Red Cross Calls for Halt to Cyberattacks on Healthcare Infrastructure

The Red Cross has called on hackers and scammers to end their cyber-attacks on health facilities in a letter published.

The letter, also signed by a group of political and business figures, said that attacks endanger human lives, particularly during the Covid-19 pandemic, and governments should take more “immediate and decisive action” to stop them.

Brad Smith, President of Microsoft, and former US Secretary of State Madeleine Albright, are among the 42 co-signers of the letter, which was initiated by the CyberPeace Institute.

In the letter, Peter Maurer, president of the International Committee of the Red Cross, said: “We are hoping that the world’s governments will step up to affirm their commitments to the international rules that prohibit such actions.”

The calls come after an increase in cyber-attacks on critical infrastructure and healthcare facilities during the Covid-19 pandemic, with hackers and scammers eyeing an opportunity to take advantage of a complicated situation.

In April, Interpol warned that cybercriminals have been increasing attacks on healthcare systems, increasing ransomware attacks to hold hospitals to ransom during the spread of Covid-19, despite the work these facilities carry out to save lives.

Interpol Secretary-General, Jürgen Stock, commented: “As hospitals and medical organisations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients

“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, but it could also directly lead to deaths.

“Interpol continues to stand by its member countries and provide any assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them held accountable.”

Only 36% of critical infrastructures have a high level of cyber resilience

Greenbone Networks revealed the findings of a research assessing critical infrastructure providers’ ability to operate during or in the wake of a cyberattack.

The research investigated the cyber resilience of organizations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world’s five largest economies: UK, US, Germany, France and Japan. Of the 370 companies surveyed, only 36 percent had achieved a high level of cyber resilience.

To benchmark the cyber resilience of these critical infrastructures, the researchers assessed a number of criteria. These included their ability to manage a major cyberattack, their ability to mitigate the impact of an attack, whether they had the necessary skills to recover after an incident, as well as their best practices, policies and corporate culture.

Infrastructure providers in the US were the most likely to score highly, with 50 percent of companies considered highly resilient. In Europe, the figure was lower at 36 percent. In Japan, is was just 22 percent.

Read more >>

[Source: HelpNetSecurity]

Statement from Attorney General William P. Barr Regarding the U.S. Department of State Global CTO Roundtable on 5G Integrated and Open Networks

Attorney General Barr issued the following statement:

“The United States and our partners are in an urgent race against the People’s Republic of China (PRC) to develop and build 5G infrastructure around the world.  Our national security and the flourishing of our liberal democratic values here and around the world depend on our winning it.  Future 5G networks will be a critical piece of global infrastructure, the central nervous system of the global economy.  Unfortunately, the PRC is well on its way to seizing a decisive 5G advantage.  If the PRC wins the 5G race, the geopolitical, economic, and national security consequences will be staggering.

The PRC knows this, which explains why it is using every lever of power to expand its 5G market share around the globe.  The community of free and democratic nations must do the same.

To compete and win against the PRC juggernaut, the United States and its partners must work closely with trusted vendors to pursue practical and realistic strategies that can turn the tide now.  Although the ‘Open RAN’ approach is not a solution to our immediate problem, the concept of Integrated and Open Networks (ION), which was the topic of yesterday’s roundtable, holds promise and should be explored.  We can win the race, but we must act now.”

Health should become EU ‘critical infrastructure’

Senior officials are now calling for the EU's disparate healthcare systems to be included as "critical infrastructure" in the light of the interdependencies between member states exposed by the coronavirus pandemic.

A group of officials argue in a new white paper that the existing European Programme for Critical Infrastructure Protection (EPCIP) could now play a key role in EU's public health emergency preparedness.

The signatories include former MEPs, top officials from the EU's External Action Service and former heads of Intelligence Service.

The EPCIP is currently focused on protecting national and European energy and transport infrastructure, although health infrastructure is - in theory - included too.

Critical infrastructures are complex systems - such as pipelines, power plants, stock markets, railways - whose destruction or disruption could lead to significant loss of life or material damage.

However, hospital facilities, laboratories or emergency stockpiles of medical equipment also fit this description - especially when the coronavirus pandemic has shown how some EU countries were forced to rely on others for protective equipment, test and other types of resources.

Full report >>

[Source: EU Observer]

Model Of Critical Infrastructures Reveals Vulnerabilities

An interdisciplinary team of Kansas State University researchers developed a computer simulation that revealed beef supply chain vulnerabilities that need safeguarding — a realistic concern during the COVID-19 pandemic.

Caterina Scoglio, professor, and Qihui Yang, doctoral student, both in electrical and computer engineering, recently published “Developing an agent-based model to simulate the beef cattle production and transportation in southwest Kansas” in Physica A, an Elsevier journal publication.

The paper describes a model of the beef production system and the transportation industry, which are interdependent critical infrastructures — similar to the electrical grid and computer technology. According to the model, disruptions in the cattle industry — especially in the beef packing plants — will affect the transportation industry and together cause great economic harm. The disruptions modeled in the simulation share similarities with how the packing plants have been affected during the COVID-19 pandemic.

“When we first started working on this project, there was a lot of emphasis on studying critical infrastructures; especially ones that are interdependent, meaning that they need to work together with other critical infrastructures,” Scoglio said. “The idea is if there is a failure in one of the systems, it can propagate to the other system, increasing the catastrophic effects.”

Full story at Eurasia Review - https://www.eurasiareview.com/18052020-model-of-critical-infrastructures-reveals-vulnerabilities/

FBI and CISA Warn Against Chinese Targeting of COVID-19 Research Organisations

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a Public Service Announcement today warning organizations researching COVID-19 of likely targeting and network compromise by the People’s Republic of China (PRC). Healthcare, pharmaceutical and research sectors working on COVID-19 response should all be aware they are the prime targets of this activity and take the necessary steps to protect their systems.

China’s efforts to target these sectors pose a significant threat to our nation’s response to COVID-19. This announcement is intended to raise awareness for research institutions and the American public and provide resources and guidance for those who may be targeted.

The FBI requests organizations who suspect suspicious activity contact their local FBI field office. CISA is asking for all organizations supporting the COVID-19 response to partner with the agency in order to help protect these critical response efforts.

Additional technical details regarding the threat will be released in the coming days. CISA and the United Kingdom’s National Cyber Security Agency released a similar alert earlier this month warning of malicious actors targeting COVID-19 response organizations using a tactic of password spraying.

Telcos as a COVID-19 Recovery Engine

Looking to the future, how can telcos be pivotal in driving the global economy forward as the world emerges from the initial phase of the COVID-19 pandemic? This can largely be separated into two major buckets: 1) tactical support for a safe society; and 2) a more strategic role revolving around supporting Gross Domestic Product (GDP) creation in market settings that will have new parameters and effectively be a new paradigm, Post-COVID-19.

In a tactical sense, telcos will be the pivotal axis upon which some of the fundamental societal tools being built will rest. They will provide the backbone for track and trace applications, as well as provide cities with valuable insight on aspects such as location, footfall, and traffic. They will enable the tracking of valuable medicines and protective equipment. They will also enable most workplaces to be flexible in establishing working practices closer to the pre-COVID-19 norm.

The most significant impact that telcos can have is enabling GDP creation through the embracing of technology-driven new working practices. They will be key in enabling a new digital society. Beyond the obvious conclusions that we are likely to see, including more remote working, more virtual meetings, and more virtual teams (all of which will be enabled thanks to the connectivity supplied by telcos), a raft of new solutions could accelerate GDP growth and all will require a robust level of support from the telco community.

Source: Total Telecom - full article here >>

Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft.

The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard.

Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and a rogue transponder, for communicating with aircraft.

“We have shown that careful placing of fake aircraft through rogue transponder broadcasts can cause an aircraft under autopilot control to climb or descend towards legitimate traffic,” wrote Pen Test Partners’ Ken Munro in a blog post outlining his research.

Those “fake aircrafts” can trigger an airplane’s collision avoidance system to kick-in. That will then alert a pilot to either climb in altitude or descend to avoid a mid-air collision. In some cases, mostly on Airbus, researchers said the aircraft automatically follows what is known as the TCAS “Resolution Advisory” (autopilot) and climbs or descends with no input from the pilot.

For the record, Munro’s proof-of-concept attack was conducted on a flight simulator.

Full Story >>

Source: ThreatPost

Heathrow airport will trial thermal imaging facial recognition cameras, ultra-violet sanitation and contactless security measures

Heathrow CEO, John Holland-Kaye informed the House of Commons Transport Committee today (6 May) that the airport is to trial technologies and processes which could form the basis of a Common International Standard for health screening at all global airports. The aim of the collective measures being trialled is to reduce the risk of contracting or transmitting Covid-19 while travelling.

The package of measures that will need to be adopted will consist of tried and tested processes and technology as well as innovations new to the airport environment. Concepts under review as part of the Heathrow trials include: UV sanitation, which could be used to quickly and efficiently sanitise security trays; facial recognition thermal screening technology to accurately track body temperature; and contact-free security screening equipment to reduce person-to-person contact.

Before any new measures are rolled out across the airport, they will be reviewed against Heathrow’s three tests to ensure that they are medically grounded, build consumer confidence and practical for airports to deliver.

The first of these trials will be a temperature screening technology which uses camera detection systems capable of monitoring the temperatures of people moving through the airport. These passenger-facing trials will first be conducted in the airport’s immigration halls. If successful, the equipment will then be rolled out to departures, connections and colleague search areas. The trials will begin in the next two weeks in Terminal 2.

As an international hub airport we will need to follow an international standard and we are already required to carry out temperature checks by some other countries. Temperature screening was introduced following previous outbreaks of SARS and Ebola, with some countries using thermal checks as a control measure against COVID-19.

Holland-Kaye’s appearance at the Transport Select Committee follows his recent requests to the UK Government to lead the global implementation of a Common International Standard, as consistency is the only way to ensure continued passenger safety and restore confidence in travel as countries prepare to ease their respective lockdowns. The key learnings from these trials will be shared with the Government and other UK airports.

Heathrow CEO, John Holland-Kaye, said: “Aviation is the cornerstone of the UK economy, and to restart the economy, the Government needs to help restart aviation. The UK has the world’s third largest aviation sector offering the platform for the Government to take a lead in agreeing a Common International Standard for aviation health with our main trading partners. This Standard is key to minimising transmission of Covid-19 across borders, and the technology we are trialling at Heathrow could be part of the solution.”

Image source: Heathrow

INTERPOL launches awareness campaign on COVID-19 cyberthreats

In response to the rapidly changing cybercrime landscape during the COVID-19 pandemic, the global law enforcement and cybersecurity communities have formed an alliance to protect the public.

Harnessing the expertise of this alliance, INTERPOL has launched a global awareness campaign to keep communities safe from cybercriminals seeking to exploit the outbreak to steal data, commit online fraud or simply disrupt the virtual world.

The key message of the campaign, which focuses on alerting the public to the key cyberthreats linked to the coronavirus pandemic, is to #WashYourCyberHands to promote good cyber hygiene.

The campaign will focus on social media outreach, highlighting the top threats that INTERPOL has identified based on the data collected from its member countries, private industry partners, national cybersecurity agencies and online information-sharing groups.

Analysis of this data has confirmed that cybercriminals are capitalizing on the anxiety caused by COVID-19 through various cyberattacks such as data-harvesting malware, ransomware, online scams and phishing.

Threats targeting people working from home during the global lockdowns will also be addressed, along with prevention tips for companies.

Basic cyber hygiene advice – how to ‘wash your cyber hands’ – will be provided throughout the four-week (4 – 31 May) campaign, to ensure that individuals and businesses are equipped with the knowledge of how to protect their systems and data.

Law enforcement agencies around the world and key global cybersecurity actors will share the messages of the campaign to reach the widest possible global audience.

Craig Jones, INTERPOL’s Director of Cybercrime, said police and the cybersecurity industry have seen a considerable increase in the number of targeted cyberattacks by criminals since the virus outbreak began. These range from malicious web domains using the word ‘covid’ to phishing emails promising the sale of key supplies as well as ransomware attacks against critical infrastructure and hospitals.

“Cybercriminals are diversifying attack vectors to launch cyberattacks exploiting the COVID-19 outbreak. These cyberthreats are causing serious harm to people and organizations, which exacerbate an already dire situation in the physical world. Now is the time when we all must come together to stop them,” said Mr Jones.

“Cybercrime and cybersecurity may seem like a complex issue that is difficult to understand unless you are an expert in the field – this is not the case. INTERPOL’s campaign aims to demystify these cyberthreats and offer simple, concrete steps which everybody can take to protect themselves,” he concluded.

The campaign kicked off with the publication of a document on the ‘Global landscape on the COVID-19 cyberthreats’ which outlines the latest threats identified, expected future trends and INTERPOL’s response.

1 2 3