The CyberWire expects to continue publishing normally through the disruptions COVID-19 is imposing in the US and elsewhere. We wish all of you health and good fortune amid the hardship. Stay safe.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Ransomware uses COVID-19 phishbait. Disinformation about virus origins and the US response. Incident at US HHS.
The widely reported cyberattack on the US Department of Health and Human Services seems, the New York Times reports, to have been an opportunistic and fairly crude probing of the Department’s networks for vulnerabilities. There was speculation that the incident represented a state-sponsored attack, but it also looks like the sort of preparatory distributed denial-of-service attack organizations see all the time. Not much to worry about, a Department of Homeland Security source told the Washington Post.
Proofpoint reports that TA505, the Russian-speaking criminal gang Microsoft calls “Evil Corp” and others know as “Graceful Spider,” is back with a ransomware downloader it’s using against targets in the US healthcare, manufacturing, and pharmaceutical sectors. TA505 is best known for Locky ransomware and the Dridex banking Trojan. The phishbait is coronavirus-themed, and another criminal group, TA564, is doing much the same against Canadian citizens, in this case spoofing the Public Health Agency of Canada.
There’s also some disinformation circulating that attributes COVID-19 to 5G, CNET reports. The virus emerged in Wuhan, various Russian state outlets and their influencer dupes suggest, because there are so many 5G towers in China.
The US National Security Council says foreign influence operations are pushing the line that the US is under a national COVID-19 lockdown, Mother Jones, US News and others report. Much of the disinformation is being disseminated by email, text, WhatsApp, and TikTok, the Washington Post writes, often as images. The messages are harder to screen than would be similar campaigns over Twitter or Facebook.
Today's issue includes events affecting China, India, Iran, Israel, New Zealand, Russia, United Kingdom, and United States.
Bring your own context.
Advice from NSA about cloud migration.
"So there are four main areas of vulnerabilities that we want people to consider as they go; as they move to the cloud. And these are vendor-agnostic. It doesn't matter which cloud service you're using. And they're not in response to any particular threat, but it was threat-informed. So all the things that we see in our world helped us put together this document. I'll also say that we collaborated with industry in making sure that we were talking about the right things in the appropriate ways to help people be the most effective that they could be.
"The four areas that we highlight, and that we want people to consider, are misconfigurations in their cloud services, the implementation of good access controls, the situation of shared tenancy in cloud services and supply chain vulnerabilities. Now, the first two are definitely the most common. Misconfigurations and access controls gets a lot of people into trouble. And it has led to lots of data breaches. "
And the first two, especially, are within an organization's power to control.
Check out CyberWire Pro for timely briefings about developing news.
If you haven't done so yet, take a look at CyberWire Pro, launched just two weeks ago. A new subscription program, CyberWire Pro is designed for security professionals and all others who want to stay abreast of this rapidly evolving field. CyberWire Pro is a premium news service that will save you time and keep you informed.
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. Join us April 14 to discover the most common ways organizations unintentionally put themselves at risk. This webinar will also highlight different strategies for mitigating the threats, from Security Information and Event Management (SIEM) tools to employee education. Register for the webinar.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses health data rules issued by the US Department of Health and Human Services. Our guest is KnowBe4's Kevin Mitnick, sharing his observations on the state of cybersecurity from the RSAC 2020 floor.
And Recorded Future's threat intelligence podcast, produced in partnership with the CyberWire, is also up. In this episode, "A Healthy Respect for Ransomware," senior information security analyst Lorne Hazlewood from BKD LLP joins the podcast to share his insights on ransomware, where he thinks it’s headed, and what we all can do to best protect ourselves against it.