Cybersecurity news headlines for 1-29 February, 2020

Cybersecurity news headlines for 1-29 February, 2020

February’s edition of cybersecurity news headlines contains three stories. Four Chinese hackers, allegedly with links to the Chinese government, have been charged for the 2017 Equifax hack that resulted in data of 147 million US citizens being leaked. Google and Tinder are under investigation by the Irish Data Commissioner for potential GDPR breach. And perhaps not surprisingly, cybercrooks are using the tension over the coronavirus outbreak to spread misinformation, promote fake medication and distribute malware. In no particular order, here are the cybersecurity news headlines for 1-29 February, 2019.

Four Chinese hackers charged for Equifax cyber attack

Four Chinese hackers linked with the Chinese People’s Liberation Army (PLA) have been identified as the perpetrators behind the Equifax 2017 cyber attack which resulted in a data breach exposing 147 million customers’ personal data. The US Department of Justice announced charges against the four hackers earlier this month, as has identified them as Liu Lei, Wang Qian, Wu Zhiyong, and Xu Ke. All four individuals are believed to be members of the 54th Research Institute, a component of the PLA.

In 2017, hackers exploited a vulnerability in the dispute website in the Equifax system, and then forced their way into the company’s network and back-end database using a number of techniques. From there, they harvested information including names, addresses, birth dates, Social Security numbers, etc., on approximately 145 million American people. UK and Canada residents were also affected. The four were able to carry out the attack because Equifax did not fix a vulnerability for which a patch had been already available.

US Attorney General William Barr said the Equifax cyber attack was an effort by the Chinese government to steal personal data of Americans.

“This data has economic value, and these thefts can feed China’s development of artificial intelligence tools as well as the creation of intelligence-targeting packages,” Barr said.

The Department of Justice said the four hackers used servers in multiple countries and around 40 different IP addresses in order to disguise the origin of the attack. Despite the fact that they have been identified, the hackers are still at large and are unlikely to be arrested.

Irish Data Commissioner launches probe into Google and Tinder

Tech company Google and dating app Tinder are under investigation by the Irish Data Commissioner for potential breach of EU’s General Data Protection Regulation (GDPR). Two separate investigations have been launched into how user data is handled.

The Data Protection Commission has received many complains from EU Consumer Organizations about Google’s processing of location data, and has finally launched an official probe. According to the released statement, the inquiry will show whether Google’s processing of location data has a valid legal basis, and “whether it meets its obligation as a data controller with regard to transparency.

A separate statement announced a Statutory Inquire into MTCH Technology Services Limited (Tinder) and how the company processes users’ personal data. The Data Protection Commission will investigate how user data is processed, data processing transparency, and whether MTCH complies with its obligations with regard to data subject requests.

EU’s GDPR, which came into effect in 2018, changed how companies should deal with user data. Much larger fines were introduced for mishandling user data, and companies now need to provide users copies of their data or delete it entirely if a request is made. Companies that breach GDPR face fines up to €20 million or 4% of their total annual revenue, whichever is higher.

Cyber criminals are using the ongoing coronavirus outbreak to spread malware

The ongoing coronavirus outbreak is putting many people on edge, and cyber crooks are using it to their advantage. Phishing and malware infected emails are disguised as recommendations for protecting oneself from the coronavirus, and spam emails/messages link to misinformation and fake medicine.

Cybersecurity company Kaspersky reported a phishing campaign that sends emails disguised as the Centers for Disease Control and Prevention (CDC), a legitimate US organization. The receiver of the email is advised to click on the provided link in order to find out about new coronavirus cases around them. If the user clicks on the link, they are taken to a site identical to the legitimate CDC one. A notification would then pop up, asking the user to type in their email and password in order to access the website. While most users will realize that no legitimate site will ever ask for email passwords, less tech-savvy people may not notice anything suspicious and put in their credentials, essentially granting cyber crooks access to their email accounts.

Kaspersky also reported about trojans and other malware being spread disguised as educational documents related to the ongoing coronavirus outbreak.

“Kaspersky’s technologies have found malicious pdf, mp4 and docx files disguised as documents relating to the newly discovered Coronavirus. The file names imply that they include virus protection instructions, current threat developments and even virus detection techniques,” Kaspersky’s report says.

Scammers are also taking advantage of the situation to spread misinformation and promote questionable medication. IT security company Imperva has identified two different types of spam campaigns that are using the growing interest in coronavirus to get clicks, spread misinformation and sell fake medicine. The first campaign is pretty simple, spammers post large amounts of comments containing fake coronavirus information as well as links to fake online stores where people can order medication that will supposedly help. Imperva has identified clickbait and SEO as the reasons behind these campaigns.

“There are two possible reasons. The first is clickbait – campaigns designed to trick innocent users, anxious about Coronavirus, into clicking on their links and – hopefully – even ordering their products. The second reason is for SEO purposes. As a highly searched-for term over the last few weeks, the addition of “Coronavirus” might have a positive effect on the site hosting the spam comments,” the company said in the report.

A more sophisticated spam campaign redirects users to hijacked sites made to look like legitimate coronavirus information resource pages. Imperva noted that users could be redirected to the “infamous Canadian Pharmacy – neither Canadian, nor a pharmacy, but in fact a spam operation thought to be linked to Russian cybercriminals”.

US Federal Trade Commission (FTC) has also warned that scammers are taking advantage of the situation.

“They’re setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information,” the FTC has said.

In addition to advertising bogus products, FTC has warned that people may receive emails or messages asking to donate to supposed victims. Similar messages may also spread fear by reporting fake cases in the victim’s neighbourhood, and other misinformation.