Daily Digest (11/30)

UK to Create Watchdog to Regulate Big Tech; NK Hackers Suspected of Targeting COVID Vaccine Maker AstraZeneca; Cancer Patients at University of Vermont Medical Center Turned Away After Ransomware Attack; Amazon Sidewalk Customers to Get Automatic Opt-In.

UK to Create Watchdog to Regulate Big Tech

Britain plans to create a new watchdog to oversee big tech companies, including Facebook and Google, to prevent them from exploiting consumers and to counter their market dominance.

U.K. government officials said Friday that a “Digital Markets Unit” would be created next year to enforce a new code of conduct for Big Tech and to oversee a new regime designed to encourage more competition, The Associated Press reports.

The unit is scheduled to launch in April.  

U.K. Digital Secretary Oliver Dowden said told AP that online platforms brought benefits to society, “but there is growing consensus in the U.K. and abroad that the concentration of power among a small number of tech companies is curtailing growth of the sector, reducing innovation and having negative impacts on the people and businesses that rely on them.”

The new code would require tech companies to disclose how they used consumer data and would let users choose if they wanted to receive personalized advertising.

The watchdog also could suspend, block or reverse decisions made by the companies and order them to take actions to comply with the code.

In response, Ronan Harris, Google’s vice president for U.K. and Ireland, told AP: “We support an approach that benefits people, businesses and society — and we look forward to working constructively with the Digital Markets Unit so that everyone can make the most of the internet.”

Facebook declined to comment, AP reports.

Sources (all links external):

NK Hackers Suspected of Targeting COVID Vaccine Maker AstraZeneca

North Korean hackers are suspected of trying to break into the systems of the British drug maker and COVID-19 vaccine developer AstraZeneca in recent weeks, two people with knowledge of the matter told Reuters.

The sources, who spoke on condition of anonymity, said the tools and techniques showed that the alleged attackers were part of a hacking campaign that cybersecurity researchers and U.S. officials have attributed to North Korea, Reuters reports.

According to the report, the hackers posed as recruiters on LinkedIn and WhatsApp with fake job offers and then sent documents that claimed to be job descriptions that were laced with malicious code designed to gain access to a victim’s computer.

The attempts targeted a “broad set of people,” including staff working on COVID research, one source said.

The efforts were not believed to have been successful.

The North Korean mission to the United Nations in Geneva did not respond to requests for comment from Reuters.

Cancer Patients at University of Vermont Medical Center Turned Away After Ransomware Attack

The University of Vermont Medical Center (UVMC) was the victim of a national cyberattack in October that targeted patient records at its hospitals across the region.

The Oct. 28 ransomware attack forced clinicians to turn away hundreds of cancer patients for weeks after the electronic medical-records system was shut down, The New York Times reports. 

The systems were restored last Sunday, nearly a month after the cyberattack.

“To recover from something like this is going to take months and months and months,” said Olivia Thompson, a cancer center nurse. “It feels like we are all alone and no one understands how dire this is.”

On Oct. 23, U.S. officials warned hospitals about a “credible threat” of attacks, which came shortly after several hospital networks, including the Vermont university’s health network and the St. Lawrence County health system in upstate New York, were affected by cyberattacks, the Times reports.

In the interim, the Vermont cancer center only was able to serve one in four of its chemotherapy patients.

“My really good friends are ICU nurses, and they’re like, no big deal, all we have to do is paper-charting,” Colleen Cargill, the charge nurse, told the Times.

“To look someone in the eye, and tell them they cannot have their life-extending or life-saving treatment, it was horrible, and totally heart-wrenching.”

Amazon Sidewalk Customers to Get Automatic Opt-In

Amazon said Friday that its customers automatically will be opted into its Sidewalk feature to launch later this year.

The company said it also would connect its Alexa devices using the service to nearby WiFi networks, even those owned by others, Business Insider reports.

Sidewalk is to use Alexa devices, including Echo and Ring video doorbells, to create a “shared network” that is meant to help “devices work better,” Amazon told device owners by email.

“These Bridge devices share a small portion of your internet bandwidth, which is pooled together to provide these services to you and your neighbors,” Amazon said. “And when more neighbors participate, the network becomes even stronger.”

That Sidewalk would enable home network access by default has prompted the most serious concerns, Forbes reports.

Jake Moore, cybersecurity expert at ESET, cautioned Amazon users “to really think about the need for such requirements and to err on the side of caution by manually turning it off.

“Amazon has made this a default opt-in feature, which could be a dangerous recipe for disaster, not knowing what these devices are really connected to,” he said.

But an Amazon representative told Business Insider in a statement: “Well before Sidewalk launches, we will notify existing customers with eligible Bridge devices so they can consider the benefits of Sidewalk before deciding if they want to change their preferences.”

Baltimore County Public Schools Cancel Classes After Ransomware Hit

The Baltimore County Public School (BCPS) system in Maryland canceled classes last week after a ransomware attack shut down internal networks Wednesday.

Described by officials as “a networking issue,” the outage affected the schools’ email and grading systems, The Verge reports.

Mychael Dickerson, the district’s chief of staff, confirmed on Twitter that the outage was believed to have resulted from a ransomware attack.

“We were the victim of a ransomware cyberattack,” he said. “Our BCPS technology team is working to address the situation.”

Baltimore County police also have reached out to the FBI, the Verge reports.

But Baltimore County Police Chief Melissa Hyatt declined to be more specific. “We are in the preliminary steps of that investigation,” she told The Baltimore Sun.

No timeline has been set on when school, which is online because of COVID-19, will resume in the county.

By DPN Staff