Category: Croyten’s Blog


EMA Cyber Attackers Spill COVID-19 Vaccine Data

By Amine Mekkaoui,

In light of the recent cyber attacks at the European Medicines Agency (EMA), a report from the ongoing investigation on the attack broke out that some “unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet.”

The EMA has not disclosed any specific information about which of the compromised data were spilled. However, during the attack last December, they have shared that some of the documents that were accessed contain information relating to the Pfizer and BioNTech vaccines, and the regulatory submission for BNT162b2, the companies’ COVID-19 vaccine candidate. 

According to Pfizer spokesperson, necessary actions are now being taken to law enforcement authorities, and that they are continuing to inform all entities and institutions whose information might have been compromised and leaked due to the cyber attack. 

In the past year since the beginning of the pandemic, the health and medical industries have been a serious target of multiple cyber attacks, most especially ransomware. The FBI has warned the health IT security to stay vigilant and do preventive measures to avoid attacks especially now that the health industry is playing a crucial role in fighting the pandemic.

Attackers Bypass MFA, Target Cloud Services

By Amine Mekkaoui,

The Federal Bureau of Investigation (FBI) has warned that cyberattackers are bypassing multi-factor authentication, otherwise known as MFA, and are actively and successfully targeting cloud services of US organizations. 

In an alert memo released by the Cybersecurity and Infrastructure Security Agency (CISA) last Wednesday, they have emphasized that “several recent successful cyberattacks” were conducted and focused on compromising the cloud. 

The Feds mentioned that “these types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services.” They also added that “Despite the use of security tools, affected organizations typically had weak cyber-hygiene practices that allowed threat actors to conduct successful attacks.”

Rebyc Security released a study that reports that 35% of companies are planning to adapt to the cloud spurred by the pandemic work realities. This means that cloud adoption and migration will increase this 2021. With that, the National Security Agency has issued a warning that cyber attackers have developed techniques to target and compromise the clouds.

Network-address translation (NAT) slipstreaming is a process of connecting internal network devices to the outside internet which allows multiple devices connected to a router to share a single public IP address. Emerging at the moment is a new version of NAT slipstreaming which provides cybercriminals easy access to devices that are not even connected to the internet.

Before, disconnecting devices from the internet seems to be a safe way to secure your devices from cyberattacks, but it is no longer the case. Through NAT slipstreaming, attackers can simply lure the target into clicking a malicious link. From there, the attacker easily gains access to other endpoints, even unmanaged devices like industrial controllers.

According to researchers, when a victim visits the malicious link, which is an attacker-controlled website, the JavaScript code running will send out traffic to the attacker’s servers which crosses through the network’s NAT/firewall. 

In a demonstration by the cybersecurity company, Armis, they explained that in the new version “attackers fool the NAT in a way that it will create paths to any device on the internal network, and not only to the victim device that clicked on the link.”

Browser patching seems to be an effective mitigation method, experts say.

Agile Resiliency in IT: What It Is and Why Is It Important

By Amine Mekkaoui,

Agility, as defined in the business landscape, refers to the ability of an organization to adapt quickly to market changes internally and externally. It is about responding to customer demands rapidly and flexibly without compromising quality. 

Agility is proven to be an effective and useful attribute for many organizations weathering any type of change or crisis. For instance, cybersecurity challenges are nothing new especially for organizations that are already way ahead of their digital journey. Most of the time, these organizations are able to top the competition because they are quick enough to adapt to the changes posed by the emergence of technology. These organizations understand the fast-paced nature of the digital platform and information technology, and have trained themselves that as they move forward they have to keep up with the ever-evolving demands in this market.

According to Stan Wisseman, chief strategist of  a multinational software and IT business called Micro Focus, being a cyber-resilient and agile IT organization means “being able to fight through adversity and continue to operate.” He highlights the difference between cybersecurity and cyber agility and resilience. The former focuses on preventing threats and attacks while the latter deals with when IT measures fail and do not go according to plan.


If you are an IT organization that seems to be lacking agility and resilience, then now is the time you should pay attention to building agility within your organization in order to properly respond and prevent catastrophic failures and changes that you may potentially face.

With the coronavirus pandemic, a lot of organizations are forced to make decisions and adjustments that they would have never imagined making during the pre-pandemic era. Organizations that were able to adapt and respond to the changes and challenges brought by the pandemic are deemed to be agile and resilient. These organizations utilized resilience and preparedness as their base which allowed them to innovate and add new practices as they react to the crisis.

Croyten lists down some common characteristics that can help your company build agility in the new normal:

  1. Establish a common purpose and clear communications by creating networks of local teams with clear and accountable roles. Our Governance, Risk Management, and Compliance (GRC) Services might just help you develop the right framework to ease the process of your decision making and improve your overall company efficiency.
  2. Set up structures to enable rapid decision making, including the reallocation of resources against new priorities. Our Data Quality and Architecture services enable the generation of quality data that can assist and be used in rapid decision making. This service guarantees to provide accurate information that can direct your business towards achieving your goals fast and efficiently.
  3. Provide people with the technology they need and security training for minimal risks and vulnerability prevention. Croyten offers security awareness training and strategies for companies to use for their employees. We also offer a vulnerability assessment service to ensure that all your employees are well-versed in the security loop and are staying safe.  You may check out Croyten’s other services by visiting our website at www.croyten.com

Therefore, if you are an IT organization that seems to be lacking agility and resilience, then now is the time you should pay attention to building agility within your organization in order to properly respond and prevent catastrophic failures and changes that you may potentially face. This is also a significant characteristic to ensure that your organization isn’t left behind by the many advancements in the IT industry, keeping your services quality and ever-reliant no matter what circumstances come your way.

EU Cyberattack Targets Pfizer COVID-19 Vaccine

By Amine Mekkaoui,

EU cyberattack targets Pfizer COVID-19 Vaccine

In an effort to steal COVID-19 vaccine data, cyberattackers have broken into the European Medicine Agency (EMA) server and had access to documentations of vaccine candidates Pfizer and BioNTech. Pfizer and BioNTech believe that none of any personal data of trial participants had been compromised and “has assured us that the cyber attack will have no impact on the timeline for its review.”

Experts said that this attack is another attempt to capitalize off the pandemic suffering. The two companies have reported that despite the breach, they were able to secure their system and protect personal data collected from patient trials.

Adrozek Malware threatens 30k devices a day, says Microsoft

A malware campaign called Adrozek has been sending out fake advertisements to 30,000 devices each day during its peak in August. Microsoft has warned that this malware also extracts device data and steals credentials making it an even more dangerous threat. The malware has attacked several browsers including Google Chrome, Microsoft Edge, and Mozilla Firefox, proving the advancement in browser-modifier malwares. 

A security awareness advocate named Erich Kron mentioned that this incident is a great example of how technically advanced modern attackers are. Microsoft tracked where Adrozek came from and found out that it is from an enormous global infrastructure. Microsoft researchers have warned the public to be careful in installing softwares from untrusted and malicious websites.

Education Sector Becomes Prone Target For Cyberattacks

By Amine Mekkaoui,

The K12 Education sector is being ramped up by cyberattacks as attackers target students and faculty with malware alike, phishing, distributed denial-of-service (DDoS), and Zoom Bombs, the Federal has warned. Officials of the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Agency (CISA) alerted the public after 57% of recent ransomware attacks involved K12 schools. 

Actually, ransomware is not the sole problem. CISA and the FBI cited trojan malwares, DDoS attacks, phishing, and credential theft to have all been on the rise since the beginning of the school year in the middle of a pandemic. This is in comparison with reports from January to July which is only 28%. They cited “limited funding and resources” as reasons as to why schools have become an easy target for cyberattacks. Efforts are now being taken to secure the IT infrastructures of the public schools sector.

How To Communicate Cybersecurity To Your Employees

By Amine Mekkaoui,

How to communicate cybersecurity to your employees

Oftentimes, companies approach conversations related to cybersecurity with fear – as if it will make their employees more vigilant. Business leaders and security managers should understand that use of powerful emotions, specifically fear, do not work, but there are alternatives to which they can tap to in order to communicate the importance of cybersecurity in an effective way. 

In an article by the Wall Street Journal, fear can “leave in a constant state of anxiety, which makes them unable to think clearly about the threats.” Scare messaging employees about cyber attacks can also make them think that the threats are exaggerated and that their bosses do not trust them on doing the right thing. Fear does not also last for a long time, making employees unlikely to commit to their frequent preventive actions such as using a strong password.

If that is the case, how should you communicate cybersecurity with your employees, and more importantly, make them care about it? Here are some ways you can apply.

  • Establish an internal communications strategy

A survey conducted by a research firm in Australia reported that 43% of employees do not know whether their company has protocol to follow during a cyber attack and data breach or not. Prepare your team before attacks happen by developing an internal communications strategy. Try setting up an exclusive and secured communication platform which you can send real-time instructions during a cyberattack. You may also opt for diversifying your communication strategies by utilizing platforms that your employees frequently check. Creative communication strategies might also work. Check in with your communication team and see how you can deliver cybersecurity information and instructions with more creativity and impact.


Cybersecurity is not difficult to communicate like most business leaders and IT managers believe. The right communication, strategy, and platform can make all the difference.

  • Tell a story

Most employees do not know the full consequences of not taking the proper steps against cyberattacks. Often because cybersecurity is communicated poorly in the workplace and they were unable to grasp the role they play in keeping company information and data safe. Telling a story by painting a detailed picture of how a cyberattack looks will help your employees understand the gravity of vulnerabilities and potential risks. You may also try giving concrete examples, comprehensive descriptions of viable threats and repercussions, and tools to combat these can help your employees be fully prepared and preventive of any cyberattacks. Tell a good story they can relate to and can easily share with their colleagues.

  • Implement training and focus sessions

Have a plan for security breaches by frequently training your employees. Employees should know what to do and who to contact during a security breach. Provide training that focuses on how to avoid an attack, how to detect one, and what to do when/if it happens. Have a clear and easy to follow protocols that are proactive rather than reactive. Further educate your employees by allowing them to familiarize themselves with cybersecurity and attacks by having an ongoing conversation about it, especially now that most people are working remotely and have the tendency to be confident and lay their guards down. Have reminders from time to time and conduct monitorings to ensure that they are staying safe and disciplined in terms of information and data security.

Cybersecurity is not difficult to communicate like most business leaders and IT managers believe. The right communication, strategy, and platform can make all the difference. Make sure to dedicate ample time to explore what best works for your employees and keep your organization sustainably safe. 

However, you also need to take note that this is just another layer of security to your company. Always remember that the bulk of work for cybersecurity is to scale up your efforts by taking up more aggressive steps to protect and grow your company. Check Croyten’s IT and IT security services and products such as AuditRun in order to be guided into the right steps for securing your company internal from external threats.

Healthcare Cybersecurity Is Priority This 2021

By Amine Mekkaoui,

As more and more hackers target healthcare as cyberattack victims, experts have weighed in and explained why hospitals are being singled out and what they can do to protect themselves from these many attacks. Experts have warned that as healthcare systems are stretched to their limits due to the pandemic, they are attracting attention from ransomware and other malicious actors. Jeff Horne, an expert from Ordr, says that instead of feeling overwhelmed, healthcare and hospital IT teams must treat their networks as a constant work in progress. 

Croyten treats networks as a work in progress, providing constant guidance and feedback to continuously improve and make sustained improvements on organizational cybersecurity. Know more about our services by simply visiting our site available at www.croyten.com.

Bandook Trojan Reemerges, Attacks Espionage Campaign

By Amine Mekkaoui,

An espionage campaign has experienced a series of cyberattacks using a strain of a 13 year old backdoor trojan named Bandook. Check Point Research shows that Bandook was last spotted in 2015 and two to three years ago. The commodity malware’s digitally signed variants emerge in a variety of sectors including government, healthcare, food industry, education, and IT and legal sectors. 

The fresh waves of attack includes a zip file of a malicious Microsoft Word document arriving on targets’ computers, which once opened, will download malicious macros using an external template feature. Experts believe that the multiple variants of Bandook, including its malware source code, command, and control infrastructure are managed by a group that sells access to nation-state hacking groups.

With new and re-emerging cyber threats, make sure that you are protected by hiring IT security solutions that are trusted and effective. Croyten offers a service that works and is sustainable. Check out our services through our website.