Category: In The News


EU Cyberattack Targets Pfizer COVID-19 Vaccine

By Amine Mekkaoui,

EU cyberattack targets Pfizer COVID-19 Vaccine

In an effort to steal COVID-19 vaccine data, cyberattackers have broken into the European Medicine Agency (EMA) server and had access to documentations of vaccine candidates Pfizer and BioNTech. Pfizer and BioNTech believe that none of any personal data of trial participants had been compromised and “has assured us that the cyber attack will have no impact on the timeline for its review.”

Experts said that this attack is another attempt to capitalize off the pandemic suffering. The two companies have reported that despite the breach, they were able to secure their system and protect personal data collected from patient trials.

Adrozek Malware threatens 30k devices a day, says Microsoft

A malware campaign called Adrozek has been sending out fake advertisements to 30,000 devices each day during its peak in August. Microsoft has warned that this malware also extracts device data and steals credentials making it an even more dangerous threat. The malware has attacked several browsers including Google Chrome, Microsoft Edge, and Mozilla Firefox, proving the advancement in browser-modifier malwares. 

A security awareness advocate named Erich Kron mentioned that this incident is a great example of how technically advanced modern attackers are. Microsoft tracked where Adrozek came from and found out that it is from an enormous global infrastructure. Microsoft researchers have warned the public to be careful in installing softwares from untrusted and malicious websites.

Education Sector Becomes Prone Target For Cyberattacks

By Amine Mekkaoui,

The K12 Education sector is being ramped up by cyberattacks as attackers target students and faculty with malware alike, phishing, distributed denial-of-service (DDoS), and Zoom Bombs, the Federal has warned. Officials of the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Agency (CISA) alerted the public after 57% of recent ransomware attacks involved K12 schools. 

Actually, ransomware is not the sole problem. CISA and the FBI cited trojan malwares, DDoS attacks, phishing, and credential theft to have all been on the rise since the beginning of the school year in the middle of a pandemic. This is in comparison with reports from January to July which is only 28%. They cited “limited funding and resources” as reasons as to why schools have become an easy target for cyberattacks. Efforts are now being taken to secure the IT infrastructures of the public schools sector.

Healthcare Cybersecurity Is Priority This 2021

By Amine Mekkaoui,

As more and more hackers target healthcare as cyberattack victims, experts have weighed in and explained why hospitals are being singled out and what they can do to protect themselves from these many attacks. Experts have warned that as healthcare systems are stretched to their limits due to the pandemic, they are attracting attention from ransomware and other malicious actors. Jeff Horne, an expert from Ordr, says that instead of feeling overwhelmed, healthcare and hospital IT teams must treat their networks as a constant work in progress. 

Croyten treats networks as a work in progress, providing constant guidance and feedback to continuously improve and make sustained improvements on organizational cybersecurity. Know more about our services by simply visiting our site available at www.croyten.com.

Bandook Trojan Reemerges, Attacks Espionage Campaign

By Amine Mekkaoui,

An espionage campaign has experienced a series of cyberattacks using a strain of a 13 year old backdoor trojan named Bandook. Check Point Research shows that Bandook was last spotted in 2015 and two to three years ago. The commodity malware’s digitally signed variants emerge in a variety of sectors including government, healthcare, food industry, education, and IT and legal sectors. 

The fresh waves of attack includes a zip file of a malicious Microsoft Word document arriving on targets’ computers, which once opened, will download malicious macros using an external template feature. Experts believe that the multiple variants of Bandook, including its malware source code, command, and control infrastructure are managed by a group that sells access to nation-state hacking groups.

With new and re-emerging cyber threats, make sure that you are protected by hiring IT security solutions that are trusted and effective. Croyten offers a service that works and is sustainable. Check out our services through our website.

Advantech Gets Attacked By Ransomware, To Pay $14M

By Amine Mekkaoui,

Chip manufacturer company Advantech – which specializes in internet-of-things (IoT) intelligent systems, embedded systems and computing, machine automation, and transportation – gets attacked by a ransomware group referred to as Consti Gang. To pressure the company into paying 750 bitcoins, which amounts to $14 million, the group has published a list of files from a stolen .zip archive on their leak site. The leaked information worth 3.03 gb is only two percent (2%) of the total amount of the data ripped off from Advantech. 

If highly tech-driven companies are prone to cyberattacks, so are you. Our company called Croyten aims to help consumers and budding organizations and businesses into securing their cyber systems to prevent crises like this. To know more about our services, check out our website.

IoT Cybersecurity Improvement Act Gets Approved

By Amine Mekkaoui,

The approval of the new IoT law has been lauded by security experts as this is a step towards the right direction for insecure connected federal devices. lLed in bipartisan sponsorship by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), the IoT Cybersecurity Act requires the federal procurement and use of IoT devices to conform to basic security requirements. To become a law, it just needs to be signed by the President. The bill is aligned with existing standards and best practices, including its meaning for the issue-plagued IoT devices. Having basic cybersecurity requirements in place that vendors need to adhere to for any kind of internet-connected device is a good move,” says New Net Technologies global vice president, Dirk Schrade. 

On a different note, Croyten is offering its IT solutions services from cloud transformation, vulnerability assessment to user design and experience. Learn more about our services by visiting our website.

Americold Gets Attacked By Ransomware

By Amine Mekkaoui,

Company food-supply giant Americold admits to being attacked by Ransomware recently which caused them to take down their operations in their company including talks for COVID-19 distribution contracts. According to the Securities and Exchange Commission (SEC), the ransomware attack has affected the company’s phone systems, email, inventory management and order fulfillment. Nozomi co-founder Andrea Carcano says that the attack highlights the concern that attackers are now targeting larger and more critical organizations. Americold has immediately resolved the issue.

Attacks like this could be prevented by a firmly secured security infrastructure. If big companies are not exempted from attacks, so are you. Croyten can help you secure your organization. Visit our website to learn more about our services.

Facebook Patches Bug That Spy on Android Users

By Amine Mekkaoui,

A vulnerability that could connect video and audio calls without the knowledge of the person receiving them has been patched by Facebook, the company reports. The vulnerability was a significant flaw in the Android version of Facebook Messenger which is the opposite of the normal scenario where audio from the person making the call would not be transmitted until the person on the other end accepts the call. The bug automatically transmits audio while the callee is being rang. This would have allowed cyber attackers to spy on users and potentially identify their surroundings without them knowing if left unchecked. The company fixed the flaw on November 19.

On other news, Croyten is offering a vulnerability assessment which can help you identify and immediately attend to your organization’s security weaknesses. To know more, visit our website.

Zoom Rolls Out End-to-End Encryption

By Amine Mekkaoui,

Video-conferencing giant Zoom is rolling out a technical preview of its end-to-end encryption (E2EE). This is after receiving backlash over false marketing around its encryption policies. Zoom has faced various controversies including several lawsuits alleging that the company falsely told users that it offers full encryption. The company is also under fire for announcing that the E2EE is for paid users only. The topic of encryption is critical for Zoom as it ramps up its security and privacy measures. Zoom’s latest E2EE will use public-key cryptography, meaning that the keys for each Zoom meeting are generated by participants’ machines (as opposed to Zoom’s servers). 

On a different note, if your organization needs assistance with your IT and cyber security, feel free to check the services we offer at Croyten.