This month in security: December 2020

Johnson & Johnson’s CISO says healthcare organisations are seeing cyberattacks every minute of every single day

The company is one of six COVID-19 research firms that have been recently targeted by state-sponsored hackers.

Perspective
The Wall Street Journal reported that Johnson & Johnson was one of six COVID-19 research companies that were targeted by suspected North Korean hackers seeking vaccine research data. Marene Allison, CISO at Johnson & Johnson, speaking at an online panel at the Aspen Cyber Summit, noted that "Healthcare companies literally have seen an onslaught [of cyberattacks] since March 2010". All in all, Allison said Johnson & Johnson observed a 30% rise in cyberattacks targeting the company, but could not say how many of those attacks were COVID-19-related.

Australia’s largest cryptocurrency exchange suffers an accidental data breach compromising user privacy

BTC Markets has apologised for revealing the names and emails of more than 270,000 of its members in an email mixup.

Perspective
While cryptocurrency offers a great deal of freedom and privacy, it’s still not immune to the menace of human error. BTC Markets, one of Australia’s biggest cryptocurrency exchanges, just joined the list of organisations that suffered a data breach. Except in their case, it was completely by accident.  

According to BTC Markets, the breach occurred when, during the course of routine correspondence, customer names and email addresses were accidentally included in the ‘to’ section of emails, rather than being BCC’d. The ‘Send to all’ button on your email app can be a dangerous thing, so always double-check your email fields before hitting ‘send’.

 
Aussie legal services firm hit by ransomware attack

Legal services firm Law In Order was hit by a ransomware attack, with hackers claiming to have stolen data and threatening to publish it if their demands are not met.

Perspective
As of the time of writing, it seems the hackers behind this ransomware attack have withdrawn their public threat to publish stolen data, but Law in Order has declined to say whether it paid a ransom. Needless to say, even if this threat fades away, the firm has taken a big PR hit and reputation is a major asset in the legal sector. Legal firms sit on a mountain of privileged data and should consider overhauling their cybersecurity if they haven’t already because these threats are just going to keep escalating. 

Melbourne man charged with scamming more than $18,000 out of welfare payments

Allegedly, the man used stolen identity information to create fake myGov accounts and redirect payments into fraudulent bank accounts he controlled.

Perspective
The man in question is accused of fraudulently accessing Commonwealth welfare payments and other Federal Government grants, and using stolen identities to set up fake MyGov accounts. He allegedly also used those stolen credentials to set up fraudulent bank accounts where the funds were deposited make claims for other grants, including COVID-19 crisis payments. The lesson here is simple - make sure your personal financial details stay secure! Set strong passwords and update them regularly, and enable multi-factor authentication when signing into your accounts.

FireEye’s Red Team tools stolen via SolarWinds breach

One of the largest cybersecurity vendors in the world has reportedly been breached by a foreign entity. 

Perspective
FireEye reported that sensitive information and the Red Team tools, which they use for penetration testing for its customers, have allegedly been stolen. Ultimately, this led to the FireEye team discovering a breach with one of their software providers. SolarWinds, which was also connected to the breach, claimed that less than 18,000 of its 300,000 global customer base had been affected. It’s suspected that external actors may have had access to their network for up to 9 months. The Australian Cyber Security Centre (ACSC) urged Australian organisations to follow the advice of FireEye and SolarWinds, or to call it directly for assistance.

Hackers put access to 100s of C-suite email accounts up for sale

A hacker is selling access to “hundreds” of executive email accounts, including CEOs, vice presidents and directors across the US, Europe and Australia. 

Perspective
The accounts are on the market in a closed Russian underground forum and reportedly selling for $100 to $1,500 each depending on the profile of the executive. Cybersecurity investigators believe the hacker might have obtained the account logins by buying data stolen from devices infected with the AzorUlt trojan. If you receive any suspicious email from your company’s C-suite, best to treat it with caution.