eye Associates reveals breach; cloud insecurity; House and Senate hearings this week on SolarWinds.
|
|
|
|
Battling Online Covid-19 Fraud
|
|
|
|
An image of a fraudulent website that invited the public to buy doses of Moderna’s Covid-19 vaccine. The Justice Department charged three men with conspiracy to commit wire fraud in a criminal complaint filed Feb. 9 in federal court in Baltimore.
PHOTO: U.S. DEPARTMENT OF JUSTICE
|
|
|
Capitalizing on confusion: Consumers researching ways to protect against the novel coronavirus might have stumbled upon what appeared to be a new website from Moderna Inc., announcing in capital letters, “You may be able to buy a Covid-19 vaccine ahead of time,” and offering doses for $30 each.
Another impostor site, at regeneronmedicals.com, claimed to be linked to Regeneron Pharmaceutics Inc., the biotechnology company that provided the treatment used on former President Trump last year when he had Covid-19.
Not only should companies track the way their brand and name are being used, but the cybersecurity team can work with intellectual property lawyers to identify trademark and copyright violations, experts say.
Read the full story.
|
|
|
|
International diplomacy is necessary to “establish cyber norms,” according to Rep. Jim Langevin, one of the co-sponsors of an update to the Cyber Diplomacy Act.
PHOTO: MICHAEL BROCHSTEIN/ZUMA PRESS
|
|
|
U.S. cyber ambassador: A group of congressional lawmakers is renewing its call for a cyber ambassador in the State Department, reviving a bill that created friction between Congress and the Trump administration. The Cyber Diplomacy Act, due to be introduced Tuesday, proposes a centralized cyber bureau headed by an ambassador who would advise the Secretary of State on cyber strategy. The diplomat would push U.S. digital economic interests and lead international responses to security incidents. (WSJ Pro Cybersecurity)
Extortion linked to Accellion hack: A cyberattack group known as UNC2546 breached Accellion Inc.’s FTA file-transfer tool and is extorting the tech vendor’s customers whose data the group stole, according to a preliminary investigation by the vendor and FireEye unit, Mandiant. Accellion says it has patched the tool, but urges customers to shift to a more modern
replacement “built on an entirely different code base.”
👉 Fewer than 100 of 300 FTA customers were breached, Accellion said, and among those, fewer than 25 appear to have experienced what the vendor called “significant data theft.”
👉 Victims have received messages from the hackers in a campaign of escalating pressure, threatening to publish their data unless they pay a fee, Mandiant said.
|
|
Apple targeted: Malware aimed at Apple’s M1 chips and certain Mac computers with Intel processors has been detected, researchers at cyber firm Red Canary said. Apple has revoked pieces of code to guard against infection. (The Hacker News)
|
|
|
|
FireEye Chief Executive Kevin Mandia, Microsoft President Brad Smith, SolarWinds CEO Sudhakar Ramakrishna and Crowdstrike CEO George Kurtz are to testify at a Senate Intelligence Committee hearing Tuesday at 2:30 pm. ET. ▶️Watch here.
|
|
|
On Friday at 9:00 a.m. ET, the House Committee on Oversight and Reform and Committee on Homeland Security plan a joint hearing with several of the same executives on the private sector’s role in preventing, investigating and remediating attacks like SolarWinds. ▶️Watch here.
|
|
|
|
Un-warranted: A new Treasury Department watchdog report warns that law-enforcement agencies may not be on firm legal footing when they use cellphone GPS data drawn from mobile apps without first obtaining a warrant. (WSJ)
|
|
|
Patient data breached: A cyberattack on a cloud-data storage resulted in the exposure of the personal data of 29,982 patients and employees of Harvard Eye Associates, which runs offices in Southern California. Hackers might have accessed the data as far back as October 2020, the eye-care practice said. It didn’t name the tech provider, but said that the firm paid hackers a ransom in return for the data.
👉 Compromised material includes medical history, medications and health insurance and treatment information, Harvard Eye Associates said.
|
|
|
61%
|
Percentage of 524 cyber executives who said the cloud is the most likely vector for nation-state attackers to penetrate their corporate networks in the next five years, according to research from the Economist Intelligence Unit and the Cybersecurity Tech Accord, a group of tech firms that promotes cooperative response to cyberattacks.
|
|
|
|
|
|
|