Governments continue to seek automated tools to help them get a handle on the spread of COVID-19, and observers worry about the long-term effects these efforts will have on privacy. But there's an equally compelling case to be made that data collection and analysis on a large scale have life-saving potential. As telework assumes vital importance during the COVID-19 pandemic, criminals not only take advantage of new opportunities, new fears, and dramatically expanded attack surfaces, but they themselves also feel the economic pinch. Much of the expanded attack surface the criminals are probing is produced by widespread adoption of remote work tools like Zoom, whose ease-of-use hasn't been accompanied by entirely reliable security. Zoom and its competitors in the space are working to regain public trust. And both disinformation and spontaneously generated misinformation continue to dog efforts to bring the pandemic under control.
Zoom credentials for sale. So are Pakistani mobile users' data. Malwarebytes site spoofed. xHelper update. COVID-19 notes.
The underground souks are seeing a brisk trade in compromised Zoom credentials. Threatpost reports that thousands of them are being actively sold in the black market. The stolen credentials appear to come from various sources, and not from any single breach, nor even from any small set of breaches or data exposures.
According to Business Recorder the personal information of some 115 million Pakistani mobile users is for sale in the dark web. The criminals are asking $2.1 million for the data, which include full names, addresses, mobile numbers, NIC numbers, and Tax numbers. “Database is freshly hacked this week," the hoods are quoted as saying in their come-on.
A malicious domain, hosted in Russia and apparently controlled by criminals, is spoofing a Malwarebytes site in a malvertising campaign designed to infect visitors to the bogus site with the Raccoon information stealer. SC Magazine quotes Malwarebytes' suspicions that the campaign is at least in part criminal payback for the company's efforts against cybercrime. The malvertising is thought to appear to a significant extent on adult websites, not venues in which Malwarebytes would normally be expected to place ads.
Kaspersky warns of the xHelper Trojan, a persistent strain of Android malware that Dark Reading and others have been calling "unkillable." More than 55 thousand devices worldwide are believed to have been infected so far.
BleepingComputer updates its account of extortion campaigns whose victims are told they've been hacked, and that discreditable information will be shared with friends and family. It's scareware.
Today's issue includes events affecting Argentina, Belgium, Brazil, China, Colombia, Costa Rica, European Union, Germany, Guatemala, India, Mexico, Pakistan, Russia, Saudi Arabia, and United States.
Bring your own context.
Why is it apparently so difficult to design in security?
"In the development world, security is not really one of the drivers of the development effort because it doesn't really present a very clear benefit to the user. To us, absolutely, it's a clear benefit, right? To people who think about these kind of things, it's a clear benefit. But if the user wants a new feature - that's really what they're focused on - I think the basic assumption of the user is that the security is built in already and that I'm trusting you to build it. So don't tell me about the security, but I expect it to be secure."
—Joe Carrigan, of the Johns Hopkins University's Information Security Institute, on the CyberWire Daily Podcast, 4.8.20.
We leave it as an exercise for the listener to come up with examples of products and services whose development may have focused on user features while overlooking security and privacy.
CSO Perspectives, now available to CyberWire Pro subscribers.
CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news, launched a new offering this week: CSO Perspectives. This new service—available as both a weekly column and a podcast—features Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, who offers an informed, nuanced perspective on the ideas, strategies and technologies that senior cybersecurity executives grapple with daily. Reevaluating the network defender's core tenets in the face of technological change and threat actors' evolving strategies and sorting through the deluge of marketing claims and buzzwords, CSO Perspectives will inform and challenge readers and listeners to think critically about cybersecurity. CSO Perspectives will also be available in the CyberWire Daily Podcast feed for its inaugural three weeks.
Healthcare organizations are on the frontline of COVID-19 pandemic. With a huge surge in demand and a massive increase in the volume of communications, the potential for fraud, phishing, and other threats is more severe than ever. Join our webinar on April 29, to hear from Olga Polishchuck, LookingGlass’ Senior Director of Threat Analysis and Investigations on:
- COVID-19 exploitation threats, schemes, and campaigns
- Emerging and ongoing trends that could impact healthcare organizations
- How to remain cyber resilient