News for the cybersecurity community during the COVID-19 emergency
At a glance.
- Law enforcement increases warnings as COVID-19-themed cybercrime rises.
- Trends in COVID-19 cybercrime: BEC is up.
- Financial services are a currently popular target of cybercrime.
- Zoom loses some big users as it works to up its security game.
- Telework may become an enduring norm.
- Iranian COVID-19 disinformation.
- Syrian domestic COVID-19 phishing.
- MFA and VPN usage is up.
CPO Magazine notes that the US Federal Bureau of Investigation (FBI) has "stepped up its efforts to notify the public" of criminal attempts to take advantage of the coronavirus emergency.
Business email compromise (BEC) attempts now regularly seek to exploit the confusion and improvisation that surround many organizations' response to the pandemic. Trustwave's Spider Labs has an interesting rundown of how some of these scams are shaping up during the state of emergency.
VMware Carbon Black has seen ransomware spike 148% during the pandemic, and ransomware is now routinely accompanied by data theft. Financial services have been heavily affected: by March the sector was targeted in 58% of all attacks.
TechRadar reports that Siemens has joined Standard Chartered Bank in telling its employees to avoid using the teleconferencing service.
Zoom hasn't been idle. In its latest move to shore up security the company has brought in Luta Security to run a revamped bug bounty program, as well as having added more experts to its consulting team.
It's likely that some of the habits being built up now will persist beyond the current emergency. FCW, for one, thinks that a great deal of the surge in telework the US Department of Defense is seeing may well turn into a permanent way of doing business.
Graphika reports that an Iranian threat group, the International Union of Virtual Media (IUVM, a front operation), has been active in pushing the line that the coronavirus had its origins in a US biowar program. "The IUVM operation is significant and manned by a well-resourced and persistent actor, but its effectiveness should not be overstated," Graphika cautions. Their reach has been limited, attracting only around 3000 followers, the Verge notes.
Researchers at Lookout have seen a change in approach on the part of a group that appears to be operated by the Syrian government's domestic security apparatus. It's been active since 2018 at least, and recently it's begun prospecting Syrians with COVID-19 phishbait to induce them to install SpyNote, SandroRat, AndoServer, or SLRat surveillance tools.
More are using MFA and VPN than before the pandemic. See the CyberWire's daily coverage of COVID-19 and cybersecurity for more.