This Week in CyberNews: Sept. 26-Oct. 2 [Cybersecurity & Tech Roundup]

It’s that special time again, when every week we're looking back at the latest breaking news in cybersecurity and tech. This week we’re talking about the student uprising against university spyware, Trump using Facebook to block Black voters, the American hospital cyberattack, recent outages affecting many tech giants, and other big stories from the past week.

You can read the full roundup or watch the video below:

Learning and surveillance, Covid edition

First up is something you’ll probably hear about more and more as students have returned to schools and universities amid the pandemic. Because cases are spiking in lots of schools around the world, universities are forcing students to install what’s known as proctoring apps so that professors and teachers can be sure that students aren’t cheating on tests. Understandable. 

But for many students, the way that these universities are going about ensuring this is becoming invasive. Recently, there’s been a rapid increase in the amount of petitions requesting that schools take a look at these proctoring apps that are essentially invasive programs, much like spyware.

At the University of Texas at Dallas, more than 6,000 have signed a petition to remove Honorlock due to its various privacy violations. This proctoring app can collect students’ faces, driver’s licenses, network information and more. At Florida International University, more than 7,200 students have signed a petition to get Honorlock removed, since it keeps students’ sensitive information for up to 2 years.

Meanwhile, at California State University Fullerton, 4,500 students have signed a petition against Proctorio, since the app requires that students are filmed in their own house in order to take exams. There are also multiple petitions across the country that questions not only the type of data being collected, but the security of these companies.

In July 2020, another proctoring app, ProctorU, had a data breach in which 440,000 users’ data was leaked. Washington State University students want the school to stop using that app.

Even worse is Respondus, the proctoring app used at University of Massachusetts Lowell. Respondus has a Lockdown browser that, as its name suggests, locks down the student’s browser and the entire computer if necessary. Before the test, the student has to wave their webcam around the room.

Multiple privacy experts have raised concerns about how these videos are stored by Respondus, how long they’re being kept, and what exactly is being done with it.

Because, you see, when you use a third party for data collection, that third party can and gives itself the right to do certain things with that data, including analyzing it for its own app improvements, or even selling it. And, remember beyond that, even if the app’s privacy policy states that they won’t sell that data or promises to be very privacy-friendly, that promise may be broken if that app is then sold on to another company.

US hospitals hit with cyberattack

In a particularly villainous turn of events, cybercriminals have hit a major US hospital with one of the largest medical cyberattacks in US history.  Computer systems for Universal Health Services, which has more than 400 locations mostly located in the US, were down over the weekend. While UHS’s website stated that computers were offline due to an IT security issue, an insider stated that the attack looks and smells like ransomware.

Ransomware, by the way, is becoming a huge security issue, as more and more hospitals, businesses, governments and all other kinds of systems around the world are being hit with ransomware. A Bitdefender study showed that there’s been a 715% increase in ransomware detected. This recent hospital ransomware attack follows one from mid September that saw the first death resulting from a ransomware attack in Germany.

So who’s behind all these ransomware attacks? Probably some uber-smart, uber-secretive group of basement-dwelling cybercriminals with years of experience? Unfortunately, the ransomware industry has moved beyond that. Nowadays, there’s the emerging field of ransomware-as-a-service, a subcategory of malware-as-a-service. Much like most software-as-a-service business models ransomware as a service allows pretty much anyone to hire or buy packages of ransomware that can easily be deployed against the chosen targets.

That means that literally anyone who knows how to use a computer and navigate to these forums can, with some cryptocurrency, subscribe to these service and launch the attacks themselves, or upgrade to the premium package and have the bad guys do it for you.

Apple, Microsoft and Google go down

A lot of major online companies have gone down in the last few days. The biggest of them all, Microsoft, had an outage that affected its Azure cloud services. The company also stated that users would not be able to access Office.com, Outlook.com, Microsoft Teams, Power Platform and Dynamics365. Microsoft stated on its Twitter status account that the issue seemed to stem from a recent change, and that it was rolling back the change. This seems to have resolved the issue.

Google also had problems with its suite of services in the past few days. Popular services like Gmail, Google Docs and even YouTube were affected for some users. Google claimed that “a pool of servers that route traffic to application backends crashed” but they were able to resolve that.

Now, Apple is facing the problem. On Tuesday evening, multiple Apple services were hit by outages, including App Store, Apple Music, Apple TV Plus, and Apple Arcade according to Apple’s system status page. While for most of these services it seems that only part of the users were affected for AppleCare in iOS and Apple School Manager, the outage was total, affecting all users. In total, 17 of Apple’s services were affected by this outage. Apple has since resolved the issue

Of course, it’s difficult to not get the tinfoil hat out and say that somehow all of these outages are related. After all, companies don’t usually admit to any breach or major attack until much later, or until some insider leaks it.

At this moment, though, we can’t say that anything of that scale is happening here, as such little information is being made available. Nonetheless, we’ll continue to monitor the outages.

Other important cybersecurity and tech news

1. The major cryptocurrency exchange KuCoin was hacked for $150 million. Based in Singapore, KuCoin confirmed in a statement that a threat actor had breached its systems and emptied all its hot wallets of funds. Hot wallets are connected to the internet, while cold wallets are offline. This is about as good a time as any to mention two things: 1) cryptocurrency exchanges are not regulated enough, and 2) don’t keep currency in hot wallets. Move them offline, because based on our own research, it’s unbelievable just how vulnerable these cryptocurrency exchanges actually are.
2. The Chinese data-harvesting intelligence service company Zhenhua has been collecting the personal data of more than 2 million people all around the world, according to Australian cybersecurity firm Internet 2.0. Some of the people included in the base are prominent political figures like Boris Johnson, India’s Narendra Modi and their families, American military members, academics, celebrities and others. Christopher Balding, an American academic who gave the leaked data to Internet 2.0, was contacted by an anonymous source inside China connected to Zhenhua. He mentioned that the Zhenhua’s main clients are China’s Ministry of State Security and the People’s Liberation Army, and that the information is being strategically compiled by Chinese intelligence for information campaigns aimed at influencing global public opinion.