The CyberWire Daily Briefing, 4.24.20

Dateline

Czechs See Signs Of Russian Role In Cyberattacks As Tensions Remain High (RadioFreeEurope/RadioLiberty) Czech Internet-security experts say some of the malware used in a recent wave of cyberattacks may have links to Russia. The incidents come amid tense relations between Prague and Moscow after a spate of disputes over how the two countries interpret the past.

As contact tracing gains attention, a researcher pokes a hole in Bluetooth technology (CyberScoop) Jan Ruge, a researcher based in Germany, has shown how a hacker could use Bluetooth to execute code on a Samsung Galaxy S10e.

EU warns no compromise on privacy as NHS clashes with tech firms on contact tracing (ComputerWeekly) EU, UK regulators express data privacy concerns days after Silicon Valley giants announce collaboration to prevent the spread of Coronavirus

Reopen Domains: Shut the Front Dorr (DomainTools) Learn how Senior Security Researcher, Chad Anderson, identified coordinated astroturfing when he came across a reddit comment with a number of suspect domains.

These anti-quarantine websites are fakes. Here's what they're really after (CNET) Researchers find that hundreds of "reopen" domain names are being registered at the same time. Many are part of schemes to collect data.

Here's how the far-right coronavirus protest websites are organized (CyberScoop) DomainTools released research Friday that pro-gun activist Aaron Dorr appears to be using widely available software to operate dozens of websites.

NCSC’s New Cyber Service Flags Over 5,000 Suspicious Emails on Day One (CISO MAG) With over 5,000 suspected emails flagged and more than 80 malicious campaigns taken down, NCSC’s Suspicious Email Reporting Service (SERS) is a success on its launch day itself.

Coronavirus: Wuhan lab at centre of conspiracy theory targeted by hackers (South China Morning Post) Cyberattacks also hit WHO and US CDC, with staff email addresses and login credentials reportedly leaked and circulated online, but it’s not clear who was behind it.

China: cyber attacks on anti-pandemic institutions should be condemned (Reuters) China said on Friday that cyber attacks against institutions fighting the coronavirus pandemic should be condemned around the world.

World Health Organization has been the target of significant cyberattacks (TechRepublic) The email addresses of about 450 active employees were leaked online this week along with thousands of others working on COVID-19 response, WHO said.

WHO reports fivefold increase in cyber attacks, urges vigilance (WHO) Since the start of the COVID-19 pandemic, WHO has seen a dramatic increase in the number of cyber attacks directed at its staff, and email scams targeting the public at large.

DOJ Announces Disruption of Hundreds of Online COVID-19 Related Scams (Security) Federal authorities announced that an ongoing cooperative effort between law enforcement and a number of private-sector companies has disrupted hundreds of internet domains used to exploit the COVID-19 pandemic to commit fraud and other crimes.

Phishing spoofs US Federal Reserve to steal online bank accounts (BleepingComputer) Scammers have been sending out emails that impersonate the U.S. Federal reserve and lure recipients with financial relief options through the Payment Protection Program.

30,000 Percent Increase in COVID-19-Themed Attacks (Zscaler) Zscaler ThreatLabZ explores attacks related to COVID-19. Between January and March 2020, there was a 30,000 percent jump in malware related to the pandemic.

New Study Shows Consumers Could Be Vulnerable to COVID-19 Spam (Security Intelligence) Since March 11, IBM X-Force has observed a more than 6,000 percent increase in COVID-19 spam, with lures ranging the full gamut of challenges and concerns facing individuals.

This Phish Uses Skype to Target Surging Remote Workers (Cofense) The Cofense Phishing Defense Center (PDC) recently unearthed a new phishing campaign spoofing Skype, the popular video calling platform that has seen a recent spike in use amid the need to keep employees connected as they work remotely. This phishing attack was found in email environments protected by Proofpoint and Microsoft 365 EOP, landing in end-users’ inboxes.

Want to Find a Misinformed Public? Facebook’s Already Done It (The Markup) While vowing to police COVID-19 misinformation on its platform, Facebook let advertisers target users interested in “pseudoscience”

Zoom and the Problem of Cybersecurity Moral Hazard (Just Security) When companies are insulated from paying the full costs associated with the use of their products, the problem of moral hazard can arise.

UK government told not to use Zoom because of China fears (the Guardian) Security services said last week that videoconferencing tool was vulnerable to surveillance

Zoom Backlash Widens With Daimler, Ericsson and BofA Curbs (Bloomberg) Some of the world’s largest companies have advised against the use of Zoom Video Communications Inc.’s conferencing app, fueling a growing backlash against a service that shot to prominence during the Covid-19 pandemic.

An AIDS activist group's video chat was hijacked by hackers — the latest example of extremist trolls targeting marginalized groups (Business Insider) Extremists are "exploiting this newfound reliance on video-conferencing technology to target certain groups," the Anti-Defamation League CEO said.

Surge in Remote Working Highlights Growing Need for Network Traffic Analytics (Bitdefender Business Insights) As bad actors ramp up phishing campaigns against remote workers, Chief Information Officers (CIOs) across the globe are finding that their employees are using previously undiscovered computing devices daily or weekly.

New Tech Headache for Companies in Post Work-from-Home World: What Happens to all that New Hardware Used by Telecommuters (IAITAM) IAITAM Outlines 3 Steps for Managing Work-from-Home Assets As Workers Go Back to the Office; Avoiding Data Leaks and Wasted Money Will Be Key for Companies and Agencies.

Fifth of UK small businesses concerned about prolonged remote working (ComputerWeekly) Small firms find the potential prospect of indefinite working from home a major challenge to future business

Coronavirus Lockdowns Lead to Surge in Digital Piracy (Wall Street Journal) Films and hit shows such as “Contagion,” and “Tiger King: Murder, Mayhem and Madness” have been huge draws for streaming services in recent weeks, and for illegal websites that host pirated copies.

Child sexual abuse images and online exploitation surge during pandemic (NBC News) With tech companies' moderation efforts constrained by the pandemic, distributors of child sexual exploitation material are growing bolder, using major platforms to try to draw audiences.

Texas Court Pioneers Trial By Zoom In Atty Fee Dispute (Law360) A Texas state court judge charted a new path for trials during the coronavirus pandemic Wednesday when he held a one-day bench trial through videoconferencing service Zoom, overcoming technical difficulties to hear a dispute over roughly $96,000 in attorney fees stemming from an insurance case.

Interest in Telemedicine Grows by 525% Worldwide (Atlas VPN) As quarantine goes on, interest in the "telemedicine" keyword is rising globally. Data compiled by Atlas VPN reveals that in 2020, the interest rate in telemedicine has increased by 525% worldwide.

Stuck at home, UK lockdown DIY fans slammed with Robert Dyas data breach (ZDNet) The hardware store is the latest victim of card-skimmer malware.

Cyber Attacks, Threats, and Vulnerabilities

Shadow Broker leaked NSA files point to unknown APT group (Naked Security) A security researcher claims to have unearthed a previously-unknown APT group after reading the NSA files leaked by the Shadow Brokers in 2016.

Nazar: Old Iran-Linked APT Operation Monitored by NSA (SecurityWeek) A researcher says he has uncovered an APT operation that started over a decade ago and which is referenced in the collection of NSA hacking tools that the Shadow Brokers made public in 2017

Apple disputes recent iOS zero-day claim (ZDNet) Apple says it "thoroughly investigated" a recent report about three iOS Mail bugs but "found no evidence they were used against customers."

“No evidence” that iPhone flaw was used against customers, says Apple (SC Magazine) Apple denies that a flaw in its email app leaves half a billion users vulnerable to hackers

iPhone zero day – don’t panic! Here’s what you need to know (Naked Security) A mobile phone forensics outfit looking into real-world attacks going back more than two years has uncovered two Apple Mail app bugs.

LockBit ransomware borrows tricks to keep up with REvil and Maze (Sophos News) Recently-adopted techniques advance LockBit to a major ransomware player…for now.

Joker's Stash Sells Fresh US, South Korean Payment Cards (BankInfo Security) The notorious carder marketplace Joker's Stash is advertising a fresh batch of 400,00 stolen payment cards issued by both South Korea and U.S. banks, warns

When in Doubt: Hang Up, Look Up, & Call Back (KrebsOnSecurity) Many security-conscious people probably think they’d never fall for a phone-based phishing scam.

Nintendo says 160,000 users impacted in recent account hacks (ZDNet) Nintendo disconnects NNID legacy login system from main Nintendo profiles after massive account hijacking campaign.

Sierra Wireless AirLink ALEOS (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of Sensitive Data 2.

Security Patches, Mitigations, and Software Updates

Google to make verification mandatory for all advertisers (CRN Australia) In bid to make ad practices more transparent.

Cyber Trends

Data Safety for Small Businesses: 2020 Cybersecurity Statistics (The Manifest) Small businesses must evaluate the strength of their data security measures. Most small businesses say they are likely to devote more resources to data safety in 2020.

2020 DevSecOps Community Survey (Sonatype) As the longest and largest running survey of DevSecOps practices in the industry, our 2020 survey had 5,045 respondents from over 102 different countries. Our survey pulls back the curtain on successful DevSecOps practices, significant influences on developer satisfaction, trends in secure coding, and application breaches.

Data breach report (Omnisend) Since 2005, the US has seen over 10 billion data breaches take place. This study has revealed the US companies and States that have had the largest number of data breaches across America. Making up the biggest portion was a 2016 breach of Yahoo! where over 3 billion pieces of data were leaked. At theRead more

Marketplace

We got an exclusive look at the pitch deck security firm ForgeRock used to raise $93 million as COVID-19 broke out (Business Insider) The firm's biggest clients include the BBC and BMW.

Series E Funding Marks a Momentous Day at ForgeRock (ForgeRock) We’ve reached an important milestone at ForgeRock that puts us another step closer to becoming the most important digital identity company in the market.

Chertoff Group Portfolio Company Coalfire Completes Sale to Apax Partners (Chertoff Group) Coalfire, a provider of cybersecurity advisory and assessment services, today announced that its acquisition by Apax Partners has been finalized with full regulatory approval

Mozilla Offers Bigger Rewards for Firefox Vulnerabilities (SecurityWeek) Mozilla has announced some changes to its Firefox bug bounty program, including bigger rewards and accepting duplicate submissions

Gemini Clears New Deloitte Audit in Bid to Appeal to Wall Street (Yahoo) Gemini’s exchange and custody services have cleared yet another systems design check.

How Ann Arbor’s Duo Security went from a two-man operation to a $2.35 billion company (mlive) Duo boasts almost 20,000 clients across the world and hopes to grow that number to more than 800,000 after being acquired by tech giant Cisco for $2.35 billion, Song said. Cisco sought Duo’s expertise in securely connecting its users in various networks.

Secret CSO: Sam Small, ZeroFOX (IDG Connect) Dr. Sam Small serves as the Chief Security Officer of ZeroFOX, helping its customers implement world-class social-media protection programs and supporting ZeroFOX in its role as the innovation leader of digital risk and social-media protection solutions.

Independence Bowl gets new sponsor and new title (WBRZ) The Shreveport, Louisiana-based Independence Bowl will be called the Radiance Technologies Independence Bowl, officials announced Tuesday.

Ross Brewer Joins AttackIQ as a Strategic Advisor Focused on EMEA (BusinessWire) AttackIQⓇ, the leading independent vendor of breach and attack simulation solutions, today announced the addition of Ross Brewer as strategic advisor

Infotrust expands Melbourne operation with new hire (CRN Australia) Justin Flower to help Melbourne push.

New infosec products of the week: April 24, 2020 (Help Net Security) The featured vendors this week include: Trustwave, Amazon Web Services, DefenseCode and Claroty.

Products, Services, and Solutions

RiskAnalytics’ browser extension helps keep data secure from anywhere during COVID-19 outbreak (RiskAnaytics) Coronavirus has quickly forced businesses to switch to remote work, leaving millions of devices vulnerable and causing an uptick in phishing campaigns. Thanks to ShadowNet, companies and remote workers finally have the tools they need to help keep their personal and professional data secure.

Announcing Snyk’s developer-first license compliance management (Snyk) We’re thrilled to announce Snyk’s developer-first license compliance management solution, designed to help you maintain a rapid development pace.

New AttackIQ Emulation Plan Empowers Enterprises to Assess Risks Against APT29 Cyberattacks (BusinessWire) AttackIQⓇ, the leading independent vendor of breach and attack simulation solutions, has released an emulation plan for enterprises to test the effect

HighSide Voice & Video Launches; Delivering a Remote Work Platform Designed for Private, Secure, Compliant Collaboration (PR Newswire) High-integrity security and collaboration leader HighSide, today launched HighSide Voice & Video to enable organizations to work remotely...

HID Global Collaborates with Fidesmo to Expand the Use of Wearables for Access Control and a Wide Range of New Applications (HID Global) HID Global, a worldwide leader in trusted identity solutions, today announced a collaboration with Fidesmo, a provisioning company that makes it possible to connect contactless services to wearables.

Ground Labs Introduces Free Data Discovery Solution, Enterprise Recon NOW (Yahoo) Ground Labs, the global expert in data discovery, today announced the availability of Enterprise Recon NOW, a free, limited standalone version of its industry-leading data discovery solution, Enterprise Recon. As companies transition to remote business models in response to the COVID-19 pandemic, organizations

Malwarebytes Unveils New Privacy VPN Service (SecurityWeek) Malwarebytes launched a new VPN offering that features AES 256 encryption, WireGuard VPN protocol, no logging, and virtual servers in more than 30 different countries.

Cybereason Unveils New Mobile Device Security Offerings (SecurityWeek) EDR firm expands its cyber defense platform to include mobile defense, and introduces a new mobile managed detection and response offering. The intention is to bring visibility and security to all enterprise endpoints.

One Identity Partners with HashiCorp to Bolster DevOps Security (One Identity) Integration of One Identity Safeguard for Privileged Sessions with HashiCorp Vault to secure privileged credentials, sessions within DevOps environments Protects organizations’ critical secrets from security threats and enables them to meet co...

Qualys announces availability of all-in-one VMDR solution (Intelligent CIO Middle East) Qualys has announced the availability of its Vulnerability Management, Detection and Response solution.

KYND releases new Ransomware feature to help businesses reduce their risk of attack (News Anyway) KYND Limited, a provider of pioneering cyber risk management products, unveiled a new ransomware prevention feature that is now available to all KYND ON customers.

Technologies, Techniques, and Standards

NSA, ASD publish advisory for detecting and mitigating web shell malware (Computing) Malicious web shells can evade detection from most security tools, so they are difficult to detect

NSA, ASD Release Guidance for Mitigating Web Shell Malware (CISA) The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying web shell malware, cyber attackers can gain persistent access to compromised networks. The CSI provides techniques to detect—and recommendations to prevent—malicious web shells.

Detect and Prevent Web Shell Malware (NSA | ASD) Cyber actors have increased the use of web shell malware for computer network exploitation. Web shell malware is software deployed by a hacker, usually on a victim’s web server.

Research and Development

Galois seeks to advance trusted computing and cryptography technologies using zero-knowledge proofs (Military & Aerospace Electronics) Zero-knowledge proofs will verify military capabilities without revealing the sensitive details, and enable large, complex proof statements.

Legislation, Policy and Regulation

French Hypocrisy: Fines Google For Being Soft On Privacy; Now Angry That Google Won't Let It Spy On Users (Techdirt.) We keep trying to explain to people that privacy is always about trade-offs, and arguing for privacy laws that protect "privacy" as if it's a constant thing, will run into trouble. Most of that trouble is in the form of locking in big...

AI and Algorithms: FTC Issues Guidance for Companies Amid Heightened Scrutiny (Cooley) Even before the COVID-19 crisis, artificial intelligence and algorithms, particularly in the context of pricing, were a focus of the Federal Trade Commission and the Department of Justice’s Antitru…

No election security funding in latest round of stimulus funding (CSO Online) Doubts raised about funding for 2020 election security and mail-in voting as money omitted from the latest stimulus bill.

DoD sees CMMC as new way to monitor supply chain, spot shell companies (Federal News Network) DoD says CMMC certifications will require an in-person visit by a third-party auditor, partly to make sure the company being certified really exists.

Academics sign petition against rollout of Taiwanese electronic ID card (ZDNet) Government says it is safe but over a hundred experts have called for the creation of data protection laws first.

Litigation, Investigation, and Enforcement

Analysis | The Cybersecurity 202: There's finally a Supreme Court battle coming over the nation’s main hacking law (Washington Post) Narrowing the law would be a huge win for cybersecurity pros.

Federal authorities put on notice for reported data breach of 115m mobile phone users (DAWN.COM) Petitioner says millions of citizens' personal data is at stake, asks for a formal inquiry.

'I am Nisha Jindal, and I am in police custody': Indian man arrested for fake Facebook profile using a Pakistani model's photo (Gulf News) India: The man had been running multiple fake Facebook account since 2012

Update on iOS 0-days. A ShadowBrokers' unremarked effect. NSA/ASD joint guidance on web shell malware. Notes on COVID-19.

Bring your own context.

CSO perspectives: stay-at-home edition.