The CyberWire intends to keep publishing on schedule during the coronavirus emergency. Stay healthy and, as always, please stay in touch.
Time changes everything –so does the cloud. Yet, even as the cloud unlocks potential it opens the door to threats. McAfee designs security natively in the cloud, for the cloud. To protect the latest, like containers. To empower your change-makers, like developers. And to enable business accelerators, like your teams. Cloud security that accelerates business, it’s about time. Visit McAfee.com/time.
APT41's global campaign. Attack tool commodification. Coronavirus-themed threats. Russia arrests an alleged carding gang.
Exabeam's Chris Tillett, one of the cybersecurity industry's early COVID-19 sufferers, seems to be on the road to recovery, Good Morning Wilton reports. We congratulate him, and hope his prognosis stays positive.
We'll run periodic cybersecurity community news as it relates to the pandemic in this space for the duration of the emergency.
APT41, the hacking group generally thought to work on behalf of the Chinese government’s intelligence services while it moonlights with financially motivated cybercrime on the side, renewed activity this month after a February lull that corresponded to China’s Lunar New Year holidays. In what FireEye calls "a global intrusion campaign using multiple exploits," the group is targeting vulnerabilities in Cisco routers, Citrix NetScaler/ADC, and Zoho ManageEngine Desktop Central products.
CYFIRMA researchers report that the commodification of attack tools has enabled less capable intelligence services in developing nations to conduct effective cyber operations. And established cyber powers aren’t above using the commodity tools, either. CYFIRMA sees evidence of collaboration between the big operators and both clients and allies-of-convenience.
The Wall Street Journal, noting the patience of both intelligence services and the larger criminal gangs, points out that the “fallout” from coronavirus can be expected to affect cybersecurity for weeks or months after the pandemic abates. Some bad actors won’t wait, and Business World reports that the Philippines’ Department of Information and Communications Technology sees a heightened risk of attacks on hospitals and other healthcare facilities.
In an attempt to inhibit the flow of misinformation about COVID-19, Facebook Messenger may soon limit its users’ ability to mass-forward messages, Naked Security reports.
Here’s something a bit different. In what CyberScoop calls “a rare enforcement action,” Russia’s FSB has arrested twenty-five individuals on charges of running the BuyBest (a.k.a. GoldenShop) carding and PII dark web souk. The FSB has also shuttered BuyBest’s online operations.
Today's issue includes events affecting Australia, Brazil, Canada, Chile, China, Denmark, Finland, France, India, Israel, Italy, Japan, Mexico, Malaysia, NATO/OTAN, Peru, Philippines, Poland, Qatar, Russia, Saudi Arabia, Singapore, Sweden, Switzerland, United Arab Emirates, United Kingdom, United States, and Vietnam.
Bring your own context.
Bad actors have been using third-party file hosting. What's up with that?
"My computer now trusts it. And when we're looking at links in our browsers, we're looking at files we download, we've learned over time that some of those big names in the industry are trustworthy. In fact, quite frankly, they have amazing security teams. They do a really good job at removing things. But all the better for now the actors to put files there for a very short time period, deliver it to a small number of people and abuse that trust.
"And so the simple act of looking in a browser URL bar to see that, hey, that's a major brand I know, and that really is their domain is something that we've taught people. Now we've allowed actors to put their own malicious files on those very domains. And so it's not just an act to make sure the domain is trustworthy. But even just making sure that the person who sent it is really who it should be, making sure it's something you actually expected."
It doesn't have to last forever. Just long enough to make it worth their while.
CyberWire Pro delivers timely briefings about developing news.
Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
Sure, you're probably teleworking. But whether you're telecommuting or doing the usual morning drive, there's no need to miss a good podcast.
Like, for example, today's CyberWire Daily Podcast, out later this afternoon. We speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan talks about stimulus check scams. Our guest is Rachael Stockton from LogMeIn (LastPass), discussing the future of business network access security.
Or here's another one: Caveat is up. In this episode, "Can smart surveillance keep us safe?" Ben and Dave discuss the policy and privacy issues surrounding the global coronavirus pandemic, the Listener on the Line has a question about ZTE bribery and later in the show our interview with Nancy Kim. She is the ProFlowers Distinguished Professor of Internet Studies and Professor of Law at California Western School of Law, and author of several books including Consentability - Consent and Its Limits. Be sure to stick around for that.