The CyberWire will continue publishing normally through the disruptions COVID-19 is imposing in the US and elsewhere. We wish all of you health and good fortune amid the hardship. Stay safe, and you can continue to rely on us for a summary and analysis of what's up in cyberspace.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Technical issues disrupt UK mobile carriers. Remote work security. Money mules. HHS incident.
An outage, described as a "technical issue," not an attack, has disrupted voice service in four British mobile carriers--O2, Three, Vodafone and EE--inconveniencing many who were depending on service for remote work, the Telegraph reports.
One consequence of the pandemic-driven spike in remote work is that many of the norms that inform behavioral anomaly detection may need re-evaluation and revision. Duo Security's Decipher blog points out that people will work at unusual times and unusual places. Or they may fumble VPN access or unfamiliar multifactor authentication to such an extent that multiple login attempts will no longer indicate that some form of credential-stuffing or brute-force attack is in progress.
Another consequence of economic hardship occurring in tandem with telecommuting is an increase in the number of people being recruited as money-mules, KrebsOnSecurity reports. One of the larger operations Krebs describes, the "Vasty Health Care Foundation," strikes a high-minded tone about connecting causes with providers, tells prospective mules they're "hired," assigns busy work, and then has them "process donations"--that is, launder money.
The consensus about the incident the US Department of Health and Human Services experienced Sunday and Monday is now relatively firm: it probably wasn't an attack at all, and clearly the Department's operations didn't suffer. Some think that it might not even have amounted to a probe or a preliminary distributed denial-of-service attack. It might have been an unusually large number of visitors looking for reliable information on COVID-19, or even an artifact of the Department's Drupal instance.
Today's issue includes events affecting China, France, India, Israel, Democratic Peoples Republic of Korea, Malaysia, South Africa, Syria, United Kingdom, and United States.
Bring your own context.
Observations on corporate training for security positions.
"What we hear from employers is that not only is it costly, but it's impossible to tie the training or the career development opportunities that they give to staff back to what they're actually doing in their employment spaces. So it's being utilized as a retention tool in many cases, and there are things that are effective as retention measures, but it's not actually meeting the organizational need to have qualified people in those positions. So there's a gap in the return on investment in the expenditure you make on employer programs, especially in security training, and what that means when you bring them back into the workplace."
—Simone Petrella, CEO and founder of CyberVista, on the CyberWire Daily Podcast, 3.16.20.
So training as it commonly appears may be more about employee retention than it is about employee development.
Check out CyberWire Pro for timely briefings about developing news.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. Join us April 14 to discover the most common ways organizations unintentionally put themselves at risk. This webinar will also highlight different strategies for mitigating the threats, from Security Information and Event Management (SIEM) tools to employee education. Register for the webinar.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan describes some limitations of two-factor authentication mobile apps. Our guest is Johnnie Konstantas from Oracle, on cloud misconfigurations and shared responsibility in the public cloud.
And Caveat is up. In this episode, "Dressing for privacy," Ben shares a story about dressing for privacy, Dave has the tale of location data putting an innocent man at the scene of a crime. And we speak with Admiral (retired) James Stavridis, former Supreme Allied Commander Europe.