Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Covid-19 Vaccinations. Show all posts

Services Australia Dismisses Security Concerns with COVID-19 Digital Certificates

 

During Australia's federal Budget Estimates last year, senators questioned Services Australia on a variety of initiatives under its purview, ranging from the COVID-19 digital certificate rollout to the botched Robo-debt programme. 

The purported lack of security of Australia's COVID-19 digital certificates concerned Labor Senators Tim Ayres and Nita Green, with both accusing the certificate of being easily falsified by man-in-the-middle cyber-attacks. 

Fenn Bailey, a Melbourne-based software developer, discovered the security flaw in September 2021 after reading about previous publicly disclosed flaws. He observed that the government was using a "high-school grade permissions password" to prevent unauthorized people from altering or copying vaccination certificates. Mr. Bailey discovered that it was then possible to change a name or the vaccinated status on the certificate.

Responding to the senators' concerns, Services Australia stated that it was aware of reports of man-in-the-middle cyber assaults using the Medicare Express Plus app, but dismissed the worries by stating that such attacks "need significant knowledge and skill."

It further stated that there are no existing vulnerability disclosure mechanisms in existence, nor are there any plans to develop such a programme for digital vaccination certificates in the future. This is despite the fact that security researcher Richard Nelson detailed last year the difficulty for the private sector and the general public in disclosing issues about certificates to the government, which Ayres mentioned during Budget Estimates. 

"Services Australia takes the integrity of the Medicare system and the Australian Immunisation Register extremely seriously," Services Australia said in its response to questions on notice. "Full cyber assessments are undertaken several times a year and we work closely with the Australian Signals Directorate and Australian Cyber Security Centre on potential vulnerabilities on mobile applications."

The Digital Transformation Agency (DTA) released an update for Australia's other federal COVID-19 product, COVIDSafe, stating that monthly costs to run the app have been approximately what it expected of around AU$60,000 per month since it took over responsibility for the app. During Budget Estimates, Labor Senator Marielle Smith asked the DTA how many individuals downloaded and then removed the app, but the agency said it does not track that data. 

In response to complaints regarding Service Australia's progress in refunding incorrectly issued Robo-debts, the agency supplied additional information about the clients who have yet to get a refund.
 
According to the organization, approximately 8,500 customers have yet to get a reimbursement; 501 are deceased estates, 280 are incarcerated, 539 are indigenous, and 106 had a vulnerability indicator on their customer record at the time they were last paid.

Millions Of Indonesians Personal Information Leaked Over a Data Breach

 

In their COVID-19 test-and-trace application, Indonesia investigated a probable security vulnerability that left 1.3 million individuals' data and health status exposed. 

On Friday 3rd of September, following a week-long cyber-attack, PeduliLindungi became the country's second COVID-19 tracking app following eHAC to suffer a data breach. The PeduliLindungi leak has not been identified yet, but the eHAC violation has impacted 1.3 million users. These 2 data breaches occurred in succession within a week. 

The eHAC Data Breach 

According to a Health Ministery official, the government is suspecting its partner as the likely source of infringement in the eHAC app ( electronic health alert card), which has been disabled since July 02. 

The EHAC is a necessary prerequisite for travelers entering Indonesia, which was launched this year. It maintains the records of the health condition of users, personal information, contact information, COVID-19 test results, and many others. 

Researchers from the vpnMentor encryption provider who perform a web mapping operation have discovered a breach to detect unauthorized data stores with confidential material. 

On 22nd July, researchers informed Indonesia's Emergency Response Team and have revealed their conclusions. The Ministry of Communications and Information Technology published a statement on August 31, more than one month after the disclosure, which stated that the data violation would be investigated according to the Electronic Systems and Transactions Regulations of the country. 

Anas Ma'ruf, a health ministry official said, "The eHAC from the old version is different from the eHAC system that is a part of the new app”. "Right now, we're investigating this suspected breach". 

PeduliLindungi Leak

A data search function on the PeduliLindungi-application enables anybody to search for personal data and information on COVID-19 vaccination for Indonesians, including that from the president, Damar Juniarto, a privacy rights activist who also is the vice president of regional government relations at technology firm Gojek, as per a Twitter thread. 

Zurich-based cybersecurity analyst Marc Ruef has shared a screenshot with the President of a compromised COVID-19 vaccination certificate, as it includes his national identity number. However, Ruef did not specifically mention whether PeduliLindungi's data was disclosed. All this explicates that personal identification data and confidential information is scattered everywhere. 

While the Government admitted the breach of the eHAC data and presented a plan of action for the analysis and restoration of flaws, PeduliLindungi has been exonerated. 

The Ministery of Communications and Information Technology of the state, called Kominfo, states that the data on the president's NIK and vaccination records did not originate in the database of PeduliLindungi.

Experts claim such data violations highlight the inadequate cyber security architecture in Indonesia. In May, the officials also conducted a survey on the alleged violation by the state insurer of the country of social security data.

COVID19 Vaccine Fraudsters Targeted Health Authorities in 40 Countries

 

INTERPOL has issued a global alert regarding organized criminal organizations approaching governments and peddling COVID-19 vaccinations through fraudulent offers. 

After INTERPOL reported about 60 incidents from 40 nations, the international law enforcement organization sent a warning to all 194 member countries. 

The staff of hospitals and health ministries was targeted, with fraudsters promising to offer COVID-19 vaccinations that had been licensed for distribution in their respective countries. To mislead their victims, the hackers pretended to be executives of vaccine manufacturers or government officials in charge of vaccine distribution. 

To finalize the deal, the fraudsters targeted their victims' work and personal email accounts, as well as tried to contact them over the phone, cold calling, and pitched about fraudulent vaccines. The fraudsters' techniques should raise certain red flags as vaccination purchases are negotiated on a government level or, in the case of the European Union (EU), by a special Joint Negotiation Team.

Vaccine producers also played a key role in drafting the warning, since INTERPOL based it on information supplied by the manufacturers, stressing additional scam strategies such as the use of counterfeit websites and social media profiles. 

The INTERPOL Secretary General Jürgen Stock stated, “As we see with cybercrime, usually it is the private sector which has the most information about attacks and trends, which is exactly what has happened with these attempted vaccine scams. Even when a fraud fails, it is important that it is reported to the police so that potential links can be identified and also, as in the case of the alert INTERPOL has issued, to warn law enforcement about these threats.” 

He further said that with the pandemic still spreading and nations striving to vaccinate their citizens promptly and safely, the vaccine rollout process needed to be safeguarded from the beginning of the production process until the vaccines are distributed. 

An Ongoing Issue

INTERPOL and the Homeland Security Investigations (HSI) of the United States published a joint alert earlier this year advising against the purchase of fraudulent COVID-19 vaccinations and treatments. 

Throughout the COVID-19 pandemic, cybercriminals have been highly active, attacking everyone from ordinary individuals to medical companies and government agencies engaged in the vaccine development, approval, and distribution process.  

Scammers have deployed a series of COVID-19 vaccine-related frauds in the past year, hacked an Oxford University research lab working on strategies to prevent the COVID-19 pandemic, and even hacked the European Medicines Agency and disclosed stolen vaccine papers. 

To avoid being scammed, using a trustworthy security solution with a spam filter is one of the simplest ways to remain secure. If people get an unsolicited email from someone they don't know, they should be extremely cautious and look out for general red flags.

Despite Data Leak and Glitches, Foreigners able to Register on Vaccine Site

 

Thailand's new vaccination appointment registration website, expatvac.consular.go.th, has received mixed reviews since its launch. 

Many people reported that they had a variety of issues, and a few mentioned that they eventually received emails confirming their registration and upcoming appointments. Consequently, it resulted in a data breach.

The vaccination registration site went live at 11 a.m., and within minutes, users were complaining about crashes, glitches, and the fact that their personal information was accessible online. Screenshots of publicly accessible backdoors that disclosed the emails and personal information of over 20,000 applicants began to surface online, raising worries about safety and privacy. 

The data leak looks to have been rectified now. Many people reported that the system failed at the point where they typed their email address and the vaccination registration site started crashing or an error occurred prompting them to start over or refresh the page. When they did so, the system refused to accept their email address. The backend database recorded their information while the site went down, and as a result, the email address had already been used and was declined. 

Some others recommended that using the same email address they used for immigration was the workable option. Many people advised saving photos of the passport and visa, as well as any pertinent medical paperwork. People stated that they were able to attempt again and again despite the crashes, failures, and site outages, and eventually made it through the procedure. 

A user shared their confirmation email, stating the successful enrollment, and would receive another email later offering a vaccine appointment that must be confirmed within 24 hours. The message also stated that the site will schedule appointments for vaccination centers outside of the greater Bangkok area. 

The Ministry of Public Health will allocate a vaccination site in the region for people who live in areas other than Bangkok and neighboring provinces (Nakorn Pathom, Nonthaburi, Pathum Thani, Samut Prakan, and Samut Sakhon). The vaccine schedule will be defined by the Ministry of Public Health's priorities, which include age group, vulnerability, and high-risk zones, among other criteria. 

Despite several difficulties, officials appear to be working efficiently to fix concerns, and registrations appear to be proceeding. It is suggested that if foreigners find problems, they should keep attempting while the vaccination site opens and stabilizes.

Hacker Hacks Underground Covid Vaccine Market On Dark Web

 

In a recent cybersecurity incident, an attacker hacked down a vaccine marketplace that was running on the dark web. The attacker then placed fake orders, cancelled them after making a refund in Bitcoins worth $752,000, a report released on Thursday says.  As per a blog on the market's forum, the attacker managed to find a way to make fake orders, which he cancelled immediately using the seller account of the trader, and immediately made the refunds in the wild, which was withdrawn in an instant. 

Checkpoint research says the method allowed a hacker to make 13 Bitcoins (BTC), an amount equal to $752,000. Currently, the vaccine marketplace on the dark web which was selling these products is down because of the hack.  But, the attack hasn't put a stop to the sale of Covid-19 relief products on the dark internet. Following the marketplace shutdown, another hacking forum was framed using the same address, offering various ads along with Covid-19 vaccines (documents included) and that too on heavy discounts for promotional purposes.  

Cybersecurity experts recently found out that fake Covid-19 vaccine certificates and duplicate Covid-19 test results were being sold on dark internet and hacking platforms for amount as low as Rs 1800 ($25) and up to Rs 18,000 ($250) for people that are looking to book flights, travel across borders, finding a new job or attending a function.  If an interested user wants to get these 'fake certificates,' he can simply obtain them by sending their details and money to the seller on the dark web, the seller will then e-mails back the forged documents for $250. 

Research from Checkpoint revealed that fake negative Covid-19 test results are available on the dark web for a mere amount of $25.  Covid-19 vaccine ads on the darknet have had a 3 fold increase since the last three months. The selling forums on the dark internet are based from European countries like Spain, Russia, France, and Germany. According to experts, "The vaccines advertised include Oxford-AstraZeneca (at $500), Johnson & Johnson ($600), the Russian Sputnik vaccine ($600) and the Chinese SINOPHARM vaccine." Checkpoint research says, "as a result, the marketplace is down completely since, and at this point of time is yet to be restored online."

NHS Urged Public to Remain Vigilant Regarding Fake Covid-19 Vaccinations

 

Fraudsters are tricking people in the UK via fake Covid-19 vaccination invites, scammers are posing to be from the UK’s National Health Service (NHS), and are sending fake emails including a link to enroll for the vaccine.

NHS has alerted the public by tweeting on their official account that no registration is required for the real vaccination. We would never ask for bank details, verification of documents such as your passport, driving license, bills, or payslips, and no payment is required for the vaccination.

The multiple variants of phishing emails are floating around the internet but they all point towards the NHS, claiming a message from the NHS website ‘noreply@nhs.gov.uk’ (the original NHS website is NHS.uk). Scammers are using mail subject identical to “IMPORTANT – Public Health Message. Decide whether if you want to be vaccinated”.
 
Cybersecurity consultant Daniel Card explained that traffic data is suggesting fraudsters have tricked thousands of recipients to click on the fake website but it remains unclear how many recipients have filled in the form. National Cyber Security Centre and Action Fraud have urged people to report scam emails or texts.

Health secretary Matt Hancock stated that “vaccines are our way out of this pandemic, it is vital that we do not let a small number of unscrupulous fraudsters undermine the huge team effort underway across the country to protect millions of people from this terrible disease”.

This was not the first phishing campaign related to the covid-19 vaccination, at the start of this month fraudsters sent bogus text messages to the recipients posing to be from the NHS and asking recipients to register for a vaccine and provide bank details for verification.