The CyberWire expects to continue publishing normally throughout the disruptions the COVID-19 pandemic is imposing in the US and elsewhere. We wish all of our readers and listeners safety and good fortune amid the hardship.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
COVID-19 spoofing, phishing, disinformation, and ransomware. Secure remote work. BEC arrests.
The COVID-19 pandemic continues to provide raw material for both state-directed and criminal campaigns. The technique has generally been to couple spoofing with coronavirus-themed phishbait, as BAE Systems notes in an infographic display of recent activity. NBC News summarizes some of the operations FireEye and CrowdStrike are seeing: Russian services working against Ukraine, North Korea against South Korea, and Chinese services against targets in Southeast Asia.
There’s also an ongoing Chinese disinformation effort to blame (through insinuation and implausible insistence) the virus on a US biological warfare program. Foreign Ministry spokesman Zhao Lijian tweeted Friday that the US Centers for Disease Control’s inability to unambiguously identify a US patient zero in some way suggested that the US Army brought the disease to Wuhan, the city where the outbreak was first noticed. CNN reports that the US State Department summoned the Chinese ambassador to Washington for a dressing down over the Foreign Ministry’s remarks.
Criminal gangs are also using COVID-19 as phishbait (“fearware,” the Independent calls it). Ransomware operators are also using the pandemic as an opportunity to hit healthcare organizations responding to the virus: a recent victim was University Hospital Brno in the Czech Republic, CyberScoop reports.
There’s much advice on offer about securing telework. The US Cybersecurity and Infrastructure Security Agency (CISA) recommends virtual private networks (VPNs), with advice on how to use them securely and effectively. Atlas VPN reports a global surge in VPN use.
US authorities have arrested two-dozen people in connection with money-laundering and BEC scams.
Today's issue includes events affecting China, Czech Republic, European Union, India, Kenya, Democratic Peoples Republic of Korea, Pakistan, Russia, Ukraine, United Kingdom, and United States.
Bring your own context.
Notes on security training.
"And contrary to, you know, what may have been the old belief, it's not enough to release a kind of once-a-year security awareness training, where you make sure to cover the stuff that your employees don't know about. You've got to be regularly communicating to employees in a variety of different ways about the risks that they face if you're going to slowly, gradually nudge them in the direction of really cybersecure behavior."
The content of training should keep pace with the shifting threats.
Check out CyberWire Pro for new, timely briefings on developing news.
If you haven't yet, take a look at CyberWire Pro, launched just two weeks ago. A new subscription program, CyberWire Pro is designed for security professionals and all others who want to stay abreast of this rapidly evolving field. CyberWire Pro is a premium news service that will save you time and keep you informed.
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. Join us April 14 to discover the most common ways organizations unintentionally put themselves at risk. This webinar will also highlight different strategies for mitigating the threats, from Security Information and Event Management (SIEM) tools to employee education. Register for the webinar.