This page, Cybersecurity News and Events, is offered by

Cybersecurity News and Events

Keeping you up-to-date on all things cyber, information security and privacy during the COVID-19 pandemic.

Table of Contents

Twitter Says It Was The Victim Of A 'Coordinated Social Engineering Attack'

Barack Obama, Joe Biden, Elon Musk, Apple and others appear to be part of a widespread hacking operation affecting several major companies and highly-visible individuals. Impacted users appeared to be offering to double any bitcoin set to them. 

Twitter acted quickly by locking down accounts, compromised or not. 

twitter

As Twitter investigates what appears to be the largest and most coordinated hack in Twitter's history, the company has vowed to examine what "other malicious activity" the hackers may have committed. The company admits that internal tools were compromised and likely used in the attack, which may explain how malicious actors gained access to the accounts that presumably have enhanced security protections.

"We all feel terrible this happened", said Jack Dorsey, Twitter CEO. "We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."

Hacking attacks on hospitals for patient data increase during coronavirus pandemic

During "normal" times, hospitals are often targeted with 80% of medical practices reporting that they have been victims of cyberattacks, according to a national survey. The situation has only gotten worse during the COVID-19 pandemic. Between March and April, IBM saw a 6,000% increase in spam attacks on information technology systems, leveraging COVID-19, many of them at health care facilities, outlines Wendi Whitmore, a cybersecurity expert and vice president of IBM X-Force, a commercial security research team. She goes on to describe the situation as a continuous “cat and mouse” game between criminals and institutions. 

Electronic health records are often the target, and according to the FBI, can “be used to file fraudulent insurance claims, obtain prescription medication, and advance identity theft.” Health record theft also is more difficult to detect, taking almost twice as long to recognize as normal identity theft, the report found.

Colin Zick, a partner and co-chair of the privacy and data security practice at Foley Hoag, has some practice advice for patients. Zick requests his medical file periodically to be sure he has access to his own records if they were ever permanently lost. And he said if he saw a provider acting carelessly with his data – such as not using two-factor authentication – he would offer them some free advice.

Apple’s next iPhone update adds new privacy protections — and you won’t be able to miss them

The next version of iOS for iPhones will give new visual notifications when apps are accessing the device’s microphone, camera, clipboard, or other sensitive data. 

The moves this year are in character for Apple, which has prioritized privacy engineering on a product level and privacy more generally as a key selling point for its products.

DDoS Activity Targeting State of Minnesota Resources

A cyberattack temporarily disabled certain Minnesota systems and websites last week. The cyberattack comes amid protests over the police killing of George Floyd last week.

MNIT issued the following statement regarding these cyber-attacks:

“Keeping our communications systems secure during times of crisis is critical to protecting the Minnesotans that we serve, and we work to meet the challenging and evolving threat to those systems every day. At this time, these attacks have not successfully disrupted the state services that Minnesotans depend upon, and MNIT is working in close coordination with partners at the Department of Public Safety and with the federal government to share intelligence and stay proactive on cyber threats."

Nationwide Unemployment Scam Targets Massachusetts Claimants

Criminal enterprises in possession of stolen personal information from earlier national data breaches have been attempting to file large amounts of illegitimate unemployment claims through the Massachusetts Department of Unemployment Assistance (DUA) system. This is part of a national unemployment fraud scheme.

The Department of Unemployment Assistance (DUA) has begun implementing additional identity verification measures that will temporarily delay the payment timeframe for many unemployment claims in Massachusetts.

For more information, please visit https://www.mass.gov/info-details/report-unemployment-benefits-fraud.

Be aware of a recent increase in scam blackmail emails

Reports of Bitcoin blackmail scams have taken a big jump in the last few weeks. The emails say they hacked into your computer and recorded you visiting inappropriate websites. They threaten to tell others, unless you pay into their Bitcoin account. To complicate matters, they claim to know one of your password - and they include it in the message to prove it. 

These e-mails are fake and are a scam. You are likely receiving one because your account and password were involved in a recent data breach. You should take precautions to update the password associated with that account, and others as well. 

Students create a bot that tells you when a grocery delivery slot opens up

Having a hard time getting a time slot for grocery delivery? A computer science student at Georgetown University created a simple computer program that automatically notifies you when an Amazon Fresh or Whole Foods delivery slot opens up, letting you place your order. But, he's not the only one. Another developer had their website shut down after getting a cease-and-desist order from Instacart for claiming the site could automatically hunt for delivery slots.

Face ID doesn’t work when you’re wearing a mask—Apple’s about to address that

This week, Apple released the third beta of iOS 13.5, the next major feature release for its mobile operating system. Among other things, the release introduces new Face ID behavior when users are wearing protective masks.

U.S. senators to introduce privacy bill for COVID-19 contact tracing

A group of U.S. senators said they would introduce legislation to address consumer privacy concerns surrounding technology companies’ building contact tracing apps to fight the coronavirus outbreak.

The bill would allow technology companies to develop “platforms that could trace the virus and help flatten the curve and stop the spread – and maintaining privacy protections for U.S. citizens.”

Apple says 'no evidence' iPhone mail flaw used against customers

The default Mail app on Apple's iPhones may be vulnerable to sophisticated email hacks, according to a report Wednesday from The Wall Street Journal. 

The vulnerability, which was detected by cybersecurity firm ZecOps, reportedly lets hackers install malicious software on an iPhone by sending a specially crafted email, the Journal reported. 

Apple acknowledged the vulnerability existed in its software for email on iPhones and iPads and said the company had developed a fix that will be introduced in a forthcoming update. The company also indicated it has found “no evidence” a flaw in its email app has been used against customers, and that it believes the flaw does “not pose an immediate risk to our users”.

Google moves to open up its Healthcare API to making it easier to share health info

As of Monday, health care providers can build new systems using the new Google Healthcare API to translate and convert data stored in different types of systems, from imaging systems to medical records software. It also said it will offer a range of other services to help health care organizations during the Covid-19 pandemic. 

500,000 Hacked Zoom Accounts Given Away For Free On The Dark Web

More bad news for Zoom...

The cyber firm, Cyble, recently uncovered hackers selling Zoom credentials on the Dark Web, often even giving them away for free!

The good news? This wasn't a hack on Zoom but rather a case of users repurposing passwords. This is a great reminder to use a unique password for each account. Sites such as have i been pwned can also be helpful in seeing if your accounts have been involved in a data breach. 

Is 5G Cell Phone Technology Linked to the Cause of Coronavirus?

FEMA has started a webpage to discuss this and other COVID-19 rumors. Do your part to the stop the spread of disinformation by doing three easy things:

  1. Don’t believe the rumors.
  2. Don’t pass them along.
  3. Go to trusted sources of information to get the facts about the federal (COVID-19) response.

Apple and Google Team Up to ‘Contact Trace’ the Coronavirus

The technology giants said they would embed a feature in iPhones and Android devices to enable people to track the virus. With the tool, infected people would notify a public health app that they have the coronavirus, which would then alert phones that had recently come into proximity with that infected person’s device.

Be Alert: Phone scammers are taking advantage of the coronavirus pandemic

The FCC has received reports of scam and hoax text message campaigns and scam robocalls offering free home testing kits, promoting bogus cures, selling health insurance, and preying on virus-related fears. Coronavirus scam audio samples can be found on the FCC website. If you think you've been a victim of a coronavirus scam, contact law enforcement immediately.

A Must For Millions, Zoom Has A Dark Side — And An FBI Warning

Teams, WebEx, GoToMeeting, Zoom....If you are working from home, collaboration tools are a must. As we all adapt to a new normal, so are cyber criminals. In the midst of a world-wide pandemic, a new technique entitled "zoom-bombing" has been getting national attention (NPR). 

Instagram Draws Surge in Offers of Coronavirus Masks With Potential Risks

As more medical experts recommend wearing masks in public, it's no surprise that social media sites are struggling to keep up with ads and users claiming to sell medical masks. Social Media Researchers found at least 10,450 accounts on Instagram that have popped up in the past few months selling masks, some of which appear to be scams and most of which aren’t vetted for safety or price concerns. Always remember to validate companies before making a purchase. If it seems too good to be true, it likely is. Note: A subscription is required to read the complete WSJ article. However, the complete report is available for free

Scammers are creating Netflix lookalikes to target people staying at home, study finds

While it is not surprising that the pandemic has resulted in Netflix’s subscriber growth, the brand has been used as part of various web-based fraud schemes. The cybersecurity firm, Check Point recently reported an increase in fake steaming services spinning up. The complete article can be found on USAToday

Coronavirus surveillance poses long-term privacy threat, U.N. expert warns

From facial recognition to phone tracking, governments are turning to technology to trace Covid-19 infections and keep tabs on the population as they enforce lockdowns and quarantines. China, South Korea and Israel are among the countries rolling out such technologies and experts say the effects could long outlast the current crisis. 

Contact

Address

McCormack Building
1 Ashburton Place, 8th Floor
Boston, MA 02108
Date published: April 8, 2020
Last updated: July 16, 2020
Feedback