The CyberWire Daily Briefing, 5.1.20

Dateline

Top intel agency rules out 'manmade' theory of coronavirus origins (POLITICO) But the intelligence community is still investigating whether the virus may have accidentally leaked from a Chinese laboratory.

Intelligence Community Statement on Origins of COVID-19 (Office of the Director of National Intelligence) The Office of the Director of National Intelligence today issued the following Intelligence Community (IC) statement: “The entire Intelligence Community has been consistently providing critical support to U.S. policymakers and those responding to the COVID-19 virus, which originated in China. The Intelligence Community also concurs with the wide scientific consensus that the COVID-19 virus was not manmade or genetically modified.

EU Demands End to Coronavirus Cyberattacks (SecurityWeek) The European Union on Thursday accused unnamed parties of exploiting the coronavirus pandemic to launch cyberattacks on infrastructure and healthcare services

As Putin Seeks to Reinvent History, Russia-Czech Relations Hit a New Low (Foreign Policy) Three Prague officials are under police protection following reports of a poison plot.

Here We Go Again: Russia Gears Up to Interfere in 2020 Election With Coronavirus Disinformation (Foreign Policy) A campaign linked to Russia aims to manipulate this year's elections in the United States and Europe. Trump needs to let the intelligence professionals do…

Covid hoaxes are using a loophole to stay alive—even after content is deleted (MIT Technology Review) Pandemic conspiracy theorists are using the Wayback Machine to promote "zombie content" that avoids content moderators and fact-checkers.

Google 'Task Force' Fights Bad COVID-19 Ads (SecurityWeek) Google said Thursday its task force devoted to fighting "bad" ads hawking bogus coronavirus cures, illegitimate unemployment benefits and overpriced medical supplies had blocked tens of millions of messages.

Trump’s Disinfectant Talk Trips Up Sites’ Vows Against Misinformation (New York Times) Facebook, Twitter and YouTube have declined to remove the president’s statements about unproven coronavirus treatments.

Schiff to Google and Twitter: Please be more like Facebook when it comes to coronavirus misinformation (CNBC) Facebook said it would notify users if they had engaged with a post that had been removed for including misinformation about Covid-19.

The Inevitable Coronavirus Censorship Crisis is Here (Matt Taibbi) As the Covid-19 crisis progresses, censorship programs advance, amid calls for China-style control of the Internet

CFFS Decries Censorship Practices of Social Media Giants (PR Newswire) In a shocking display of disregard for First Amendment protections afforded all Americans, the leadership of popular social media platforms...

A Scramble for Virus Apps That Do No Harm (New York Times) Dozens of tracking apps for smartphones are being used or developed to help contain the coronavirus pandemic. But there are worries about privacy and hastily written software.

Palantir’s NHS data project “may outlive coronavirus crisis” (NS Tech) <p>An ambitious project to forecast demand on NHS services at both a local and national level is likely to outlive the coronavirus pandemic, according to two sources close to the work. The initiative,

Palantir is one of 'our best weapons' against the coronavirus: Co-founder (Yahoo) Palantir co-founder and investor Joe Lonsdale sat down with Yahoo Finance to discuss the company's COVID-19 work and the current state of VC in Silicon Valley.

RDP brute-force attacks are skyrocketing due to remote working (BleepingComputer) Internet-exposed and poorly configured RDP servers from all over the globe are the target of an increasing number of brute-forcing attacks that have started since the beginning of March.

National Security Agency Releases Cybersecurity Guidance for Remote Workers (Security Magazine) The U.S. National Security Agency (NSA) has released cybersecurity guidance, containing a snapshot of current, commercially-available collaboration tools available for telework use, along with a list of security criteria to consider when selecting which capability to leverage.

How telework has changed two agencies’ IT practices (Federal Times) Top IT officials from the Small Business Administration and General Services Administration discussed how coronavirus has changed IT at their agencies.

Zoom admits it doesn’t have 300 million users, corrects misleading claims (The Verge) Rivals like Microsoft and Google are closer to Zoom’s numbers than expected

Zoom meeting of black lawmakers in Delaware was hacked (Washington Post) A Zoom meeting that included state lawmakers from Delaware as well as members of Congress had been hacked

Not Just Zoom: Here’s Another Hidden Security Risk When You’re Working From Home (Forbes) Another warning for students and employees now learning and training from home.

Managers turn to surveillance software, always-on webcams to ensure employees are (really) working from home (Washington Post) Always-on webcams, virtual "water coolers," constant monitoring: Is the tech industry’s new dream for remote work actually a nightmare?

Microsoft Office 365: US issues security alert over rushed remote deployments (ZDNet) CISA is concerned hasty deployments of Office 365 and Teams may lead to missed key security configurations.

US govt updates Microsoft Office 365 security best practices (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) today issued an update to its Microsoft Office 365 security best practices as part of an alert distributed via the US National Cyber Awareness System.

FBI Warns of Major Spike in Cyber Attacks (CyberArk) Cyber attackers are taking advantage of the uncertainty and remote workers to increase their attacks, the FBI says. Privileged access management can help.

Cyber attack campaigns exploiting COVID-19 with global impact (ITWeb) Panda Security’s 100% attestation service has allowed researchers to identify and block malicious executables.

Mitigating ransomware and phishing attacks during a pandemic (SearchSecurity) Preventing and mitigating ransomware and other cyberattacks become even more challenging -- and critical -- during a pandemic. Learn how security leaders can protect their organizations in a global crisis like the one caused by COVID-19.

The Benefits of Giving Up a Little Control over Cybersecurity (Security Boulevard) The COVID-19 pandemic and shutdown of businesses has forced families to embrace new processes. There are lessons in the Coronavirus quarantine for businesses in terms of giving up control to achieve desired outcomes.

Fortinet CISO: Here’s What ‘New Normal’ Cloud Security Needs (SDxCentral) Not even global pandemics last forever. “My advice to companies right now is to really think about what will happen next,” said Fortinet VP and Global Field CISO Jonathan Nguyen-Duy.

The Department of Defense Should Not Wage Cyber War Against Criminal Hackers During the Coronavirus Crisis (Council on Foreign Relations) Some have called for the Department of Defense to "defend forward" against cybercrime that exploits the coronavirus pandemic. However, doing so would strain the department's already limited resources and put democratic values at risk.

Ensuring Safe Elections (Brennan Center for Justice) Federal Funding Needs for State and Local Governments During the Pandemic

Pentagon Wary Of Adversaries Buying Defense Firms Amid Economic Crisis (Breaking Defense) DoD officials are working with Congress to come up with new ways to keep foreign governments out of the US military industrial base.

Request your free Tessian platform access today (Tessian) Request your free platform access. Learn how Tessian’s Human Layer Security Platform protects your employees from data exfiltration, accidental data loss and phishing.

Coronavirus: UKCloud and VMware join forces to meet public sector demand for remote desktops (ComputerWeekly) Public sector-focused IaaS provider UKCloud forges closer ties with VMware to meet the public sector demand for “government-grade” remote desktop technology.

Cyber Attacks, Threats, and Vulnerabilities

Suspected Chinese hackers aim attacks at Vietnamese government officials (CyberScoop) As tensions flare between China and Vietnam over territories in the South China Sea, China appears to be spearphishing Vietnamese government officials.

Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center (Anomali) Authored by: Sara Moore, Joakim Kennedy, Parthiban R, and Rory GouldThe Anomali Threat Research Team detected a spear phishing email targeting government employees in the Municipality of Da Nang, Vietnam. The email contained a malicious Microsoft Excel document which drops a malicious Dynamic-Link Library (DLL) providing the actor with CMD reverse shell over HTTP. The DLL shares code similarities to exile-RAT, a tool associated with Pirate Panda. Pirate Panda is an APT backed by China and

Loose cobras: DPRK regime succession and uncertain control over offensive cyber capabilities - Atlantic Council (Atlantic Council) Unconfirmed rumors surfaced in mid April 2020 regarding the potential incapacitation of North Korean leader Kim Jong Un, leading to speculation about the ramifications of a sudden transition of leadership in Pyongyang. These rumors have once again raised serious concerns over the stability of the Democratic People’s Republic of Korea’s (DPRK) control of strategic weapons, including nuclear and ballistic missiles. These worries are familiar to the international affairs community from multiple earlier crisis moments. In particular, the international community’s fears surrounding a North Korean transition of power are compounded by its questions about control of offensive cyber operations capabilities.

NTPC confirms 'cyber attack' from unknown source on Thursday (CBC) The Northwest Territories Power Corporation says it has "experienced a cyber attack from an unknown source."

Hackers Knew How to Target PLCs in Israel Water Facility Attacks: Sources (SecurityWeek) The changes made to PLCs in the attacks targeting Israeli water facilities shows the sophistication of the hackers and that they knew exactly what they were doing

Group-IB uncovers PerSwaysion — sophisticated phishing campaign targeting executives worldwide (www.group-ib.com) Group-IB, a Singapore-based cybersecurity company, has identified a series of sophisticated successful phishing attacks against the management and executives of more than 150 companies around the world.

The 2020 URL Querystring Data Leaks — Millions of User Emails Leaking from Popular Websites to Advertising & Analytics Companies (Medium) Breaches have been found on websites including Wish.com, JetBlue.com, Quibi.com, WashingtonPost.com, NGPVan.com and numerous other…

Quibi, JetBlue, Wish, others accused of leaking millions of email addresses to ad orgs via HTTP referer headers (Register) From URL to UR-Hell

Warning over EventBot banking Trojan draining financial details from Android phones (Computing) The malware can intercept the two-factor authentication security codes sent to the device

2FA-stealing Android malware gives enterprises cause for concern (SC Magazine) Security researchers have warned that newly created mobile banking malware can not only grab passwords for more than 200 financial apps, but intercept two-factor authentication codes as well.

Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks (Infosecurity Magazine) Scammers using reCAPTCHA walls to fool analysis systems and trick users

Surge in phishing attacks using legitimate reCAPTCHA walls (Help Net Security) Cyber scammers are starting to use legitimate reCaptcha walls to disguise malicious content from email security systems, Barracuda Networks has observed.

“Zero-click” mobile phone attacks – and how to avoid them (Naked Security) What if a messaging app has to show you an unwanted message so you can decide whether you want it shown to you?

Sextortion scammers still shilling with stolen passwords | WeLiveSecurity (WeLiveSecurity) Sextortion scammers unleash a new campaign that claims that the victim’s device was infected by malware when visiting a porn website, and that allowed them to obtain both the victim’s password and access to their device. The scammers then purport to have made a video of the victim and the alleged “not safe for work” content.

Microsoft Warns Of Malware-Laden Movie Torrents (Forbes) The company's security intelligence team says it's uncovered a number of fake movie torrents carrying malicious software that attempts to hijack a user’s machine to generate cryptocurrency.

Nintendo data breach reportedly caused by credential stuffing (TechRepublic) Attackers used an account checker tool to identify Nintendo accounts with compromised and vulnerable login credentials, says SpyCloud.

Security Patches, Mitigations, and Software Updates

Critical Vulnerability in Salt Requires Immediate Patching (SecurityWeek) The Salt community has been aware of a critical vulnerability (CVE-2020-11651) in Salt Master It was informed that the vulnerability has a CVSS rating of 10.0, that Salt Masters should not be exposed to the internet until fixes are made.

Bumper Adobe update fixes flaws in Magento, Bridge and Illustrator (Naked Security) Adobe’s latest patches are out, including fixes for its ecommerce platform.

Cyber Trends

Ransomware mentioned in 1,000+ SEC filings over the past year (ZDNet) A growing number of public companies have started listing ransomware as a forward-looking risk factor in their SEC documents.

ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel (Threatpost) Overall bot activity on the web has soared, with a 26 percent growth rate — attacks on applications, APIs and mobile sites are all on the rise.

TAG Analysis of Asia-Pacific Markets Shows Success of Industry Anti-Fraud Programs (MarTech Series) The Trustworthy Accountability Group (TAG), an advertising industry initiative to fight criminal activity in the digital advertising supply chain, today released a snapshot of ad fraud across a range of Asia-Pacific markets, showing dramatically lower IVT rates in TAG Certified Channels when compared with global industry averages. Trustworthy Accountability Group Conducted by The 614 Group, the analysis found a 91 percent overall reduction in invalid traffic (IVT) when advertisers used TAG Certified distribution channels which involve multiple companies that have achieved the TAG Certified

Six IoT Security Threats to Watch (Toolbox Tech) Internet-of-Things technology still has a long way to go before it is secure.Last year, Congress introduced the . The stated goal of the Act was to leverage federal government procurement power to encourage increased cybersecurity for Internet-of-Things devices, specifically to help promote an increased level of education around cybersecurity and...

Marketplace

ICANN rejects sale of .org registry to for-profit investor group (Reuters) A body overseeing web addresses said it has vetoed a $1.1 billion deal to sell control of domain names ending in .org to a private investment firm after an outcry from internet pioneers and officials including California's attorney general.

MobileIron + incapptic Connect (Mobileiron) MobileIron has acquired incapptic Connect, the leading provider of mobile app release automation software.

Ontic Raises $12 Million in Series A Funding Round Led by Felicis Ventures (TylerPaper.com) AUSTIN, Texas, April 30, 2020 /PRNewswire/ -- Ontic, the protective intelligence software platform developed to help businesses proactively address physical safety, announced today it has raised $12 million in a

Accurics Launches with a Vision of Making Cloud Infrastructure Security Ubiquitous (Yahoo) Accurics launches to protects cloud native infrastructure throughout the DevOps lifecycle - 'code-to-cloud’ - and reconcile risk posture drift.

Accenture Completes Acquisition of Broadcom’s Symantec Cyber Security Services Business (BusinessWire) Accenture completed its acquisition of the Symantec Cyber Security Services business from Broadcom Inc.

After a turbulent 2019, what's next for Huawei in 2020? (Abacus) Huawei says services have helped during the Covid-19 pandemic, but it's looking for more local alternatives to Google services as a bulwark against US restrictions

Teams lining up for $1B Army cyber competition (Washington Technology) Raytheon Technologies has officially joined the fray to compete for a $1 billion Army cyber training contract that has several other notable names in the running.

Raytheon Technologies-Red Hat-VMware Team to Pursue Army Cyber TRIDENT Training Contract; Bob Williams Quoted (GovCon Wire) Raytheon Technologies (NYSE: RTX) has teamed up with Red Hat and VMware (NYSE: VMW) to compete for t

FireEye Layoffs 'Never Ideal,' But 'Necessary,' Says CEO (Channel Partners) Just-announced FireEye layoffs are part of an organizational restructuring planned before the COVID-19 pandemic. Six percent of the workforce is being cut.

Get to know KnowBe4, a 2020 Best Places to Work honoree (Tampa Bay Business Journal) How would you describe your company to someone outside of your industry?

German Blockchain-anchored Data Security Company Ubirch Expands to Israel (PR Newswire) German blockchain-anchored data security start-up Ubirch is on course for internationalization and is thus consistently pursuing its growth...

Coalfire Federal Growth Prompts Malone Promotion, New Board Of Directors (The Grand Junction Daily Sentinel) Coalfire Federal, a wholly owned subsidiary of cybersecurity advisory and assessment services provider Coalfire, today announced the promotion of Bill Malone to President.

Products, Services, and Solutions

One Identity to Bolster Microsoft SQL Server and Azure SQL Database Security with End-to-End Privileged Access Management (Globe Newswire) One Identity Safeguard allows organizations to manage, monitor, record and audit administrators’ access to Microsoft SQL Server 2017. SQL Server 2019 and Azure SQL Database

SlashNext Launches URL Analysis & Enrichment to Automate Phishing IR (SlashNext) New Solution Delivers Real-Time Phishing Threat Intelligence and Automated Incident Responses in the Cloud

Illusive Networks Extends Distributed Deception to the Cloud - Illusive Networks (Illusive Networks) New Capabilities Defend Organizations Against Attacks from Anywhere to Anywhere

Microsoft Office 365: This new feature will keep you safe from malware-filled documents (TechRepublic) Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

Accurics Takes the Wraps off Its Code-to-Cloud Security Solution (Tech) Stealth mode startup Accurics details free and premium ‘code-to-cloud’ security offerings that protects infrastructure throughout the DevOps lifecycle.

Appsian Enables Adaptive Multi-Factor Authentication in Oracle PeopleSoft Applications (PR Newswire) Appsian, the global leader in Enterprise Resource Planning (ERP) data security, has announced an integration with Duo Security, now part of...

Shedding Light On Possible Child Exploitation with Digital Intelligence (Cellebrite) A Netherlands nonprofit organization analyzes a teenage girl’s photo data to search for signs of sexual exploitation.

Technologies, Techniques, and Standards

Why You Want to Fail a Red Team Exercise (Infosecurity Magazine) Why failing a Red Team exercise is good and what happens afterwards is more important.

Digital Assets and Data Management – Managing Enterprise Risks and Leveraging Data in a Digital World (BakerHostetler) Key Findings: Enable MFA already! Back at the top of our key findings again for many and obvious reasons....

What Is a DDoS Attack - A Guide for Protection | Cybersecurity | CompTIA (Default) Learn what a DDoS attack is, the types of DDoS attacks, DDoS attack tools, DDoS protection and how to stop a DDoS attack.

Academia

Eastern Mennonite University team wins international codebreaking contest (Augusta Free Press) Eastern Mennonite University’s veteran codebreaker team emerged victorious in the KRYPTOS 2020 challenge.

Purdue’s Spafford named to American Academy of Arts and Sciences (Purdue University) Purdue University professor Eugene H. Spafford has been elected to the American Academy of Arts and Sciences, one of the nation’s oldest and most prestigious honorary societies.

Legislation, Policy and Regulation

Analysts: U.S., China should tread carefully in case of North Korea collapse (UPI) China plays an outsize role in North Korea's economy, but its clout in the region doesn't mean Beijing can easily intervene in the event of North Korea instability, U.S. analysts say.

China wasn’t wild about Mike Pompeo before the virus. It’s really gunning for him now. (Washington Post) Beijing has unleashed a wave of vitriol against Pompeo over unsupported claims that the virus could have leaked from a Wuhan lab.

China Issued the Measures for Cybersecurity Review (The National Law Review) The Cyberspace Administration of China (&ldquo;CAC&rdquo;), together with 11 other authorities, has jointly issued the Measures for Cybersecurity Review (the &ldquo;Measures&rdquo;), which will take e

Washington’s Anti-Huawei Tactics Need a Reboot In Europe (Foreign Policy) Efforts to convince allies of the Chinese threat in 5G have floundered.

Republicans to introduce bill to ban government employees from using Huawei, ZTE products (TheHill) Republican Sens. Ted Cruz (Texas) and Josh Hawley (Mo.) announced their intention on Thursday to introduce a bill that would ban U.S.

Cyber Commission pushes defense bill as vehicle for implementation -- Defense Systems (Defense Systems) Even with the coronavirus outbreak dominating policymakers' attention, Rep. Mike Gallagher (R-Wis.) said he was 'pretty optimistic' that as much as 30% of the recommendations can be included in the upcoming defense authorization bill.

Senators urge against shuttering of National Defense University's cyber college (FedScoop) The College of Information and Cyberspace was developed to "prepare information leaders to play critical roles in national security in the Information Age."

Litigation, Investigation, and Enforcement

National Security Surveillance on U.S. Soil Fell Amid Scrutiny of Russia Inquiry (New York Times) But overseas targets of the government’s warrantless surveillance program continued to soar in 2019, a new report disclosed.

WhatsApp claims NSO Group's lawyers have conflict of interest - CyberScoop (CyberScoop) Facebook is trying to get NSO Group’s legal counsel dismissed because of an alleged conflict of interest in its case regarding the abuse of WhatsApp users.

WhatsApp claims hacking software infected users after one phone call (Newsweek) The messaging app claims that an Israeli spyware company has responsibility for human rights violations and helped hack government officials, journalists and dissidents.

WhatsApp says NSO Group hacked 1,400 users, including human rights activists (times of Israel) News from Israel, the Middle East and the Jewish World

FBI Director Wray Previously Represented Facebook in Encryption Fight Before Turning Critic (Wall Street Journal) FBI Director Christopher Wray, who has been pushing tech companies to give law-enforcement officials access to encrypted messages, once advocated the opposite view when representing Facebook’s WhatsApp.

LabCorp sued for allegedly concealing data breaches (TechCrunch) The laboratory giant had two security incidents in as many years.

LabCorp investors file lawsuit, alleging 'persistent' failure to secure data (CyberScoop) LabCorp investors have filed a lawsuit against the company following a major data breach last year.

Trump praise of ‘tormented’ Flynn raises pardon speculation (Military Times) President Donald Trump voiced strong support Thursday for his former national security adviser Michael Flynn, raising speculation that a pardon may be coming after Flynn's lawyers disclosed internal FBI documents they claim show the FBI tried to “intentionally frame

At a glance.

Bring your own context.