CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news, has a new offering, launching today: CSO Perspectives. This new service—available as both a weekly column and a podcast—features Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, who offers an informed, nuanced perspective on the ideas, strategies and technologies that senior cybersecurity executives grapple with daily. Reevaluating the network defender's core tenets in the face of technological change and threat actors' evolving strategies and sorting through the deluge of marketing claims and buzzwords, CSO Perspectives will inform and challenge readers and listeners to think critically about cybersecurity. CSO Perspectives will also be available in the CyberWire Daily Podcast feed for its inaugural three weeks.
The coronavirus pandemic continues to provide an occasion for criminal hacking, state-directed disinformation, and popular delusions.
Criminal opportunity during the state of emergency.
There's been a general spike in coronavirus-themed attacks as criminals move toward the soft (or at least novel) targets public fear and widespread remote work afford. Both Europol and the US FBI are reporting a significant increase in cybercrime, and other regions are seeing much the same. Cointelegraph reports that the dark web souk Monopoly Market says it will "permanently ban" hoods running COVID-19 scams, but such statements should be received with reservations. Other promises of good behavior by criminals have proven to be largely moonshine, or as SecurityWeek puts it, they've "gained little traction."
Beijing continues to be the prime suspect in various disinformation campaigns that surround the pandemic, as the Express reports, but Russian organs have also been active. Canada's Foreign Minister is the latest to complain, not in so many words, but by clear implication, of Moscow's involvement in pushing bogus information. Digital Journal says that Foreign Minister Francois-Philippe Champagne said, after a NATO meeting, "Certainly this is not the time for a state actor or non-state actor to spread disinformation, at a time when basically humanity is facing one common challenge which is the virus." Researchers at the University of Calgary weren't reluctant to make an attribution, and they're attributing to Russia the campaign NATO discussed.
On popular delusions.
The completely unfounded attribution of COVID-19 to 5G infrastructure continues to gain surprising traction, with the UK for some reason seeming particularly susceptible. The Guardian reports that broadband engineers have received threats, and the vandalism of a Birmingham cell tower seems linked to the meme. The British Government has, Computing says, asked social media platforms to take stronger measures against such misinformation about coronavirus conspiracies.
Some popular delusions may be undergoing amplification by botnets, TechRadar reports, and that suggests some state operators may be using the memes for disruptive purposes.
Zooming through China.
Zoom has acknowledged that it allowed certain calls to be routed through China, and that this was a mistake, according to Yahoo. Zoom's China connections have drawn fresh suspicion and scrutiny, including a US Congressional request for an explanation.
Update: more events move online.
SINET, the Security Innovation Network, hopes to resume its well-known and influential series of conferences with the July 20th Innovation Summit in New York, should the pandemic state of emergency have subsided by then. But SINET has also announced plans for six "virtual Town Hall meetings on what is happening to real people with real pain in their respective industries." The Town Halls will address current challenges and opportunities from the perspectives of CEOs, CISOs, venture capitalists, investment banks, and boards of directors.
The Diana Initiative, which seeks to encourage and support women pursuing careers in information security has also gone virtual. Full details about how this event will be conducted during the pandemic emergency may be found on the organization's site.
And Amazon Web Services has decided to take its 2020 NAB Show online as well.
ZDNet says traffic from more than two-hundred of the world’s biggest cloud hosting providers and content delivery networks was “suspiciously” redirected through Russia's state-owned telecommunications provider Rostelecom. It looks like Border Gateway Protocol (BGP) hijacking, and ZDNet calls Rostelcom “a repeat offender.”
Qihoo 360 reports an operation by DarkHotel that exploits a zero-day in Sangfor SSL VPN servers, widely used by the Chinese government. The targets have for the most part been government agencies in Beijing and Shanghai, and Chinese diplomatic missions in (by ZDNet’s count) some nineteen countries. The researchers call DarkHotel a “[Korean] Peninsula APT gang.”
Researchers at the University of L’Aquila in Italy, Vrije University in Amsterdam, and ETH in Zurich have published research into apps on Google Play, where more than four-thousand apps collect information about other installed applications, and do so without user permission. A follow-on study by the same team showed that such information can be reliably used to develop profiles of the affected users: gender, for example, seems relatively easy to infer.
Other popular Android apps present direct security risks. VPNpro reports that SuperVPN, an application with over a hundred-million downloads, is vulnerable to exploitation for man-in-the-middle attacks. And a study by CyberNews suggests the existence of a group of Android developers who share code in producing risky or fraudulent apps.
Following up a study into SIM-swapping, researchers at Princeton University found that some affected services had corrected the vulnerabilities, but that an alarming number haven’t yet done so. Motherboard summarizes the findings.
Today's issue includes events affecting Afghanistan, Armenia, Australia, Canada, China, Ethiopia, India, Indonesia, Iran, Israel, Italy, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Kyrgyzstan, Malaysia, New Zealand, Norway, Pakistan, Russia, Saudi Arabia, Sweden, Taiwan, Tajikistan, Thailand, Turkey, United Arab Emirates, United Kingdom, United States, Vietnam
Bring your own context.
Observations on "the digital authoritarian playbook" for control of cyberspace.
"So we have these two trends going on, and what it really is showing is just the spread and diffusion of authoritarian digital control of the environment and what the digital authoritarian playbook is. And we have that pretty well-understood, I think, at this point. So if you look at it - and it's not just China, not just Russia. And I think that that's the core message we really want to send. Although China and Russia really are the innovators in this area, their models are spreading. And so the way we look at it, or at least the way I look at it, is focused on the use of cyberattacks for, say, data access, data theft, data manipulation, data dumps, those kind of things that I think this audience is very well familiar with. You've got the hardware and software that they're using as well that can provide either backdoors or other kinds of access and control. You've got the disinformation for controlling the narrative. And, again, you're talking about the coronavirus. We're seeing that very much so right now being an authoritarian tool of choice for controlling the narrative - and, again, not just in China. Iran and others are doing the same."
—Andrea Little Limbago, Chief Social Scientist at Virtru, on the CyberWire Daily Podcast, 4.2.20.
It's a playbook defenders would do well to study.
Healthcare organizations are on the frontline of COVID-19 pandemic. With a huge surge in demand and a massive increase in the volume of communications, the potential for fraud, phishing, and other threats is more severe than ever. Join our webinar on April 29, to hear from Olga Polishchuck, LookingGlass’ Senior Director of Threat Analysis and Investigations on:
- COVID-19 exploitation threats, schemes, and campaigns
- Emerging and ongoing trends that could impact healthcare organizations
- How to remain cyber resilient