Tensions between the US and Iran, already high over attacks on tankers in the Arabian Gulf and ongoing disputes over Iran's nuclear ambitions, have risen significantly in the wake of Iran's shootdown of a US Air Force RQ-4A Global Hawk reconnaissance and surveillance drone. The US says the drone was in international airspace over the Straits of Hormuz; Tehran says the RQ-4A was flying over southern Iran. Cyber battlespace preparation appears to be underway: WIRED says that Dragos and CrowdStrike have reported a surge in phishing emails deployed against a range of American targets. The actor is said to be APT33, also known as Magnallium or Refined Kitten. FireEye, without naming the threat actor, says it's seeing much the same. It's not known if any of the attempts have been successful, nor is it clear whether their goal is reconnaissance or staging.
Under pressure to do something about abuse of its platform to foment violence in Sri Lanka and Myanmar, Facebook is trying something other than content moderation: "introducing friction." TechCrunch says Facebook will limit the number of times users around the region can share a message. For now, the limit is five.
ESET and Malwarebytes are tracking similar cross-platform cryptominers, respectively LoudMiner and BirdMiner. They share some infection vectors. Trend Micro also has its eye on a cryptominer: this one a Satori-like botnet that arrives via the Android Debug Bridge.
Agari tells Axios that email scammers run their operations like a business, complete with consultants and lead generation systems.