Monthly Archives: August 2021

How Digital Vaccine Passports for Global Travel Work

• August 26, 2021
• by:  RKN Global 
• note: 0 Comments

Countries around the globe are turning to digital vaccine passports to allow people to travel and enter into their borders. Different countries, including China, France, the UK, the US, the EU, and Australia, have introduced different versions of COVID-19 digital vaccine passports and certificates to allow tourists and citizens to visit different attractions and events.

But as more countries introduce these certificates, the question remains: how will vaccine passwords for global travel work?

Digital Vaccine Passports: The Rise of COVID-19 Vaccine Certificates

Countries like the US rolled out various contact-tracing applications in the wake of the pandemic as a measure to track infected people. In addition to these applications, there are digital certificates for proof of vaccination. These serve as an additional measure to control the spread of the virus and its variants across borders.

Countries like the UK have adopted the NHS app to allow their citizens to prove their vaccinated status when traveling abroad. Even the WHO has consulted in developing a Smart Vaccination Certificate. This is despite its discouraging requiring digital vaccine certificates for international travel.

In expressing its concerns, the WHO has cited the likelihood of alienating certain groups of travelers and countries. Various groups have also raised privacy concerns with these passports.  One concern is that cyber criminals are likely to target them due to the personal information contained therein.

Countries like the UK have adopted a password-protected system to ensure that the vaccine passport does not disclose any other health records except proof of vaccination or negative test results.

COVID-19 vaccination certificates rely on smartphones. In the case of EU’s COVID-19 Travel Pass, the vaccine certificate contains a QR code. The destination country scans the QR code to verify the traveler’s vaccination status.

These vaccine passports will likely to work together with various travel apps that already exist to allow travelers to verify their COVID-19 status before traveling.

The International Air Transport Association (IATA) has the IATA Travel Pass, which allows travelers to verify their COVID-19 results at their destination country. IATA Travel Pass adopters include airlines such as Qantas, Emirates, British Airways, Virgin Atlantic, and Japan airlines. A rival app, the CommonPass, has adopters such as airlines Cathay Pacific, JetBlue, Lufthansa, and United.

Digital Vaccine Passports and The Question of Fakes

In recent months, RKN Global has drawn attention to the phenomenon of fake Coronavirus certificates. Authorities have arrested travelers using or selling fake coronavirus result certificates.  Media outlets have interviewed others, who have openly admitted their activities.

With this in mind, the question of travelers faking their vaccination passports arises. But digital vaccine certificates have the potential to combat fakes and counterfeits.

Public Perception of Digital Vaccine Passports

In countries like the US, citizens increasingly support the use of digital or print COVID-19 vaccine passports for domestic and international travel.  Part of this may be attributable to the surge of the Delta variant through different parts of the world.

Stakeholders in the tourism industry have also supported the use of vaccine passports for international travel.

Bottom Line

Vaccine passports present a ray of hope for the tourism industry as well as travelers moving from country to country for business or pleasure. With these certificates, travelers can prove their vaccination status and avoid mandatory quarantine.

Data Breaches and Cyber Attacks during the Pandemic

• August 12, 2021
• by:  RKN Global 
• note: 0 Comments

COVID-19 affected more than our health.  It forced us to change the way we work, learn, and interact with others. With these changes came an increase in cyber attacks, as criminals found new ways to exploit the sudden disruption that COVID-19 has caused. As criminals reinvent themselves, they have launched a number of cyber attacks on institutions and businesses throughout 2020 and 2021. Here are some of the high-profile data breaches and cyber attacks.

1.       Data Breaches and Cyber Attacks: Kesaya

IT Company Kesaya was hit with a sophisticated cyber attack early in July 2021. The attack targeted the company’s VSA software, which IT departments use to manage and monitor computers remotely. While Kesaya said only about 0.1% of its clientele was affected, about 800-1500 small to medium-sized businesses may have been compromised in the attack.

According to Huntress, a cybersecurity firm helping Kesaya deal with the cyber-attack, the attack began through an authentication bypass vulnerability on Kesaya’s web interface.

Once the attackers exploited the vulnerability, they circumvented authentication controls. They then uploaded a malicious payload, and executed commands through an SQL injection.

The ransomware group REVil claimed responsibility for the attack. The group has also been linked to other high-profile attacks against Acer, JBS, and Travelex.

2.      Data Breaches and Cyber Attacks: Colonia Pipeline

Colonial Pipeline became the victim of a cyber-attack in late April 2021. The attack by the DarkSide gang disrupted gas supplies along the US East Coast, causing panic and reckless behavior among consumers.

The attack against Colonial Pipeline targeted its billing systems and internal business networks. In the end, the company paid the demanded $4.4 million in bitcoin.

The hackers also stole about 100 GB of data, threatening to release the data to the public if the company failed to pay the ransom.

The company finally resumed operations on May 12, after a six-day disruption to its pipeline operations.

Fortunately, the FBI recovered most of the bitcoins used to pay the ransom. However, it did not disclose how it obtained the private key.

3.       Data Breaches and Cyber Attacks: Volkswagen & Audi

A marketing service supplier in June 2021 left exposed the data and personal identifying information of 3.3 million people in the US and Canada. The data breach revealed the names, mailing addresses, email addresses, and phone numbers of those affected. The breach also exposed extensive details about vehicles, including vehicle identification numbers. Driver’s license numbers for about 90,000 people in the US were also leaked in the data breach.

According to Volkswagen, the marketing service collected data between 2014 and 2019, and left that data unsecured for 21 months up to May 2021.

4.       Data Breaches and Cyber Attacks: Forefront Dermatology

A data breach of Forefront Dermatology exposed the personal data and medical records of up to 2.4 million patients. The breach also exposed the private employees of the healthcare provider.

The data leaked included names, dates of birth, addresses, and insurance information of patients.  It also included medical record numbers, accession numbers, clinical treatment information, and dates of service. The criminals gained access to Forefront Dermatology’s IT systems between May 28 and June 4, 2021.

Overcoming Cybersecurity Challenges

These cyber attacks and data breaches are barely the tip of the iceberg of the increasing cyber attacks facing governments, institutions, and businesses. With cyber attacks on the rise, it may well be only a matter of time before your business is the next victim.

Ronald K. Noble, former Secretary General of INTERPOL, recommends that businesses take action to protect themselves from cyber attacks.  Taking preventive measures to protect your business as much as possible can help minimize the “attack surface,” the areas which criminals can exploit. In addition to preventative measures, organizations should have a plan of action in place to guide them when responding to cyber attacks or data breach incidents.