This week, both Apple and Microsoft issued patches to fix serious zero-day vulnerabilities that should be applied as soon as possible. That means that if you have an iPhone or iPad, you may want to plug your phone or iPad in and apply the newest iOS 15.0.2, which is what I just did as I was writing this post.

 The Apple vulnerability (CVE-2021-30883) is actively being used by threat actors against iPhone and iPad users to attempt to install malware and steal data, so click on that software update sooner rather than later. It only takes a few minutes.

On its Patch Tuesday earlier this week, Microsoft issued patches for over 80 vulnerabilities in the Windows operating system, including Windows 11 and other products. Three of the patches were deemed critical, which means that exploitation of the vulnerabilities could allow the threat actor to take over control of systems remotely. For more information about the patches, and a designation of their criticality or importance, click here.

Threat intelligence firm Mandiant released findings about a new Russian based hacking group dubbed FIN12, which is targeting the health care industry and companies with revenue over $300 million. Mandiant said that FIN12 is “very aggressive and brazen in who they target.”

According to Mandiant, FIN12 uses different hacking techniques and tools to infiltrate targets, stays in the company’s system for only two days, does not exfiltrate data or use double extortion techniques, and uses Ryuk malware. FIN12 is financially motivated and targets companies who have critical systems that can’t be down for long periods of time and are relying on companies to pay quickly to get their system back up quickly, almost as a cost of doing business.

This is an unfortunate reality that many companies are facing: pay to get back up and running and resume business operations, or fight the hackers and maybe lose more money than the price of the ransom? With these business decisions, it is understandable why combatting ransomware attacks is so difficult when you are right in the middle of one.

DAL Global Services LLC, an aviation ground handling service provider, was hit with a proposed biometric privacy class action in April of this year in the U.S. District Court for the Northern District of Illinois. This week the court ruled that the class action may proceed after the court ruled that the plaintiff’s claims were not preempted by other state and federal laws as argued by DAL.

Plaintiff, Eric Nseumen, brought claims against DAL, his former employer, for alleged violations of the Biometric Information Privacy Act (BIPA). Nseumen claimed that DAL violated BIPA by collecting his biometric data as part of its timekeeping system during his employment as a forklift operator at Chicago O’Hare International Airport without first obtaining consent. However, DAL argued that BIPA is preempted by the Airline Deregulation Act and the Illinois Workers’ Compensation Act.

District Judge Matthew F. Kennelly explained in his decision that the Airline Deregulation Act prohibits states from enacting or enforcing laws that have the “force and effect” of law related to “a price, route, or service of an air carrier that may provide air transportation.” (emphasis added). While DAL argued that this preempted BIPA, Judge Kennelly disagreed: “BIPA does not expressly refer in any way, shape, or form to airline-related services [. . .] [a]nd its impact on DAL’s services or prices is, at most, remote.”

Further, Judge Kennelly also rejected DAL’s argument that the Illinois Workers’ Compensation Act barred BIPA claims, holding “Extended analysis is unnecessary; the Court agrees on this point with its colleagues, who as best as the Court can determine have uniformly rejected similar arguments regarding BIPA claims by employees.”

This is yet another warning to employers to determine what biometric data collection laws apply to them and to determine what they must do to comply (such as getting prior consent) with those laws.

When you are educating your employees about the importance of maintaining a complex password or passphrase, share this story to show why it is so important and to emphasize not to use same or similar passphrases across multiple platforms. It is not just a matter of getting into the company’s systems, but also one of national security.

This week, Microsoft shared research “that it is likely” that Iranian-backed hackers launched attacks against more than 250 U.S. and Israeli defense contractors and global maritime companies through Office 365 accounts, and were successful 20 times.

The Iranian-backed hackers used a “password spraying” techniques, that is, rapidly spraying the account with compromised passwords to see if one will work. It is disappointing to see how often this technique works to access an account. The reason why it works is because employees are using the same password across different platforms, which the hackers know, and when a password is compromised and sold on the dark web, they know where and when to use it, with devastating consequences.

Microsoft predicts that Iran and its hackers will continue this activity, particularly against defense contractors and the shipping and maritime industries.

Educate your employees on how important their passphrases are to company data and national security as foreign adversaries are using these easy techniques to gain valuable company data as well as data important to national security.

Last month, in Canada, a 63-year old engineer received his lung transplant via drone delivery. This was the world’s first drone-delivered lung transplant. The drone flew for approximately 6 minutes from Toronto Western Hospital across the city to Toronto General Hospital to deliver the organ. The organ was packed in a lightweight, carbon fiber container suspended from the drone. This maiden voyage stems from Sirius Satellite Radio co-founder, Martine Rothblatt’s, desire to cut the wait-list in Canada. In 2020, 2,622 Canadians received transplants, 4,129 were on waiting lists and 276 died before an organ came available. Rothblatt started United Therapeutics in 1996 after his daughter was diagnosed with pulmonary arterial hypertension, and the drone that delivered this lung belongs to Unither Bioelectronique, which is a wholly owned subsidiary of Unither.

In 2019, the first organ delivered by a drone was completed by the University of Maryland Medical Center in Baltimore, with a drone-delivered kidney. Thereafter, MissionGo and Nevada Donor Network sent corneas on a 5-minute flight, a kidney on a 25-minute journey and, in May of this year, a pancreas was shipped via Minnesota’s skies.

This method is increasingly likely to become the norm in health care as a fast, safe way to deliver organs in the timeliest manner.

If you think the Russians are only targeting U.S. companies and the defense industry, think again. The cyber war between Russia and the U.S. has escalated since the President threw down the gauntlet on Putin, and the retaliation is to attack Gmail users in the U.S. Yes, Gmail users are part of the war.

According to Google’s research, last month, Russian hackers (APT28 or “Fancy Bear”) targeted around 14,000 Gmail users, which it claimed to be an above-average number of attacks in one month. Although 14,000 Gmail users is relatively small, it shows that hackers are sneaky and trying different techniques to gather information, disrupt users, and hop from one target to the next.

According to the alert from Google, “we detected government-backed attackers trying to steal your password…if they are successful at some point they could access your data or take other actions using your account.”

Google recommends that all users keep Microsoft Word up to data and open Microsoft Word documents with Google docs.

As hospital systems become more hardened to cyber-attacks, cyber criminals are focusing their efforts on smaller providers, such as outpatient clinics, specialty clinics and business associates, according to a report by Critical Insight.

The report states that “Data on cyber-attacks from the first half of 2021 shows criminals are changing targets within the healthcare ecosystem, with breaches increasing for outpatient facilities and business associates. The data also shows some long-term trends continuing, with overall attacks on an upward trend.”

Analyzing data on the Department of Health and Human Services’s breach reporting website, the report states that “more than 70% of the breaches reported during the first six months of 2021 were classified as a ‘hacking/IT incident….Outpatient facilities, including family medicine and specialty clinics, were a common source of data breaches, and business associates were heavily targeted as well.”

Key findings of the report show:

  • Breaches up nearly 2x since 2018 and on an increasing trajectory;
  • Increase in breaches attributed to hacking/IT incidents, with the number of hacking/IT incidents up over 3x since 2018 and on an increasing trajectory;
  • Business Associates now account for 43 percent of all health care breaches, the continuation of a three-year upward trend; and
  • Outpatient facilities and specialty clinics were breached nearly as much as hospitals in H1 2021.

The message is clear that threat actors are shifting their targets to smaller entities that may not have sophisticated security measures in place to defend themselves against attacks and these attacks have been successful. The trend is alarming and worthy of attention for smaller healthcare entities and business associates.

Google Chrome, touted as the world’s most popular browser (you’ve made it when your brand becomes a commonly-used noun), has issued patches for zero-day vulnerabilities that it or external researchers have identified as being exploited in the wild. Kudos to the research team at Google, as well as outside researchers who help identify vulnerabilities before they are widely exploited.

The four patches released include one designed to address a memory-corruption bug that was listed as high severity, and another described as an “information leak in core” that was listed as medium severity.

Patching any vulnerabilities discovered and issued by a manufacturer is an important part of an enterprise-wide information security program. Google’s security alert can be accessed here.

Trucking company Forward Air revealed in a filing with the Securities and Exchange Commission that it suffered a ransomware attack in December 2020 (reportedly by Hades), which caused business disruption as it was forced to “suspend its electronic data interfaces with its customers.” The attack also inhibited its ability to release freight for transport.

Forward Air is now notifying current and former employees that their personal information was “potentially viewed or taken by an unknown actor.” The data that were compromised included names, addresses, dates of birth, Social Security numbers, passport numbers, bank account numbers, and driver’s license numbers.

Forward Air is offering the effected individuals with one year of credit monitoring.

One of the most prevalent areas for drone use is within the agricultural industry, in which drones offer the potential to address several major challenges. Recently, Global Market Insights predicted that the agricultural drone market will surpass $1 billion by 2024. What drives that growth? Most likely it is the increasing technological advancements that are focused on enhancing quality farming techniques, and the increased need for automation due to the lack in skilled labor in that space.

Drones can improve many different aspects of the agricultural industry. For example, drones can carry out crop monitoring, soil assessment, review of plant population, irrigation and drainage, fertility and crop protection, spraying of fertilizer and pesticides, and harvest planning.

One specific example: a drone can fly over a farm property to take aerial images of the crops using red, green, blue, red edge, near-infrared, and thermal image bands. With those images, the farmer can then create normalized difference vegetation index (NDVI) maps. Then these NDVI drone-created mapscan be used to help analyze and assess whether the target crop or area being observed contains live green vegetation or not. Digital surface maps, thermal maps, and other types of maps can also be generated using the images gathered by the drone. This information can increase crop production, lower water usage, and uncover many other types of issues, such as the presence (and prevalence) of pests. The infrared images can also help determine the health of crops. All of this can be done with the push of a button using a drone.

Why is this important? Not only does this help to fill some of the labor gap, but a farmer also now has the ability to gather and review this type of information so efficiently and effortlessly (and to adjust tactics and plans just as easily), that they can maintain (and keep) the farm running and producing crop. As the statistics show, drones are surely a vital technological component to the future of farming and agriculture.