The CyberWire will be up and running through the current COVID-19 pandemic. Stay healthy and stay in touch.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
EU calls out Russian COVID-19 disinformation. Updates on TrickBot, Parallax. Zoom-bombing, (allegedly) high-minded hoods etc.
The EU’s foreign policy body, the European External Action Service, has called out Russia for systematically pushing disinformation about the coronavirus. “A significant disinformation campaign by Russian state media and pro-Kremlin outlets regarding COVID-19 is ongoing,” a document dated March 16 and obtained by Reuters said. “The overarching aim of Kremlin disinformation is to aggravate the public health crisis in Western countries...in line with the Kremlin’s broader strategy of attempting to subvert European societies.”
Bitdefender reports that TrickBot has a new module designed to brute-force Remote Desktop Protocol (RDP) for selected victims. Still under development, the RDP module seems intended for use against targets in Hong Kong and the US.
Morphisec has released more technical information on the Parallax remote access Trojan (RAT). Parallax has recently figured in coronavirus-themed attacks.
A few bits of criminality we didn't expect, but that retrospectively are fairly obvious, have emerged in this time of plague. First, SpyCloud warns that hoods are sharing instructions in their chat rooms on how to hijack food delivery services, the objective being, of course, free food. Second, with video-conferencing seeing heavy use as people work remotely, TechCrunch reports that "Zoom-bombing" is now a thing. That is, trolling Zoom virtual meetings and sharing unusually repellent violent or pornographic content as your screen, the objective being, of course, the lulz.
And BleepingComputer reports that high-minded criminals say they won't use ransomware against hospitals during the present pandemic. Sez the gangs, but the Register and the Telegraph seem reluctantly moved to skepticism.
Today's issue includes events affecting Canada, China, European Union, Iran, Italy, Democratic Peoples Republic of Korea, Latvia, Moon, Russia, United Kingdom, and United States.
Bring your own context.
"A lot of phishing attacks, if you go from the, not the pre-text, phone call side but from the phishing side, a lot of those attacks are what we call credential harvesting attacks. So it's not to get a malicious payload onto the victim's endpoint; it's to get the credentials. So in those types of attacks of, you know, people adopt, companies adopt these passwordless technologies, then there's no passwords to steal."
The credentials are the goal, not installation of malware (not yet, anyway).
A COVID-19 extra (not cyber-related).
Doctor Rendezvous himself explains how to get through lockdown, quarantine, confinement. Buzz Aldrin, Apollo 11 Lunar Module pilot and alumnus of an Andromeda-strain-style quarantine at the Lunar Receiving Laboratory in Houston has offered us all not so much advice as an example. Ars Technica asked Mr. Aldrin what he was doing to protect himself from the coronavirus. "Lying on my a*s and locking the door," the second man on the moon immediately replied. He also suggested that one might pass the time the way he did, back in the day: watching ants and filling out travel vouchers. There may be some lessons here for telework, or at least for phoning it in. Ars calls Doctor Rendezvous a "national treasure," and what can one do but agree?
Check out CyberWire Pro for timely briefings about developing news.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. Join us April 14 to discover the most common ways organizations unintentionally put themselves at risk. This webinar will also highlight different strategies for mitigating the threats, from Security Information and Event Management (SIEM) tools to employee education. Register for the webinar.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Virtru, as Andrea Little Limbago reflects on insights from her own career path. Our guest is Tom Creedon from LookingGlass Cyber Solutions on cyber conflict in the Asia-Pacific region.
And Hacking Humans is up. In this episode, "Disinformation vs. misinformation," Dave shares the story of a malicious website posing as a Coronavirus map supposedly from Johns Hopkins University, Joe has the story of an elderly woman who lost a lot of money to two men claiming her grandson was in a car accident, the Catch of the Day's dying wish is to give you money to build an orphanage, and later in the show Carole Theriault returns and speaks with Samuel C. Woolley from University of Texas at Austin about disinformation campaigns.