The CyberWire will be up and running through the current COVID-19 pandemic. Stay healthy and please stay in touch.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
CISA explains critical sectors. COVID-19 disinformation. Fraud and spoofing. Fancy Bear is back.
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, CISA, has issued guidance for how organizations should consider organizing their work (and employees) during the present COVID-19 emergency. CISA stresses that the recommendations are advisory in nature, but they do suggest how organizations might decide who needs to report, physically, to the job and who might work remotely. They also suggest ways of arranging workplaces and work schedules to “reduce the likelihood of spreading the disease.” A number of the jobs the recommendations discuss are directly concerned with cybersecurity. As the Voice of America and others point out, the risk of cyberattack rises with the incidence of telework.
Iran appears to have suffered particularly badly from COVID-19, with an acknowledged 17,361 cases, 1135 of which have proven fatal, Foreign Policy reports. The Islamic Revolutionary Guard Corps has mounted a domestic influence campaign to place responsibility for the pandemic on its two usual suspects: the US and Israel.
Some of the fictions circulating about the pandemic are disinformation, others promote fraud, while still others are popular bits of misinformation. Tenable has a rundown of fake cures, phony government statements, and simple panicky mistakes (often amplified by fearful conspiracy theories). IBM has found one set of hoaxed communiques that pretend to be from the World Health Organization--they’re vectors for HawkEye malware.
Trend Micro reports that APT28 (whom you may recognize as Fancy Bear, Russia’s GRU) is using previously compromised corporate email accounts to spearphish for credentials in the defense sector.
Today's issue includes events affecting Brazil, Germany, Iran, Israel, Russia, United Kingdom, and United States.
Bring your own context.
So many breaches seem to happen because of misconfigured databases. Why should this be?
"Now, object stores by their very nature in the cloud are meant to be easily accessible because accessing that unstructured data, obviously, is very common. What happens is, those buckets - whoever sort of set it up thought, well, this is a database that contains sensitive information; I'm going to make it private. Months pass, and someone says, you know that database backup? We're going to run some analytics, so it would really be great to, you know, sort of get access to that backup. And so they flip it open - should probably only be kept open for - I don't know - the hour or so that... mere moments. And there it stays. And that is called configurations drift. So you start off with a security posture that is quite good. You will apply best practices. But over time, things get opened up for one reason or another, and they're never flipped back to their proper state."
Get the drift?
CyberWire Pro delivers timely briefings about developing news.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. Join us April 14 to discover the most common ways organizations unintentionally put themselves at risk. This webinar will also highlight different strategies for mitigating the threats, from Security Information and Event Management (SIEM) tools to employee education. Register for the webinar.