The CyberWire Daily Briefing, 4.23.20

Dateline

Nation-backed Hackers Tune Attacks to COVID-19 Fears: Google (SecurityWeek) Google warned that nation-backed hackers are exploiting the coronavirus pandemic to target health care organizations and those working to fight the pandemic.

Findings on COVID-19 and online security threats (Google) Google’s Threat Analysis Group works to identify new online security threats. Today we share our latest findings in relation to COVID-19.

COVID-19 Disinformation: The Best Offense is a Good Defense (Inkstick) Since the COVID-19 crisis began, disinformation campaigns launched by Russia, China, and Iran have stirred up considerable anxiety among American policymakers.

The anti-quarantine protests seem spontaneous. But behind the scenes, a powerful network is helping. (Washington Post) The protests erupting over coronavirus restrictions are often coordinated and backed by longtime conservative activists, whose organizations were built with funding from Republican megadonors.

Who’s Behind the “Reopen” Domain Surge? (KrebsOnSecurity) The past few weeks have seen a large number of new domain registrations beginning with the word “reopen” and ending with U.S. city or state names.

Twitter will remove dubious 5G tweets ‘that could potentially cause harm’ (TechCrunch) Ever since it first started rolling out, 5G skeptics have attempted to link the next-gen cellular technology to all manner of health issues. Most recently, it’s become an easy scapegoat for the global COVID-19 pandemic, given the rapid rise of both. Conspiracy theories have gained such a foothold t…

Facebook and Instagram will now show location of posts from high-reach accounts targeting US audiences (TechCrunch) Facebook today is introducing another feature aimed at making it easier to see who’s behind the posts published across Facebook and Instagram. The company says it will now display the location of the Facebook Page or Instagram account with a large audience on every post it shares, so end user…

Team Trump Turns to Peter Thiel’s Palantir to Track Virus (The Daily Beast) Palantir, a longtime partner of intelligence agencies, co-founded by major Trump backer Peter Thiel, is helping build “the single source for [coronavirus] testing data.”

Questions that still need to be asked as governments tap tech to contain coronavirus (ZDNet) Some compromise in personal privacy has been deemed necessary in countries such as Singapore, Taiwan, and South Korea that have turned to technology to aid in contact tracing and movement monitoring, but there are questions citizens should still ask to protect their cyber wellbeing.

[Letter from Senator Markey to Vice President Pence] (United States Senate) Dear Vice President Pence: I write to urge you to design and implement a comprehensive strategy for COVID-19 contact tracing in the United States.

Update with Covid-19 Tracing App index of 40 apps; will these apps result in permanent loss of privacy? (SC Magazine) Unless we believe that the coronavirus threat is permanent then the public interest test to allow Covid-19 tracking apps surveillance capabilities is only passed for so long as the threat remains.

Machine learning could check if you’re social distancing properly at work (MIT Technology Review) Andrew Ng’s startup Landing AI has created a new workplace monitoring tool that issues an alert when anyone is less than the desired distance from a colleague. Six feet apart: On Thursday, the startup released a blog post with a new demo video showing off a new social distancing detector. On the left is a…

FBI reports rise in coronavirus cyber complaints (Fifth Domain) The FBI has received thousands of complaints regarding scams and frauds related to the virus, according to Assistant Director Matt Gorham.

Cyberattackers Ramp Up to 1.5M COVID-19 Emails Per Day (Threatpost) Research analyzing three months of coronavirus-themed attacks show cybercriminals adjusting threat levels to evolve with pandemic and typical employment trends.

Studying How Cybercriminals Prey on the COVID-19 Pandemic (Unit42) Cybercriminals are preying on consumers by creating new coronavirus-related domain names to launch scams and attacks.

Analysis | The Cybersecurity 202: Coronavirus has sparked a global war between scammers and defenders (Washington Post) Law enforcement and tech companies are struggling to keep up.

NCSC overwhelmed by response to coronavirus campaign (ComputerWeekly.com) The UK’s NCSC has taken down over 80 malicious web campaigns and received 5,000 reports of suspicious emails within 24 hours of launching a new reporting service

With pandemic, NGA is pushing more work to the unclassified level (C4ISRNET) To mitigate the threat of COVID-19 to their workforce, the National Geospatial-Intelligence Agency is making it easier for its employees and contractors to work from home.

Balancing security and operations in a new era of telework (Fifth Domain) To manage growing bandwidth requirements and the massive influx of data flows, future security models must shift the focus from network security to data security.

Zoom releases 5.0 update with security and privacy improvements (The Verge) Zoom responds to complaints with a new update.

What you need to know about Zoom’s latest big security update (Silicon Republic) Following criticism of its security features, Zoom is set to roll out a major update that will include stronger encryption.

Flaw Could Have Allowed Hackers to Identify All Zoom Users in a Company (SecurityWeek) A vulnerability in Zoom’s video conferencing service could have been abused to enumerate all of the registered Zoom users within an organization

Vulnerability Spotlight: Zoom Communications user enumeration (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

NHS doctors told not to use Zoom for video calls with patients (The Telegraph) Exclusive: Trusts responsible for more than 3 million patients ban video calling tool over security concerns

Proposed Class Complaint Against Zoom Video Tests Newly Enacted California Consumer Privacy Act (Lexology) Zoom Video Communications, Inc. (“Zoom”) has seen substantial growth during the novel coronavirus (“COVID-19”) pandemic, with Zoom’s stock rising more…

Here's why Zoom fatigue is real (Axios) We're using it for everything, and it's not very natural.

COVID-19 shelter-in-place orders are magnifying cybersecurity flaws (San Francisco Business Journal) Bay Area companies are being used by cyber attackers to prey on corporate America’s rapid scramble to create a fully remote shelter-in-place workforce.

Health leaders' credentials dumped online (BBC News) According to the group that discovered the list, they are being shared by right-wing extremists.

Billion pound support package for innovative firms hit by coronavirus (SC Magazine) £1.25 billion government support package to help UK businesses driving innovation and development through the coronavirus outbreak - critical to support UK's strong cyber-security innovation ecosystem.

Got your PPP check? Congrats, now get ready for intense federal scrutiny (Washington Business Journal) An unprecedented amount of money is being siphoned to businesses for one sole purpose: to keep workers off the unemployment lines.

Small business advocates fear many will be left out of new PPP funding (Washington Business Journal) Some business groups say the loan program is heavily tilted toward larger businesses.

Scammers are now taking advantage of US small business relief fund in phishing emails (ZDNet) New campaigns are capitalizing not just on coronavirus fears but also on the outbreak’s financial ramifications.

Phishers exploiting employees' layoff, payroll concerns (Help Net Security) Two new phishing campaigns are delivering fake "Zoom meeting about termination" emails and fake notifications about COVID-19 stimulation/payroll processing.

Can behavioural analytics calm the insider threat pandemic perfect storm? (SC Magazine) 58% of organisations say their ability to monitor, detect and respond to insider threat is only somewhat effective, not so effective or not at all effective. Only 12% thining they are extremely effective.

Covid-19 Offer — TWOSENSE.AI (TWOSENSE.AI) In response to the unprecedented increase of remote and work-from-home workers due to the COVID-19 crisis, we are taking proactive steps to provide companies across the globe with the tools necessary to enable their employees to be immediately productive as they work remotely while ensuring that company resources and data stay protected.

Work From Home: Free Cybersecurity Software Offers, Extended Trials (MSSP Alert) A list of free cybersecurity software tools, cloud & SaaS offers to assist MSSPs with Work From Home (WFH) shifts amid coronavirus (COVID-19) pandemic.

Our WFH capability allows for comprehensive duplication of office capabilities: Surendra Singh, Country Manager, Forcepoint - Express Computer (Express Computer) Cybersecurity firm, Forcepoint, has a holistic plan for business continuity, that allows the firm to replicate office like capabilities for all its staff from sales, professional services, technical support, core operations, and product engineering teams, states Surendra Singh, Senior Director & Country Manager at Forcepoint

Live Hacking Goes Virtual (HackerOne) At a time when security must be managed remotely, HackerOne and Verizon Media called on the naturally remote and global community of skilled hackers and engaged them in a 13-day virtual event to find and disclose vulnerabilities in digital assets.

Cyber Attacks, Threats, and Vulnerabilities

COVID-19 cyber espionage saw Chinese ministry targeted by Ocean Lotus: FireEye (ZDNet) Spear phishing campaign out of Vietnam went after information related to coronavirus, security firm says.

Vietnam alleged to have hacked Chinese organisations in charge of COVID-19 response (Register) Apparently everyone's cyber-spooks are mad for this right now

Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage (FireEye) APT32 carried out intrusion campaigns against Chinese targets likely to collect intelligence on the COVID-19 crisis.

Vietnam says accusations it hacked China for virus information 'baseless' (Reuters) A report which said Vietnamese government-linked hackers had attempted to break into Chinese state organisations at the centre of Beijing's effort to contain the coronavirus outbreak is "baseless", Vietnam's foreign ministry said on Thursday.

Microsoft 365 Hackers Hit Private Equity In New Million Dollar Heist: Here’s How It Works (Forbes) It reads like a movie script—a new report has just exposed the real-life "Hustle" of a sophisticated cyberattack against multiple PE firms, with millions at stake.

IR Case: The Florentine Banker Group (Check Point Research) by Matan Ben David Inroduction On December 16 2019, Check Point’s Incident Response Team (CPIRT) was engaged by three firms in the finance sector to investigate fraudulent wire transfers sent from their joint bank account. Four separate bank transactions attempted to transfer 1.1M GBP to unrecognized bank accounts. Emergency intervention with the banks allowed for... Click to Read More

Flaw in iPhone, iPads may have allowed hackers to steal data for years (Reuters) Apple Inc is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.

Researchers Say They Caught an iPhone Zero-Day Hack in the Wild (Vice) The attack shows, once again, that iPhones can be hacked. But there’s no reason to panic yet.

ESET takes down VictoryGate cryptomining botnet (ZDNet) More than 35,000 computers believed to have been infected, according to ESET's sinkhole data.

Following ESET’s discovery, a Monero mining botnet is disrupted (WeLiveSecurity) ESET researchers have discovered a botnet that they named VictoryGate and that spread to 35,000 devices in Latin America via malware-laden USB drives. The researchers also subsequently led an international effort that disrupted the botnet.

Porn scammers making $100,000 a month from sextortion emails (Naked Security) SophosLabs worked through five months’ worth of “porn scam” emails and followed the money. Learn what they found…

2.5M credit card records belonging to transaction firm PAAY exposed online - SiliconANGLE (SiliconANGLE) 2.5M credit card records belonging to transaction firm PAAY exposed online - SiliconANGLE

Kinomap Suffers Data Breach; Exposes 42 Mn User Records (CISO MAG) Researchers at vpnMentor found an open database, belongs to fitness tech company Kinomap, exposing 42 million records including personal identity data for at least a month.

309 million Facebook users’ phone numbers found online (Naked Security) First, 267m records were exposed & sold for 0.0002 cents each on the Dark Web. It was taken down but got reposted with yet more records.

Hackers target Robert Dyas to steal customers' payment card details (Computing) The firm says it became aware of the breach on 30th March 2020

Pharming explained: How attackers use fake websites to steal data (CSO Online) A pharming attack aims to redirect victims’ web traffic away from their intended destination to a website controlled by threat actors to harvest information and spread malware.

WhatsApp 'free beer' text is a boozy phishing scam designed to steal your private info (The Irish Sun) IGNORE a WhatsApp text offering free beer from Heineken – because it’s a total scam. The message promises four free beer kegs for filling in a survey, but handing over your info is pointless.…

Security Patches, Mitigations, and Software Updates

Microsoft Issues Out-Of-Band Security Update For Office, Paint 3D (Threatpost) The flaws exist in Autodesk's FBX library, integrated in Microsoft's Office, Office 365 ProPlus and Paint 3D applications.

Cyber Trends

The State of Ransomware in the US: Report and Statistics for Q1 2020 (Emsisoft | Security Blog) In Q1 2020, the number of successful ransomware attacks on the US public sector declined significantly. This report examines the numbers and the reasons.

Ransomware is now the biggest online menace you need to worry about - here's why (ZDNet) Ransomware attacks have overtaken credit card theft as the top form of cybercrime according to new data.

Aligning the user data that websites and apps collect with what consumers expect (Nieman Lab) Consumers are relatively comfortable with their data being collected to offer a safer, more customized experience. But selling that data or reusing it for targeting on other sites? Not so much.

Marketplace

Randori Announces $20M in Series A Funding, Expands Market's Vision for Continuous Red Teaming (PR Newswire) Randori, creators of the world's first automated attack platform, today announced a $20 million Series A funding round led by Harmony Partners,...

Cynet Issues Incident Response Challenge to IR Professionals (PRWeb) Incident Responders Challenged to Match Their Skills Against Colleagues in First of its Kind Contest with $5,000 Prize

Lewis Brisbois Nabs Privacy Pro From UK To Boost US Group (Law360) The head of the privacy and cybersecurity practice at U.K.-based law firm TLT LLP has made the jump back to the U.S. to join Lewis Brisbois Bisgaard & Smith LLP, where he'll continue to help a range of companies navigate constantly evolving cyberthreats and an emerging patchwork of global privacy laws.

Products, Services, and Solutions

IDS Update (Bricata) A nextgen IDS solution should provide multi-threat detection capabilities, threat hunting, and easy deployment and management – does yours measure up?

CYSEC wins European Space Agency contract to protect ship tracking communications from cyber threats (Cysec Systems) CYSEC SA, a cybersecurity company from Switzerland has been awarded a contract by the European Space Agency (ESA) to develop a solution mitigating the cyber risks related to ship tracking using satellite communications.

vArmour and Digital Shadows Partnership Enables Actionable Defense with Threat Intelligence (Globe Newswire) Partnership combines Continuous Application Relationship Management and Threat Intelligence to enable Attack Chain Monitoring and Defense in Public Cloud

Technologies, Techniques, and Standards

Air Force works to ‘mitigate’ Ligado deal’s impact on GPS (C4ISRNET) Gen. David Goldfein and other Pentagon officials are

Getting Started With ROT Obfuscation (Black Hills Information Security) Hello, my name is John Strand. In this video, we’re going to be talking about ROT or rotate. Why exactly are we talking about one specific thing? Well, this particular video is used with our Cyber Range that we’re establishing at Black Hills Information Security and it’s very common when you’re pentesting or you’re doing …

A carrot-and-stick approach to fixing cyber security complacency (ComputerWeekly.com) With a majority of IT decision-makers holding the opinion that their employers are complacent when it comes to data protection, we look at what needs to be fixed, and how to fix it.

Design and Innovation

Making Pages and Accounts More Transparent (About Facebook) We want to make sure people understand who is behind the posts they’re seeing on Facebook and Instagram.

Let's be realistic about our expectations of AI (Help Net Security) Leveraging AI in security for realistic results is the next frontier. In security, providers have a lot to gain from the advent and implementation of AI.

Why 47,000 Microsoft developers are generating 30,000 bugs a month (ETCIO) At Microsoft, 47,000 developers are generating nearly 30,000 bugs a month and these vulnerabilities get stored across over 100 AzureDevOps and GitHub ..

Leaked pics from Amazon Ring show potential new surveillance features (Ars Technica) Amazon wouldn't be the first consumer company to do it, but it would be the biggest.

Legislation, Policy and Regulation

NATO Has a New Weak Link for Russia to Exploit (Foreign Policy) North Macedonia just became NATO's newest and weakest member. That makes it a ripe target for interference.

Ministers plan to give more UK public bodies power to access phone data (the Guardian) Expansion of ‘snooper’s charter’ would allow more authorities to access web browsing histories

Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and many more (Register) Extraordinary surveillance powers set to be injected into govt orgs

Cyber policy suggestions for Pentagon could be implemented this year (Fifth Domain) A co-chairman of the Cyberspace Solarium Commission is targeting the annual defense policy bill for about one-third of the commission's recommendations.

Litigation, Investigation, and Enforcement

Crown Sterling and Black Hat settle lawsuit, promise to never speak of it again (CyberScoop) A security vendor slap fight has ended with a settlement and the promise that it will erased from both parties' collective memories.

Stemming The Rising Tide Of Biometric Privacy Class Actions (Law360) To date, companies have had few ways to respond to claims they violated the Illinois Biometric Information Privacy Act, but two recent opinions demonstrate that a new defense has emerged as a potential game changer — preemption, say Jeffrey Rosenthal and David Oberly at Blank Rome.

Texas AG Paxton Says Google Probe Progressing (Law360) Texas Attorney General Ken Paxton gave an update about the ongoing multi-state antitrust investigation into Google in comments made public Wednesday and also called for more regulation of large technology companies that collect vast amounts of user data.

Cyber Standards Group Denied Atty Fees In Antitrust Suit (Law360) A California federal judge has denied a cybersecurity standards group's bid for attorney fees and costs after quality testing company NSS Labs dropped its antitrust suit against the group and its members Symantec Corp. and ESET LLC.

Notorious dark web child abuser arrested after int'l operation (HackRead) The dark web pedophile was known for uploading highly graphic child abuse content on several online forums.

Vietnam calls APT32 allegations "baseless." The Florentine Banker gang. iOS zero-days. VictoryGate sinkholed. COVID-19 notes.

At a glance.

Bring your own context.

CSO perspectives: stay-at-home edition.