We recently launched Recorded Future Express — a free browser extension for security teams. Use Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now.
For more, see our daily update on COVID-19 and the cybersecurity community.
Facebook has removed "hundreds" of disinformation accounts. Menlo Park's report on coordinated inauthenticity for April listed six countries where the Facebook and Instagram accounts formerly operated. Georgia leads, with almost a thousand suspect accounts taken down; they were for the most part associated with domestic political groups. Russia and Iran showed high levels of state-directed activity directed at foreign targets. A number of takedowns in the US removed inauthentic accounts associated with conspiracy theorists at QAnon. Accounts taken down in Mauretania and Myanmar focused on domestic audiences, and the Myanmar operations were associated with that country's police.
Taiwan's state-owned energy company CPC Corp., a major distributor of petroleum and liquified natural gas, has sustained a ransomware attack, CyberScoop says. Investigators think it likely that the attack was state-sponsored, but have not specified which state. Authorities in Taiwan believe the attack was timed to coincide with President Tsai Ing-wen's inauguration, Taiwan Focus reports.
Microsoft is tracking a surge in Remcos attacks that it says are using COVID-19 lures to prospect organizations across many sectors.
Europol announced that Polish and Swiss police have taken down the credential-trading InfinityBlack gang. Five Polish hackers were arrested, and assets (including hardware and cryptocurrency wallets) worth €100,000 were seized. InfinityBlack operated on both its own site and other dark web souks, ZDNet reports, and the gang not only trafficked in credentials, but also in attack tools sold to other criminals. The gang was well-organized and segmented; it seems unlikely the five arrested were its only members.
Today's issue includes events affecting Australia, Canada, China, European Union, Georgia, India, Iran, Israeli, Luxembourg, Mauretania, Myanmar, New Zealand, Pakistan, Poland, Russia, Singapore, Switzerland, Taiwan, United Kingdom, United States
When the social distancing of the pandemic ends, as it will, can we expect the workplace to go back to the way it was?
"One of the things that is coming up a lot in the conversations I have with CIOs and CISOs around the world is they do not expect to go back to the way things were as recently as January, with the amount of people that will be coming into offices.
"And there is a interesting focus on the new norm for working from home. And it's interesting for a couple of reasons. First, there are rules that a lot of organizations thought must be in an office to be successful. Everything from being a coding engineer to an IT administrator to service desk, help desk employees - they're all working from home now, and a lot of organizations are seeing not only success with that but improved performance, improved efficiencies and improved morale where there are areas that may have heavy commute times.
"One of the interesting things that's also happening is around that, a lot of financial executives are looking at the cost per employee to keep them in an office as compared to keeping them at home. So I think you're going to see not the number stay where it is now, which is that 90 to 100% work from home, but I don't think we're going to get back to that 13 to 17% where, you know, there's been this huge push over the last few years to really get people into offices."
—Mathew Newfield, chief information security officer at Unisys, on the CyberWire's Daily Podcast, 5.4.20.
Shorter commutes would surely be welcome (although there are some who would miss the rolling happy hour home that is the MARC Brunswick Line out of DC in the early evening). But does working from home contribute to the erosion of employees' free time? Will a general move toward work-from-home will be met by an employee push to move from exempt to non-exempt status, and will that in turn be met by moving more jobs to the gig economy?
If you're interested in space and communications (technology, policy, business, and operations), take a look at the latest issue of Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Looking to advance your cybersecurity career? Then the Georgetown University Master's in Cybersecurity Risk Management is for you. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses recent flaws in antivirus products. Our guests are Laura Deimling and Courtney Wandeloski from Down To Staff on interviewing tips for employees and hiring managers.
Caveat is up. In this episode, "If there's cyberwar, are there cyber war crimes?" Dave has the story of a US appeals court asking why a Facebook encryption order should remain sealed, Ben takes a look at the effects of GDPR. Later in the show we speak with Tarah Wheeler, Cybersecurity Policy Fellow at New America, and she describes why the world needs a digital Geneva Convention.
In this week's episode of CSO Perspectives, "Dark web and TOR: What kind of intelligence can you find there?" the CyberWire's CSO Rick Howard discusses counterintelligence operations by commercial vendors on the dark web, and the kinds of intelligence that can be found there.
