Avast Security News Team, 15 November 2019
Plus, Google criticized for gathering health data, a research team uncovers 265 fake news sites, and Mexico oil giant Pemex gets hit with ransomware
An attack on the Labour Party’s website Monday succeeded in causing certain services to go offline. According to BBC News, the strike was a Distributed Denial of Service (DDoS) attack, a blitz of internet traffic produced by a botnet of hijacked systems that overwhelms a server with simultaneous requests. The DDoS attack followed a smaller attack that the site’s security staff was able to shut down. Labour Party leadership noted that the attacks came during the active campaigns of the 2019 general election. Some sources have claimed the attacks were generated by servers in Russia and Brazil, though the BBC was told the attacks are not linked to any specific state.
Google under fire for plan to share millions of health records
Google has agreed to aggregate the personal contact information and complete health histories of millions of patients, which some federal officials and cybersecurity experts view as a possible breach of privacy. According to The Wall Street Journal, other experts maintain that “Project Nightingale,” as the program is called, complies with federal law. The plan is to work with the nonprofit Catholic healthcare group Ascension to collect patient data across 2,600 hospitals and medical facilities and then feed that information to an AI system that will analyze and categorize it in order to recommend better treatment plans. “Google has the power and funding to use AI and machine learning for good,” commented Avast Security Evangelist Luis Corrons. “But there is a history of companies that have not been transparent about their collection process and data usage, as in the recent voice assistant scandal where human beings were actually listening in at certain points. This is why people are skeptical and trust has to be earned and maintained.” The Office for Civil Rights at the U.S. Department of Health and Human Services has opened an inquiry to learn more about the collection and sharing processes of the project.
This week’s quote
“Blockchain solves stolen votes about as well as Bitcoin solves stolen money.” – Alex Halderman, a computer science professor at the University of Michigan who has researched the hacking of elections around the world. Watch his talk at CyberSec & AI Prague.
265 fraudulent news sites spread anti-Pakistan propaganda
EU DisinfoLab, a non-governmental organization that fights disinformation, has uncovered a ring of 265 fake news sites spreading anti-Pakistan sentiment to users in more than 65 countries. In their blog post, the team explained that they first stumbled upon the network when they noticed that eptoday.com, an e-zine aimed at European Parliament members, was reprinting news content from Russia Today and Voice of America that was critical of Pakistan. To appear authentic, the phony websites use the names of defunct newspapers and news sites such as thenevadajournal.com, socialistweekly.com, and thedublingazette.com. The network also includes misleading Twitter accounts. An interactive Google map shows the various anti-Pakistan disinformation sites spread across the globe.
This week’s stat
Six kilometers of cables run through the Avast Internet of Things Lab, a brand new state-of-the-art facility that can replicate 100 smart home networks. Plug into the future and learn more about what this open research station can accomplish.
Ransomware hits Mexico’s Pemex with $5M demand
State-owned oil company Pemex was forced to shut down computers in offices across Mexico this week when they were infected with DoppelPaymer ransomware, reported Reuters. Pemex announced that the attack infected less than 5% of its computers, while inside sources at the company told Reuters that all finance department computers have been frozen – which could cause payment problems – and employees have been instructed not to open emails. Receiving a copy of the ransom note from employees, reporters contacted the email address listed for payment. The ransomers replied to Reuters, saying that Pemex missed the deadline for a “special price” but that they still had time to fulfill the demand of 565 Bitcoin (about $5 million) in order to receive a decryptor. “These attacks are happening more and more frequently,” Avast’s Corrons said. “Just this month Spain’s Everis and Cadena Ser were hit as well. Cyberattacks on businesses can be far more profitable than preying on individuals. At the same time, they are more complex and require great expertise.”
This week’s ‘must-read’ on The Avast Blog
Can AI machines hallucinate? Can you explain complex AI cybersecurity topics using Pokemon? Can Avast Web Shield detect phishing scams at a rate of 70,000 URLs per second? The answer to all of these is yes, and you can learn more as we run down the top 10 moments from the CyberSec & AI Prague Conference.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.