OnDemand | 2021 Pharmaceutical Threat Outlook

Data Breach Today

Thwarting Mobile Phishing

Pharmaceutical companies exploited by phishing scam targeting job seekers

IT Governance

Earlier this month, two major pharmaceutical giants issued warnings about phishing emails targeting job hunters. Unfortunately, red flags like that are ignored in all kinds of phishing scams, and this scheme is a perfect example of why that happens. Can you spot a phishing scam? The warnings issued by AstraZeneca and GlaxoSmithKline show just how big of a threat phishing poses. For example, most ransomware attacks are spread via phishing emails.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

Threatpost

After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

Threatpost

Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.

Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb

Security Affairs

Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020.

Google warned users of 33,015 nation-state attacks since January

Security Affairs

Google delivered 33,015 alerts to its users during the first three quarters of 2020 to warn them of phishing attacks, launched by nation-state actors, targeting their accounts. Google sent 11,856 government-backed phishing warnings during Q1 2020, 11,023 in Q2 2020, and 10,136 in Q3 2020.

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

The attacks aimed at a Ministry of Health and a pharmaceutical company involved in the development of the COVID-19 vaccine. The systems at the pharmaceutical company were targeted with the BookCode malware, while in the attack against a Ministry of Health the APT group used the wAgent malware.

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. The threat actors carried out spear-phishing attacks using spoofed email addresses.

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. .

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. “In November, we uncovered COVID-19 phishing lures that were used to deliver the Go version of Zebrocy.

CERT-FR warns of Lockean ransomware attacks against French companies

Security Affairs

The ransomware operators used the Emotet distribution service in 2020 and TA551 in 2020 and 2021 to distribute QakBot via phishing email. CERT-France warns of a new ransomware group named Lockean that is behind a series of attacks against French organizations over the past 2 years.

Security Affairs newsletter Round 343

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

Since August, FIN11 started targeting organizations in many industries, including defense, energy, finance, healthcare, legal, pharmaceutical, telecommunications, technology, and transportation.

Three APT groups have targeted at least seven COVID-19 vaccine makers

Security Affairs

“The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns.

List of data breaches and cyber attacks in November 2020 – 586 million records breached

IT Governance

We recorded 103 cyber security incidents in November, which accounted for 586,771,602 leaked records. The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below.

List of data breaches and cyber attacks in November 2021 – 223.6 million records breached

IT Governance

In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records. With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion.

Cambridgeshire crowned the UK’s cyber crime capital

IT Governance

For example, the pharmaceutical giant AstraZeneca, which is based in Cambridge, was last year imitated in a sophisticated phishing scam targeting job seekers.

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

Cybercriminals often leverage social engineering tactics like phishing and spear-phishing to propagate sophisticated malware. It was undisputedly the fastest spreading, most destructive worm that crippled hospitals, multinational companies and pharmaceutical giants globally by irreversibly encrypting systems’ master boot records. And it all started with a single employee falling prey to a phishing email.

Illumio Unveils CloudSecure for Zero Trust Segmentation in the Cloud

eSecurity Planet

“They find a way in, whether it’s phishing or something else – but then to find all the valuable assets, they have to use lateral movements in those environments,” Kirner said.

Cloud 87

Mobile Malware: Threats and Solutions

eSecurity Planet

A 2020 report showed how three out of four phishing attempts targeting pharmaceutical employees also delivered malware to victims.

Exclusive Cybaze ZLab – Yoroi – Hunting Cozy Bear, new campaign, old habits

Security Affairs

The researchers of Yoroi ZLab, on 16 November, accessed to a new APT29’s dangerous malware which seems to be involved in the recent wave of attacks aimed at many important US entities, such as military agencies, law enforcement, defense contractors , media companies and pharmaceutical companies. Threat actors carried out spear phishing attacks impersonating a State Department official to attempt compromising targets.

Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29

Security Affairs

The researchers of Yoroi ZLab, on 16 November, accessed to a new APT29’s dangerous malware which seems to be involved in the recent wave of attacks aimed at many important US entities, such as military agencies, law enforcement, defense contractors , media companies and pharmaceutical companies. The threat actors have spread the malware through spear-phishing messages containing a zip file as an attachment.

List of data breaches and cyber attacks in April 2021 – 1 billion records breached

IT Governance

It was another busy month in the cyber security sector, as we discovered 143 incidents that resulted in 1,098,897,134 breached records. Ransomware was again one of the biggest contributors to that total, accounting for almost one in three data breaches.

MY TAKE: Cyber attacks on industrial controls, operational technology have only just begun

The Last Watchdog

And by compromising activities on the IT side, stealing credentials, deploying phishing emails, and infecting websites with drive-by malware, criminals can infiltrate the OT network. Damage to a nation’s critical infrastructure networks, including pharmaceutical companies, logistics firms, food production, energy or petrochemical plants can impose massive environmental, financial and psychological damage. “May you live in interesting times.”

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

Security Affairs

In July 2018, FireEye observed a series of new attacks of the group leveraging spear-phishing emails using weaponized Word documents that attempt to deliver the UPPERCUT backdoor, also tracked as ANEL. The US Department of Justice charged two Chinese hackers for hacking numerous companies and government agencies in a dozen countries, US Indicts Two Chinese Government Hackers Over Global Hacking Campaign.

List of data breaches and cyber attacks in August 2020 – 36.6 million records breached

IT Governance

There were a massive 99 data breaches and cyber attacks in August, making it the third-biggest monthly total of the year by number of security incidents. But, by contrast, only 36,673,575 records were confirmed to have been leaked, which is the fewest we’ve recorded since May 2018.

List of data breaches and cyber attacks in May 2021 – 116 million records breached

IT Governance

For the second month in a row, ransomware has dominated our list of data breaches and cyber attacks. Of the 128 publicly disclosed incidents that we discovered in May, more than 40% of them were ransomware attacks.

List of data breaches and cyber attacks in January 2020 – 1.5 billion records breached

IT Governance

You can find detailed breakdowns of some of the more notable incidents by subscribing to our Weekly Round-up or by visiting our blog (where we have a dedicated series on phishing scams ). in phishing scam (unknown). Adventist Health notifies patients of phishing incident (2,653).

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

This is ransomware, starting with a phishing attack. Building Automation controllers from you know the leading manufacturers at your hospital than you do in your skyscraper or your pharmaceutical plant. So your pharmaceutical plants have clean rooms.

The Hacker Mind Podcast: Hacking Behavioral Biometrics

ForAllSecure

Let's say phishing campaigns like very compelling phishing campaigns, targeted ones. AI is almost good enough at simulating human activity to defeat the biometric systems designed to fight fraud, effectively putting us back at square one.