In this week’s Cyber News roundup, we take a look at the latest state to launch a COVID-19 contact tracing app, the numerous popular web browsers dealing with malware issues, and the ransomware attacks targeting K-12 schools.

Here goes:

Contact Tracing Goes West

Announced approximately 4,245 days ago in April 2020, mobile contact tracing has finally reached its home state. Developed by Silicon Valley staples Google and Apple earlier this year to combat the spread of the coronavirus, mobile contact tracing was finally announced as part of California’s latest effort to contain COVID-19 as hospitals across the state near their capacities. 

California Gov. Gavin Newsom launched the smartphone app, dubbed CA Notify, shortly after instituting a new (albeit familiar) stay-at-home order for the state. Both Apple and Android users in California could begin participating in the opt-in contact tracing program as early as Dec. 10. 

As noted in previous blog posts, the app makes use of anonymous Bluetooth data to determine when people (by virtue of the smartphone in their pocket) are within 6 feet of each other for more than 15 minutes. People who test positive for the virus will receive a verification code from the state, which is manually uploaded to the app and ultimately used as a way to notify other users who may have come in contact and been exposed.

“The more people that participate in it, the more that opt in, the more effective this program can be,” Newsom said. “We are hoping there will be enough to make this meaningful.” 

Therein lies the problem, though: While the application could be useful to combat the spread of the coronavirus, it is only a useful tool if it is widely adopted. And, to be clear, it isn’t because it hasn’t been. At least not historically. 

Approximately 5% of people in New York have downloaded the state’s contact tracing app, COVID Alert NY, since it became available in early October. That’s nowhere near the preferred 60% adoption rate researchers say is ideal, according to the University of Oxford. Worse yet, Gothamist reports that of the 180,000 New Yorkers who tested positive for COVID-19 since the app launched, only 3,000 people actually had the program installed on their devices. That resulted in about 800 people being notified of a potential exposure. That’s… not good. 

Time will tell if California fare any better. 

Your Favorite Browsers Are Struggling to Protect You

Microsoft 365 Defender Research Team unearthed some concerning findings relating to some of the world’s favorite web browsers. The company has identified Adzorek, a new malware strain that infects users’ devices before modifying the settings on their web browsers to insert ads into search results pages. 

Microsoft says the malware has affected multiple browsers, including Google Chrome, Mozilla Firefox, and Microsoft’s own Edge. 

Adzorek is also capable of altering browser settings that include disabling browser updates, disabling file integrity checks, and disabling the Safe Browsing feature, among others. 

What’s the point of all of this? It’s pretty simple, really: The malware developers want to drive traffic toward their websites to make money. While keen observers may be able to identify and avoid the ad-based search results, plenty of people won’t. 

Microsoft suspects the total number of infected users to be somewhere in the hundreds of thousands, stating its research team observed detections of the malware all over the world. 

Ransomware Attacks Targeting K-12 Schools

Schools have never really had it easy. 2020 only amplified that, with the pandemic forcing underprepared teachers onto a virtual environment to try and keep unengaged students locked into an academic year that feels equally unusual and consequential. 

And as if schools didn’t already have it hard enough this year, hackers are here to take it to the next level. The US Cybersecurity Infrastructure and Security Agency (CISA) and the FBI released a statement warning K-12 institutions of an alarming rise in ransomware attacks. 

“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” CISA wrote in its report. “These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.”

The two agencies state that K-12 schools were involved in 57% of the ransomware incidents reported to the Multi-State Information Sharing and Analysis Center (MS-ISAC) in August and September. That’s a jump from the 28% involvement from January to July.