The CyberWire Daily Briefing, 4.17.20

Dateline

Trump unveils plan to reopen states in phases (BBC News) Guidelines for "Opening up America Again" outline three stages for US states to ease their lockdowns.

UPDATE 1-Czechs warn of imminent, large-scale cyberattacks on hospitals (Reuters) (Recasts with new details on attacks and warning) The Czech Republic warned international allies on Thursday of a imminent wave of disruptive cyberattacks against the country’s hospitals and other parts of its critical infrastructure.

Hospitals On COVID-19 Frontline Facing ‘Double Extortion’ Cyber Threat (Forbes) A new report published by Check Point Research today cautions hospitals regarding the rise of what it refers to as a double extortion cyber threat.

FBI sees spike in cyber crime reports during coronavirus pandemic (TheHill) The FBI has seen a spike in cyber crimes reported to its Internet Crime Complaint Center (IC3) since the beginning of the COVID-19 pandemic, as both domestic and international hackers look to take advantage of Ameri

Google to Gmail users: Coronavirus phishing is targeting you. This is how we hit back (ZDNet) But pandemic means you now can't enroll in Google's Gmail anti-phishing program using a smartphone's security key.

Google seeing 18M malicious emails related to coronavirus daily (CNET) Hackers are using fear and promises of financial incentives to trick you out of vital information and money.

Gmail is blocking 18 million malicious coronavirus emails a day (VentureBeat) Google has intercepted 18 million malicious emails related to COVID-19 each day in the past week, representing nearly 20% of all nefarious messages blocked.

COVID-19 Security Risks (Bricata) Remote work security issues, phishing attacks, scams and videoconferencing harassment campaigns linked to the novel coronavirus that you should know about.

Malvertising Campaign Targeting Internet Explorer Users (Avast) A malvertising campaign used Fallout Exploit Kit to distribute Kpot v2.0 to people using outdated versions of Internet Explorer

Fake COVID-19 medication websites on the rise, stealing money and information (WCNC) Scammers are claiming they have medication to protect against or treat coronavirus.

Better Business Bureau accredited businesses targeted in sanitizer phishing scam (WHNT.com) The Better Business Bureau is normally the organization that warns the public about scams in the area, but its accredited businesses were the ones targeted in the latest sc…

Pandemic Doesn't Alter HIPAA Privacy, Public Welfare Balance (Law360) Eroding the disclosure protections afforded to patients under the Health Insurance Portability and Accountability Act during the coronavirus pandemic would undermine the benefits to society because the aggregate data the public needs is already available, say Habib Ilahi at Stinson and attorney Rachel Rose.

Spotting the Stimulus Check Scams (Tessian) Since the US government announced that citizens who make less than $75K would receive $1,200 checks, we have found that there have been 673 newly registered domains related to the $2T stimulus package.

Imperva Research Labs Finds Attacks on Financial, Food and Beverage Industries Spike Amid COVID-19 Pandemic (BusinessWire) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, published its March 2020 Cyber Thr

A basic wallpaper app dressed up into a COVID-19 info app (Pradeo) We identified a common wallpaper app released since February with several versions is disguising itself as an appl claiming to inform about the Coronavirus

Fever surveillance ‘to become as common as CCTV’ (The Telegraph) Being turned away from events for running a fever might become the 'new normal'

Apple releases mobility data to help combat COVID‑19 (WeLiveSecurity) Apple has released Mobility Trends Reports, which shows how movement trends around the world were impacted by the COVID-19 pandemic since January 13th.

Some experts doubtful enough Americans will get on board with new contact tracing system (WDKY) Going from competitors to collaborators, Apple and Google are launching a Bluetooth contact tracing system for coronavirus cases that some are concerned won't be effective.

Coronavirus: Facebook will start warning users who engaged with 'harmful' misinformation (the Guardian) Users who have liked, shared or commented on posts with false claims will be directed to WHO’s ‘myth busters’ page

Facebook will now warn you if you’ve interacted with fake, dangerous coronavirus posts (ZDNet) The fight against COVID-19 scams, misinformation, and fake cures continues.

COVID-19 outbreak may delay audits for DOD's cyber certification (FCW) The first audits for the Defense Department's unified cybersecurity standard for vendors may be delayed up to a month.

Locked-down investors aim algorithms at chaotic currency markets (Reuters) A new breed of trading algorithms has deftly navigated the turbulence in currency markets caused by the coronavirus pandemic, driving up demand for robots and potentially reshaping the world of foreign-exchange dealing beyond the crisis.

Residential Internet Connections are now Business Connections: What about Security and Compliance? (Akamai) Near-global mandates to stay at home have completely reshaped the internet security landscape. Remote work is the new normal, inverting the traditional office model. Attackers are not relenting as they see opportunity to take advantage of a world with a...

How COVID-19 is driving a wave of innovation (Washington Technology) The COVID-19 pandemic is frightening and stressful but it also has been an engine for collaboration and innovation by the government and the industrial base as former Katharina McFarland, former assistant Secretary of Defense for Acquisition explains.

This pandemic gives you a rare chance to rethink your digital Workplace Strategy (ETCIO.com) Transitioning to a digital culture doesn’t happen just by adopting a few tools. It requires a complete strategy overhaul.

Meet the U.S. Air Force technology that’s empowering its teleworkers (Aerospace America) Aerospace engineers and others will be able to access classified networks from home

Video series: It’s Cybersecurity 101 for all of us working at home (Iowa State University News Service) Maybe your office these days is a laptop in the living room. Or an old desktop in the den. Or a basement setup with a spotty Wi-Fi connection. Or just a phone in your pocket.

Zero trust isn't a temporary band-aid for remote security (CIO Dive) The coronavirus outbreak and the work-from-home model obliterated a secure perimeter. With business data everywhere, zero trust is what's left.

Zoom Hires Security Heavyweights to Fix Flaws (Wall Street Journal) Zoom Video Communications is calling in the equivalent of the cybersecurity cavalry after security lapses that have drawn attention from U.S. authorities and raised concerns with customers.

Zoom Rolls Out New Measures as Security Fears Mount (SecurityWeek) Zoom is rolling out a number of measures meant to stem criticism over how it has handled security as users flock to the video communications system during the coronavirus pandemic.

Zoom to let you report Zoom-bombing attackers crashing meetings (BleepingComputer) Zoom's efforts to improve the video conferencing platform's privacy and security will continue next week with the introduction of a user report feature aimed at helping prevent future zoom-bombing attacks.

Your Zoom videos could live on in the cloud even after you delete them (CNET) Yet another Zoom issue found.

'Not a Safe Platform': India Bans Zoom for Government Use (SecurityWeek) India has banned the use of video-conferencing app Zoom for government remote meetings, the government said, in the latest warning about the platform's security.

Larry Ellison Calls Zoom ‘Essential Service For Oracle’ (CRN Australia) Has nothing but high praise for Zoom Video Communications.

Google's fast-growing Meet video tool getting Zoom-like layout, Gmail link (Reuters) Google will allow business and education users on Gmail.com to directly take calls on its video conferencing tool Meet starting Thursday, a new feature being offered as the Alphabet Inc unit seeks to capitalize on security and other concerns with rival services.

Verizon Buys Zoom Conferencing Rival BlueJeans (Wall Street Journal) The carrier will pay less than $500 million for the Zoom Video Communications rival, part of an effort to bolster Verizon’s business group as it rolls out faster 5G networks and pitches new applications of wireless technology to its largest corporate customers.

Microsoft stock is up because businesses want secure video conferencing, says Robert Herjavec (CNBC) "The use of Teams at the corporate enterprise level is really taking off," the "Shark Tank" investor said on CNBC's "Squawk Alley."

Exabeam CEO On Coronavirus: ‘You Don't Want To Be The Company That Got Somebody Infected’ (CRN) Here’s how Exabeam CEO Nir Polak took on legal, medical and communications challenges after four of his employees who attended RSA Conference contracted coronavirus, one of whom required hospitalization.

U.S. spies probing if coronavirus emerged accidentally from China lab (NBC News) One expert said the theory the virus came from a Wuhan animal market has lost favor in some quarters, in part because an early patient had no market link.

How to Save on Online Services During the COVID-19 Pandemic (The Union Journal) To align business processes with the challenges and restrictions precipitated by the coronavirus pandemic, numerous organizations around the world have switched to the remote workplace model. Therefor

Cybersecurity startups come to the rescue (Sifted) As working from home has become the norm across Europe, it has opened up some gaping holes in companies' cybersecurity. But startups can help.

Cyber Attacks, Threats, and Vulnerabilities

China-linked ‘Electric Panda’ hackers seek U.S. targets, intel agency warns (POLITICO) The warning comes as tensions rise between the U.S. and China over the spread of Covid-19.

MSC confirms website shutdown caused by cyber attack (Lloyd's List) <p>Box line says impact of attack was limited and that no data was lost or compromised</p>

MSC confirms cyber attack but says no data lost | TradeWinds (TradeWinds) Swiss liner giant's response to incident was complicated by coronavirus crisis

Shipping Giant MSC Confirms Outage Caused by Malware Attack (SecurityWeek) Swiss-based global shipping giant MSC has confirmed that the recent outage was caused by a malware attack that affected its headquarters in Geneva

Ingram data breach: Digital content platform hack resulted in theft of publishers’ titles (The Daily Swig) Details remain sketchy

DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs (ZDNet) Hackers compromised Pulse Secure VPNs, stole AD credentials, and are now using the stolen passwords to access internal networks even after companies patched their VPN servers.

Continued Threat Actor Exploitation Post Pulse Secure VPN Patching (CISA) Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations.

You're a botnet, you've got a zero-day, so where do you go? After fiber, because that's where the bandwidth is (Register) Two-step attack seen on core systems

Hackers steal WiFi passwords using upgraded Agent Tesla malware (BleepingComputer) Some new variants of the Agent Tesla info-stealer malware now come with a dedicated module for stealing WiFi passwords from infected devices, credentials that might be used in future attacks to spread to and compromise other systems on the same wireless network.

Hackers could destroy 3D printers by setting them on fire (TechRadar) Hijacking firmware updates could allow an attacker to start a fire, security firm claims

Double Extortion: Ransomware's New Normal Combining Encryption with Data Theft (SecurityWeek) 'Double extortion' is the term given to an evolving ransomware tactic: first steal confidential data, then encrypt the victim's files.

Bad news: So much of your personal data has been hacked that lesson manuals on how to use it are the latest hot property (Register) Cyber-crims bone up on methods for fun and profit, but mainly profit

SentinelOne researcher trolled in new MBRLocker ransomware campaign (ZDNet) Malware was released using the researcher’s name as author, alongside his contact details.

Security Patches, Mitigations, and Software Updates

Windows Defender broken by recent updates, how to fix (BleepingComputer) When performing a full antivirus scan using Windows Defender, a recent definition update or Windows update is causing the program to crash in the middle of a scan.

Cyber Trends

Protecting consumer’s personal data becomes top reason for encryption, global study involving nCipher Security finds (Cambridge Independent) Employee mistakes are now considered the biggest risk to keeping sensitive data safe by IT professional.

Growing Cybercrime Sophistication Inspires New Security Strategies (EnterpriseTalk) Coalfire, a provider of cybersecurity advisory and assessment services, introduced its proprietary Threat Modeling and Attack Simulation (TMAS)

Marketplace

Swimlane Acquires Syncurity (BusinessWire) Swimlane today announced the acquisition of Syncurity Corporation.

Auriga acquires security tech from S21sec (Finextra Research) Auriga, a leading supplier of technological solutions for the omnichannel banking and payments industries, announces the acquisition of Lookwise Device Manager (LDM), a modular security platform and cybersecurity business unit from S21sec, a leading European managed security services player.

Bridgecrew Raises $18M to Help Developers Protect Their Cloud Infrastructure With a Simple Click of a Button (Yahoo) Bridgecrew, a company that makes it simple for organizations to automatically deploy cloud security engineering, today emerged from stealth mode by launching its Codified Cloud Security platform and announcing new funding. Its new, $14 million Series A round was led by global investment firm Battery

Federal government set to invest in Chinese firms called ‘enemies’ (Washington Examiner) Outrage is growing over a plan to invest federal civilian and military pension funds into several Chinese military and communications firms dubbed “enemies” by a who’s who list of retired top brass.

Huawei Chip Unit Orders Up More Domestic Production as U.S. Restrictions Loom: Sources (New York Times) Huawei Technologies Co Ltd is gradually shifting production of chips designed in-house away from Taiwan Semiconductor Manufacturing Co Ltd (TSMC) and towards a mainland Chinese firm in preparation for more U.S. restrictions, sources familiar with the matter said.

Huawei CTO on 5G security and standards (RCR Wireless News) The move from LTE to 5G brings inherent upgrades in security like enhnaced encryption, but the complexities of 5G still alter the cyber attack surface.

Facebook's Libra scales back plans for global digital currency (The Telegraph) Association backed by social network will instead launch multiple virtual coins tied to existing currencies

CloudBolt Announces Appointment of Jeff Kukowski as Chief Executive Officer and Member of Its Board of Directors (Yahoo) Jeff will be responsible for building upon CloudBolt’s continued momentum and scaling the business globally in the growing cloud management platform (CMP) market. According to Gartner, the CMP market is part of the larger cloud management platform and tools (CMPT) market.

Altamira Deepens Leadership Team to Support Continued Strong Growth (West Plains Daily Quill) MCLEAN, Va.--(BUSINESS WIRE)--Apr 16, 2020--

Products, Services, and Solutions

KnowBe4 Launches PhishRIP to Remove Suspicious Emails From Inboxes (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has launched a new...

New tool detects AWS intrusions where hackers abuse self-replicating tokens (ZDNet) New SkyWrapper tool generates Excel spreadsheets so AWS account owners can easily spot compromised tokens.

ZeroFOX's AI-powered platform now includes security for Zoom and Slack (Help Net Security) ZeroFOX has extended its AI powered platform to now include advanced cyberattack protection capabilities for business collaboration platforms.

One Identity Achieves NIAP Common Criteria Certification For Identity Manager 8.1 (One Identity) Certification requires One Identity to meet rigorous security requirements to prove efficacy for many government and enterprise organizations

CertNexus Partners With CyberKnights In An Innovative Approach Towards Cybersecurity Talent Assessment, Development, And Retention (PR Underground) CertNexus and CyberKnights, a product of Rofori Corporation, have partnered to help decrease the growing cybersecurity skills gap while enabling individuals to better prepare for in-demand careers

FireEye : EmergingEd and FireEye Partner to Deliver Online Cyber Security Training (MarketScreener) Interactive virtual training courses make it easy for individuals and organizations to step up their cyber skills from home

Pastebin Made It Harder To Scrape Its Site And Researchers Are Pissed Off (Vice) Pastebin quietly changed its terms and services that allowed researchers to study leaked data, malware, and stolen passwords.

New infosec products of the week: April 17, 2020 (Help Net Security) The featured products this week are from the following vendors: NeuVector, Corsa Security, ZeroFOX, Entrust Datacard, and SentinelOne.

Technologies, Techniques, and Standards

Threat Simulation - Certificate Issues (Active Countermeasures) Intro This article is number 7 of 7 in a series on testing Threat Hunting software to make sure that it’s configured correctly …

Emerging from the Tool Swamp to a Unified AppSec Platform (Contrast Security) Traditional approaches to AppSec rely on a patchwork of disconnected tools and processes that add high levels of friction to the modern SDLC.

What’s Wrong With the Air Force’s ‘Connect Everything’ Project (Defense One) In a new report, GAO watchdogs say officials can’t say how much it costs or if it’ll even work

Forging Ahead in Cyberspace: Empowering Airmen in a Post-COVID 19 World (DVIDS) Before the COVID-19 pandemic began infiltrating every aspect of American life, the 51st Network Operations Squadron was formulating a strategy designed to harness the innate talents of its Cyber Warriors and emerge from the crisis stronger, faster and more capable than ever before.

Design and Innovation

Pentagon Needs Tools to Test the Limits of Its Artificial Intelligence Projects (Nextgov.com) The Joint Artificial Intelligence Center seeks cutting-edge evaluation capabilities to assess what systems can and can’t effectively do.

Research and Development

Academics steal data from air-gapped systems using PC fan vibrations (ZDNet) Israeli researchers use vibrations from CPU, GPU, or PC chassis fans to broadcast stolen information through solid materials and to nearby receives, breaking air-gapped system protections.

Academia

University of Wisconsin-Superior to offer cybersecurity master's degree (Superior Telegram) The new offering is a collaboration among the eight UW campuses.

Legislation, Policy and Regulation

The Cyberspace Solarium Commission on Norms (Council on Foreign Relations) Task force three of the Cyberspace Solarium Commission focused on using norms and non-military tools of state power to secure cyberspace.

What to Make of New U.S. Actions Against Foreign Telecoms (Lawfare) The administration recently took two steps to address risks associated with foreign telecom firms. But there is still much to be done in architecting a broader supply chain strategy.

Sens. Say Work On 5G Standards Hampered By Huawei Regs (Law360) A group of influential Republican senators is pressing the Trump administration to issue regulations confirming that American companies' participation in global efforts to set fifth-generation technology standards is not restricted by tight rules on doing business with Huawei, saying the lack of clarity is only helping the Chinese company.

47 States Have Weak or Nonexistent Consumer Data Privacy Laws (Security.org) Last Updated April 16, 2020 By Gabe Turner and the Security.org Team “It’s like the wild wild west,” Emily Mancini, communications director for New York State Sen. Kevin Thomas (D), says, “for businesses and consumers alike.” A bold comparison, perhaps, but one that’s not altogether incorrect. No, we don’t travel by horseback anymore, but as … Continued

NY Data Security Law Boosts Liability As Cyberattacks Surge (Law360) A New York law that requires companies to fortify their data security programs went live quietly last month, significantly expanding businesses' liability risks and forcing them to take a hard look at how they're protecting personal data at a time when hackers are seizing on the coronavirus pandemic to launch a fresh wave of attacks.

Litigation, Investigation, and Enforcement

Snowden asks to remain in Russia for three more years (TheHill) Former National Security Agency (NSA) contractor and whistleblower Edward Snowden is requesting an extended residency permit in Russia for three more years.

Inter-Continental Agrees To $1.55M Data Breach Settlement (Law360) Inter-Continental Hotels Corp. has agreed to pay $1.55 million to settle a proposed class action in Georgia federal court brought by consumers who claimed the company failed to protect credit and debit card data from hackers.

Words With Friends Gaming Co. Hid Data Breach, Suit Says (Law360) Zynga Inc., the gaming company behind popular social media games Words With Friends and FarmVille, was accused in a proposed class action on Wednesday of failing to tell users about a massive data breach last fall.

Feds Say Film Orgs Can't Sue Over Social Media Visa Policy (Law360) The U.S. Department of State has urged a D.C. federal court to toss film organizations' lawsuit challenging the government's policy of collecting immigrants' social media info on visa applications, saying that the groups can't sue over a policy that doesn't affect them.

3rd Circ. Won't Revive Penn State Worker's Email Privacy Suit (Law360) The Third Circuit on Thursday refused to revive a Pennsylvania State University employee's suit alleging that state investigators illegally accessed her emails as part of now-dropped criminal charges, reasoning in a precedential decision that her constitutional rights weren't violated because the college voluntarily turned over the communications.

Stone Jurors Plea For Protection, Citing Attacks And Threats (Law360) The jurors who convicted Roger Stone last year are urging a D.C. federal judge to reject a right-wing blogger's bid to release jurors' questionnaires, saying the disclosure would only exacerbate the continued attacks and harassment they've been subject to from President Donald Trump and other conservative critics.

US DoD alerts contractors to Electric Panda campaign. CISA warns of AD risk. MSC confirms cyberattack. COVID-19 notes.

At a glance.

Bring your own context.

CSO Perspectives, now available to CyberWire Pro subscribers.