A Brief Weekly Review of Top Stories that Dominated the Cyberworld

The world of cybersecurity saw a slew of significant events in the past week. New research indicated that the coronavirus pandemic and work from home (WFH) requirements are prompting a spike in cyberattacks against banks and insurance companies. But the headline of the week was healthcare service provider UnitingCare Queensland being hit by a cyberattack.

Here’s a brief roundup of the major developments of the past week.

Coronavirus, WFH cause rise in cyberattacks against banks, insurers

As per new research, Covid-19 and work from home (WFH) requirements are causing a major surge in cyberattacks against financial institutions.

A COVID Crime Index 2021 report observed how the remote working model is affecting the banking and insurance industries.

As the pandemic continues to have an extensive impact, the swift transition to WFH models is being loosened in some neighborhoods, but many organizations are choosing to either continue letting staff work remotely or are adopting hybrid working practices.

But security has proven to be a challenge as well. According to the research, 74% of banks and insurers have experienced an increase in cyberattacks since the beginning of the pandemic, with “criminal activity” spotted by financial entities has mounted by close to a third (29%).

UnitingCare Queensland struck by cyberattack

Earlier this week, a cyber-attack hit healthcare service provider UnitingCare Queensland (UCQ), rendering some of its digital and technology systems inaccessible.

UCQ operates aged care facilities and numerous hospitals including St Andrew’s War Memorial Hospital.
Chinese firms covertly own almost a third of top VPNs, while other owners are based in countries with weak or no privacy laws, possibly putting users at risk, security experts have warned.

Local media reports suggest that the incident was allegedly triggered by ransomware which had affected email and operations booking systems, causing staff to turn to paper-based procedures.

Apple fixed macOS Gatekeeper bypass flaw exploited in the wild

Technology giant Apple issued a wide range of security fixes resolving issues including an actively exploited zero-day flaw and a separate Gatekeeper bypass vulnerability.

One of the most prominent fixes is for a flaw found by Cedric Owens. Tracked as CVE-2021–30657, the flaw let hackers circumvent Gatekeeper, Apple’s built-in protection mechanism for code signing and confirmation.

 
In a blog post, Owens mentioned how cybercriminals could easily create a macOS payload that is not checked by Gatekeeper.