The CyberWire Daily Briefing, 4.16.20

Dateline

CDC, FEMA have created a plan to reopen America. Here’s what it says. (Washington Post) FEMA and CDC officials worked on the plan for at least the past week and the resulting document has been discussed at the White House.

For the Foreseeable Future, U.K. Parliament May Meet in Cyberspace (New York Times) Few places are as ill suited to social distancing as the crammed chambers of the House of Commons, which is now looking for a digital alternative.

A pro-Iranian operation has spread coronavirus disinformation across Facebook and Twitter (The Verge) A group called the IUVM is behind the operation.

Nation-state Mobile Malware Targets Syrians with COVID-19 Lures (Lookout) Lookout researchers have uncovered a long-running surveillance campaign tied to Syrian nation-state actors, which recently started using the novel coronavirus as its newest lure to entice its targets to download malware.

How Coronavirus Is Eroding Privacy (Wall Street Journal) Governments are using technology to track and monitor individuals in an effort to slow the pandemic. Privacy advocates are wary, concerned that authorities might not be inclined to unwind such practices after the emergency has passed.

The FBI Is Stepping up Its Public Cyber Security Alerts as Criminals Take Advantage of Pandemic Conditions (CPO Magazine) FBI is issuing more cyber security alerts than usual, covering human trafficking, COVID-19 scams, vulnerabilities in networking platforms and cloud-based business email compromise campaigns.

Bored at home, hackers look at new ways to spread malware: CyberProof (@businessline) Hackers, including cyber-criminals and state-sponsored threat actors around the globe, may be taking advantage of the Covid-19 outbreak to accelerate their activities and spread their own infections.

Amid COVID-19, Global Orgs See a 148% Spike in Ransomware Attacks; Finance Industry Heavily Targeted (VMware Carbon Black) Cyber criminals often exploit fear and uncertainty during major world events by launching cyberattacks. These attacks are often performed with social engineering campaigns leveraging malicious emails that lure victims to install malware that steals financial data and other valuable personal information or, in some cases, turns a user’s computer into a crypto mining zombie. In light of the COVID-19 surge, we looked into attack …

Pandemic adds strain to already vulnerable LatAm bank security systems (S&P Global) The newest threats stemming from the pandemic add pressure to bank security systems in Latin America that have long been considered vulnerable.

COVID-19 Themed BEC Scams (Trustwave) BEC scammers recently started to integrate COVID-19 pandemic themed messages in their email lures. We observed these messages targeting corporate executives and employees. Here is an account of some COVID-19 themed BEC messages that we recently observed and detected.

FBI Alerts to BEC Scams Targeting COVID-19 PPE Supply Procurement (HealthITSecurity) Hackers are targeting those attempting to purchase personal protective equipment (PPE) and other COVID-19-related medical supplies, like ventilators, with business email compromise scams, FBI warns.

Coronavirus misinformation seeds ground for digital scams (Axios) Misinformation and scams are both spiking with the pandemic — and, increasingly, they're intersecting.

Cybercriminals are exploiting fears of the pandemic to steal personal information (CNBC) Experts say measures to contain the Covid-19 outbreak is providing an opportunity for cybercriminals to target unwitting people through email scams.

Mid-Market Alert: How to Avoid COVID-19 Relief and SBA Stimulus Scams (Pondurance) If history has taught us anything, it’s clear that criminals go where the money flows...

Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 (Vice) People who trade in zero-day exploits say there are two Zoom zero-days, one for Windows and one for MacOS, on the market.

More top companies ban Zoom following security fears (TechRadar) Stanchart and Siemens tell staff to avoid video conferencing application

Zoom to revamp bug bounty program, bring in more security experts (ZDNet) Zoom brings in Luta Security to reboot bug bounty program.

Zoom: Here’s When To Use It, And When You Should Avoid It (Forbes) With the world in lockdown during COVID-19, Zoom has been in the headlines nearly every day. Here’s when you should use the video conferencing service, and when to avoid it.

DOD's telework surge could be permanent (FCW) A new emphasis on telework at the Defense Department in response to the COVID-19 pandemic could change work culture at the Pentagon, officials said.

4 Cyberhygiene Practices for Secure Remote Learning (Technology Solutions That Drive Education) Without proper cyberhygiene, school districts are more susceptible to security and privacy attacks.

Iotics warns against relaxing data regulations in rush to combat COVID-19 pandemic (News 9) Digital twins of hospitals offer secure, scalable, insights into ICU resources. Supporting COVID-19 response and recovery efforts.

Covid-19 Heroes: Bajaj Allianz’s digital tools are a gamechanger in contactless era (ETCIO.com) With contactless and cashless initiatives becoming the need of the hour, Bajaj Allianz General Insurance’s innovations have enabled seamless operati..

As hackers ramp up attacks against smaller hospitals, here are 6 tips to protect against them (FierceHealthcare) Hackers are increasingly targeting small hospitals and health centers with ransomware attacks. This trend is particularly concerning since 80% of small practices do not have an in-house security official. Here are best practices to follow to protect your organization.

COVID-19 Cyber Threat Intelligence League fights cybercrime amid pandemic (Public Radio International) Cybercrime has surged in recent weeks. Hospitals, companies and even individuals are targets. That’s where the COVID-19 Cyber Threat Intelligence League steps in.

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic? (KrebsOnSecurity) The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain.

How to manage remote working during a global crisis (Computing) Computing examines the tools and strategies needed to keep the business functioning in extraordinary times, including a rundown of the most popular unified communications and video conferencing solutions

How Company Cultures Dictated Work-from-Home Readiness (Dark Reading) Companies large and small are discovering just how prepared they were for all employees to work remotely

Deloitte and EY Join Rivals in Cutting Pay During Pandemic (New York Times) Global accounting and consulting firms Deloitte and EY said on Wednesday they were cutting pay for partners at their UK businesses by a fifth to protect jobs during the coronavirus crisis, mirroring moves at rivals PwC and BDO.

Raytheon announces pay cuts, furloughs as pandemic cuts into business (Boston Business Journal) The company completed its mega-merger with United Technologies at a particularly tumultuous time.

Google to cut back on hiring, data centers, machines amid COVID-19 fallout (Silicon Valley Business Journal) Google LLC CEO Sundar Pichai told employees Wednesday that he plans to cut back on hiring as the company feels the economic effects of the coronavirus pandemic.

Unicorn layoffs keep piling up as the economy gets worse (TechCrunch) Earlier today a grip of new data presented a sharply negative picture of the American economy. And this afternoon, news broke that a trio of well-known, heavily-backed unicorns were cutting staff. With stocks down as well, we’ve received negative signals from the private market, the public ma…

Verizon Business: Five trends for the post COVID-19 workplace of the future (FierceTelecom) Verizon Business' Sowmyanarayan Sampath sees some emerging trends for enterprises as the industry works its way through the coronavirus pandemic. Some of those trends, such as zero trust security, aren't necessarily new, but Sampath said he sees five emerging trends for the workplace of the future.

Investing in Cybersecurity's Post-Pandemic Future (BankInfo Security) Before the COVID-19 pandemic, venture capitalist Hank Thomas helped launch SCVX, a cybersecurity-focused Special Purpose Acquisition Company. Post-pandemic, Thomas

Yellowbrick Provides Free Access to Its Cloud Data Warehouse for COVID-19 Vaccine Research (BusinessWire) Yellowbrick announced that it is providing free access to its cloud data warehouse, a powerful analytics processing technology, to give researchers an

Kaspersky addresses remote security gaps with new tool (Security Brief) With the new cloud discovery feature, an IT administrator can safeguard compliance with corporate security policies by controlling the unauthorised use of potentially unsecured applications and sites by employees.

Minerva Labs Protects Every Home Computer That Connects to the Organization #65266 (New Kerala) Business World: Minerva Labs Protects Every Home Computer That Connects to the Organization - PETACH TIKVA, Israel: Minerva Labs, a market leader in Endpoint Security solutions, offers a unique solution for home-office workers.

SonicWall Boundless Cybersecurity Platform Swiftly Providing Remote Workforces with Secure Mobile Access, Defense in 'New Business Norm' (PR Newswire) SonicWall today announced a modern Boundless Cybersecurity model designed to protect and mobilize organizations, large enterprises, government...

Offer of Assistance to Governments During COVID-19 (The Cloudflare Blog) During the spread of COVID-19, Cloudflare is offering free services to government agencies around the world to help them stay online and provide essential information to the public.

COVID-19 Update - Virtru (Virtru) To better support organizations hit especially hard by the effects of the COVID-19 pandemic, Virtru is committed to enabling organizations to protect and control their data, everywhere, at all times.

Cyber Attacks, Threats, and Vulnerabilities

Trump administration warns of North Korean cyber threats (TheHill) The departments of Homeland Security, State and Treasury with the FBI on Wednesday issued a joint alert warning of an increase in cyber threats from North Korea.

US issues guidance on North Korean hackers, offers $5M reward (BleepingComputer) The U.S. government has issued guidance on North Korean hacking activity in a joint advisory published by the U.S. Departments of State, Treasury, and Homeland Security, and the FBI.

U.S. Warns North Korean Hacking Threatens International Finance (Bloomberg) Advisory comes as U.S. adversaries seek to leverage pandemic. Among North Korea’s cyber tactics: hacking websites for others.

Advisory Issued to Raise Awareness of Cyber Threat Posed by North Korea (Homeland Security Today) North Korea targets cyber-enabled infrastructure globally to generate revenue for its regime priorities, including its weapons of mass destruction programs.

U.S. Accuses North Korea of Cyberattacks, a Sign That Deterrence Is Failing (New York Times) Through the attacks, a report says, the North steals and launders money, extorts companies and uses digital currencies to gain cash for its nuclear program.

Guidance on the North Korean Cyber Threat (CISA) The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public. The advisory highlights the cyber threat posed by North Korea – formally known as the Democratic People’s Republic of Korea (DPRK) – and provides recommended steps to mitigate the threat. In particular, Annex 1 lists U.S.

How (not) to Report on Russian Disinformation (bellingcat) Whether you’re listening to NPR, watching MSNBC, or reading New York Times, you will likely be barraged with stories about Russian trolls meddling in every topic imaginable. No matter how obscure, it always seems like these formless groups of “Russian trolls” are spreading discord about the topic du jour — Colin Kaepernick, the Parkland shootings,...

Chinese Hackers off to a Busy Start in 2020 With Massive 1Q Cyber Espionage Campaign (CPO Magazine) Chinese hackers are on a massive cyber espionage campaign targeting over 75 organizations throughout the world and using vulnerabilities in various routers and cloud services.

Mining for malicious Ruby gems (ReversingLabs) Typosquatting barrage on RubyGems software repository users

Lampion malware: what it is, how it works and how to prevent it (Infosec Resources) The Lampion malware is spread through emails containing a link that downloads a .zip file with malicious files in it. It’s a banking Trojan...

Siemens Industrial Devices Affected by 'SegmentSmack' Linux Kernel Flaw (SecurityWeek) Siemens says many of its industrial products are affected by the Linux kernel DoS vulnerability known as SegmentSmack

Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat (Dark Reading) Hackers are upping their game, especially as they target mobile devices.

US faces DDoS attacks nearly 4 times more often than China (Atlas VPN) Data acquired by Atlas VPN reveals that the US experienced nearly 4 times more DDoS attacks in March than China.

What’s a 10? Pwning vCenter with CVE-2020-3952 (Guardicore Labs) Guardicore Labs provides a full, detailed technical analysis of the latest vulnerability from VMware - CVE-2020-3952. The bug, which hit the maximal score of CVSS 10.0, allows a malicious actor to take over the complete vSphere infrastructure, with all its machines and servers.

Security Patches, Mitigations, and Software Updates

Intel April Platform Update fixes high severity security issues (BleepingComputer) Intel addressed nine security vulnerabilities with the April 2020 Platform Update, all of them being high and medium severity security flaws impacting multiple software products, firmware, and platforms.

Patch-a-Palooza: More Than 560 Flaws Fixed in a Single Day (Dark Reading) Software vendors keep pushing patches to the same Tuesday once a month, or once a quarter, and the result can be overwhelming. Six enterprise software makers issued patches for 567 issues in April.

Cyber Trends

Fraud Guides Top List of Most Frequently Sold Type of Data on Major Dark Web Marketplaces (Terbium Labs®) New research from Terbium Labs details the damaging data being sold by three dark web big box marketplaces and the associated digital risks that can impact corporations

Review, Refocus, and Recalibrate: The 2019 Mobile Threat Landscape (Trend Micro) In 2019, cybercriminals looked at the malicious mobile routines that worked in the past and adjusted these to make them more sophisticated, persistent, and profitable online and offline.

Machines Protecting Themselves Is The Future Of Cybersecurity (Forbes) Machines protecting themselves is an area noteworthy for its innovative technologies for securing IT infrastructures and the networks that comprise them.

Marketplace

The Devastating Decline of a Brilliant Young Coder (Wired) Lee Holloway programmed internet security firm Cloudflare into being. But then he became apathetic, distant, and unpredictable—for a long time, no one could make sense of it.

Ericsson Beats Out 5G Rivals to Replace BT’s Huawei Gear (SDxCentral) Ericsson beat out rivals in replacing Huawei core network equipment for BT’s ongoing 5G network deployment. The deal follows a recent move by the United Kingdom to limit the use of equipment from China-based vendors in 5G networks.

U.N. Backs Down on Partnership With Chinese Firm for 75th Anniversary (Foreign Policy) The decision comes after U.S. officials and human rights advocates complained that Tencent aids Beijing in surveillance.

BioCatch Closes on $145 Million Investment Led by Bain Capital Tech Opportunities (Yahoo) BioCatch, the global leader in behavioral biometrics, today announced it has completed a $145 million Series C investment led by Bain Capital Tech Opportunities, the growth investing business of Bain Capital. Also joining the round are new investors including Industry Ventures as well as existing shareholders

SafeBreach Raises $19 Million to Expand Channels, Accelerate Product Development (SafeBreach) Experiencing rapid customer growth, the industry’s leading provider of breach-and-attack simulation will use the funding to accelerate the development of new product capabilities and ser…

Atlas AI Raises $7M in Series A Round Led by Airbus Ventures (Via Satellite) Atlas AI, a geospatial intelligence company, has raised $7 million its Series A round led by Airbus Ventures, with participation from Micron Technology and existing investor The Rockefeller Foundation. Also on Tuesday, the company announced that Lewis Pinault, partner of Airbus Ventures, has joined the company’s

Introducing Digital.ai – The First Software Company to Provide End-to-End Intelligent Value Stream Management, Software Delivery, and Application Security in a Unified Platform (BusinessWire) Introducing Digital.ai – First Software Company to Provide End-to-End Intelligent Value Stream Management, Software Delivery & Application Security

This Cloud Software Startup Used By The U.S. Air Force Just Raised $30 Million From VCs And The CIA (Forbes) All no more than age 22, these prodigy entrepreneurs used by the Air Force just scored a $200 million valuation from investors including the venture arm of the CIA.

Onfido, the AI-based ID verification platform, raises $100M led by TPG – TechCrunch (TechCrunch) Contactless transactions have become a major priority at a time when people all around the world are minimising their contact with others outside their households to slow down the often-insidious spread of the novel coronavirus. But if a lot of the consumer focus lately has been on things like paym…

One step closer to bringing digital access to everyone (Onfido) We started eight years ago with our first investment check from Oxford University for $20k.

Motley Fool Live: Okta COO Frederic Kerrest Interview (The Motley Fool) We dive deep into Okta -- with the company's chief operating officer!

Former Google Cloud Executive Joins Virtru to Lead International Operations (Virtru) A cloud industry veteran, Renaud Perrier brings more than 20 years of sales engineering, product management, and partnership development expertise to Virtru.

Aviatrix Names Networking and Security Veterans to Lead EMEA Sales (Yahoo) Aviatrix, the leader in enterprise multi-cloud networking, today announced the appointment of Karl Driesen as vice president of EMEA sales and Ides Vanneuville as senior director of EMEA systems engineering. In their new roles, Driesen and Vanneuville will lead the EMEA sales expansion to accommodate

Ciena adds M&A veteran to its C-suite (Baltimore Business Journal) The executive previously led the $2.7 billion acquisition of Sourcefire while at Cisco Systems Inc.

Zeneth Technology Partners Appoints Jonathan Edwards As Senior Partner And Ryan Marks As Partner And VP Of Technology And Innovation (Yahoo) Zeneth Technology Partners, a top rated and fast-growing cyber security firm providing information technology and cybersecurity services to federal and commercial clients, is proud to announce the addition of Mr. Jonathan Edwards and Mr. Ryan Marks to our organization's key leadership. Our firm has

Products, Services, and Solutions

Zix Launches Secure Cloud to Power the Secure Modern Workplace (Zix Corporation) The Investor Relations website contains information about Zix Corporation's business for stockholders, potential investors, and financial analysts.

Our Team is Your Team — Introducing Dragos Neighborhood Watch (Dragos | Industrial (ICS/OT) Cyber Security) Today we're thrilled to publicly announce Neighborhood Watch, our integrated Managed Threat Hunting program for industrial infrastructure organizations large and small. While the announcement is

Dragos Delivers Critical New Industrial Cybersecurity Network Visibility and Threat Hunting Service (Dragos) Offering developed and refined through two years of work with Dragos Platform customers across multiple industries; addresses cybersecurity skills gap,

EDR Security | Automated Detection & Investigation of EDR Data (Respond Software) The Respond Analyst automates the investigation, scoping and prioritization of EDR alerts into real, actionable incidents. Learn more today.

Respond Software Unlocks the Value in EDR Data with RDA (Respond Software) Respond Software's Respond Analyst now offers analysis support of Endpoint Detection and Response data from Carbon Black, CrowdStrike and SentinelOne.

Cowbell Adds Social Engineering Coverage to Its Cyber Insurance Program (Cowbell Cyber) Cybercrime exploits fear and uncertainty, particularly during times of crisis, warns the World Economic Forum. People are more likely to engage in unsafe online behavior which can end up costing them dearly.

Privva’s Automated Language Translation Improves Speed and Accuracy of Vendor Risk Assessments (BusinessWire) Privva, the leading third-party risk management platform, today announced the addition of automatic language translation features for the popular Shar

Identity Automation Launches Studio Module for RapidIdentity (Identity Automation) Identity and Access Management Company Announces Launch of Enhanced ETL Tool

Meet AttackerKB, Rapid7's Crowdsourced Vulnerability Knowledge Base (SecurityWeek) Rapid7 launched AttackerKB, a community-sourced knowledgebase of the latest vulnerabilities, as an open beta. Its purpose is to provide a central repository of information on vulnerabilities to help defenders understand and triage threats.

Illusive Networks Integrates with Infoblox to Speed Deployment (Zawya) Automated mapping simplifies hostname deception management

Technologies, Techniques, and Standards

The Definitive Guide to Data Protection (Forcepoint) In some ways, the relationship between data security and business performance is a tale as old as business itself.

Home Network Design - Part 2 (Black Hills Information Security) Ethan Robish // Why Segment Your Network? Here’s a quick recap from Part 1. A typical home network is flat. This means that all devices are connected to the same router and are on the same subnet. Each device can communicate with every other with no restrictions at the network level. This network’s first line …

A Brief History of a Rootable Docker Image (Akamai) I've been working with many different honeypot implementations lately - from cowrie and WordPot, to Dionaea and WAPot. To expand on that, I decided to set up a simple docker image with SSH, running a guessable root password. The catch?...

Threat Simulation (Active Countermeasures) Intro This article is number 6 of 7 in a series on testing Threat Hunting software to make sure that it’s configured correctly …

Hackers at the Gates: Is Your Local Government Prepared for a Cyber-Attack? (Lexology) As the COVID-19 pandemic sweeps across the nation, local governments are scrambling to find the resources—in time, money, supplies, and people—to…

Destination, Ransomware: Does Your Cyber-Liability Insurance Cover All the Stops? (Lexology) A recent ruling from the Indiana Court of Appeals may prevent you from recovering ransom paid to cyber-criminals under your insurance policy’s…

Design and Innovation

The key to the nation’s cyber defense? Behavioral analysis (Fifth Domain) National leaders would be wise to listen to the Cyberspace Solarium Commission and consider the benefits of a human and behavior-centric approach to cybersecurity.

Research and Development

DARPA Project Producing Tool to Help Anticipate Military and Industrial Systems’ Cyber Threats (Nextgov.com) The VERDICT tool aims to allow systems engineers to assess cybersecurity even without deep expertise.

Academia

North Dakota students receive national awards, compete in online cybersecurity competition (KX NEWS) Ten North Dakota students received national recognition by the National Center for Women & Information Technology (NCWIT) as well as Valley City State University student, Shane Hitch who was a …

Legislation, Policy and Regulation

BT delays removal of Huawei from EE's core network (BBC News) BT says plans to remove the Chinese-made equipment from the sensitive core network have been delayed.

Analysis | The Cybersecurity 202: Democrats accuse Trump administration of voter suppression in mail ballot fight (Washington Post) They’re calling Wisconsin’s primary the ‘highest form of voter suppression.'

What the Cyberspace Solarium report means for the private sector (Reason.com) The Cyberspace Solarium Commission's report was released into the teeth of the COVID-19 crisis and hasn't attracted the press it probably deserves.

GAO to Pentagon: Practice the Cyber Policies You Preach (Nextgov.com) The Defense Department has yet to fully implement multiple initiatives to improve basic cyber hygiene.

Litigation, Investigation, and Enforcement

Germany arrests 4 IS suspects planning attack on US bases (Military Times) Federal prosecutors said the suspects were arrested by tactical police units early Wednesday at various locations in the western state of North Rhine-Westphalia.

Equifax To Pay Indiana $19.5M To Settle Data Breach Suit (Law360) Equifax has agreed to shell out $19.5 million to resolve the Indiana attorney general's claims that the credit reporting giant put profits ahead of data security in the run-up to a massive 2017 data breach, a sum the regulator said exceeds the payout that nearly every other state received as part of a historic multistate deal announced last year.

Reality Winner wants out of jail because of coronavirus (Atlanta Journal Constitution) A former National Security Agency contractor sentenced to federal prison for leaking classified government information is asking for a compassionate release due to the coronavirus pandemic.

US warns of North Korean hacking. Typosquatting campaign. BT to replace Huawei with Ericsson. COVID-19 notes.

At a glance.

Bring your own context.

CSO Perspectives, now available to CyberWire Pro subscribers.