At a glance.
- Coronavirus phishing scams mount, placing personal data at risk.
- Healthcare providers are noted as particularly attractive marks for cyber criminals.
- Epidemic tracking tools emerge.
Coronavirus phishbait in the online water.
Phishing always follows the news, especially during crises, and there are many scams being reported that use coronavirus-themed phishbait. Proofpoint is tracking several current campaigns. Many of them involve ransomware, but of course ransomware is now routinely coupled with information stealing functionality that puts personal data at risk. TA505, the Russian-speaking criminal gang Microsoft calls “Evil Corp” and others know as “Graceful Spider,” is back with a ransomware downloader it’s using against targets in the US healthcare, manufacturing, and pharmaceutical sectors. TA505 is best known for Locky ransomware and the Dridex banking Trojan, but it's also been seen, by Prevailion and others, to engage in data theft. TA505's phishbait is coronavirus-themed, and another criminal group, TA564, is doing much the same against Canadian citizens, in this case spoofing the Public Health Agency of Canada. The text of the spam is not particularly convincing, marred as it is by non-standard English usage and punctuation, and a lack of idiomatic control, but what the operators lose in plausibility they make up in sheer volume.
Healthcare data is more attractive to criminals than ever.
During public health crises the integrity and availability of medical data assume greater importance. They become particularly attractive to extortionists. Healthcare professionals, many of whom are necessarily accustomed to interacting with and providing information to patients, are, the Register reports, likely to be the targets of social engineering of the sort discussed above by Proofpoint.
Epidemic tracking tools have to track (and to know their subjects).
Alphabet (Google's parent) over the weekend introduced a COVID-19 tracking website developed by one of its other units, Verily, a biotechnology shop, CNBC reports. Users, who must log in with their Google credentials to proceed, take a series of screening questions and then, as appropriate, are directed to a nearby testing site. The service is, for now, limited to the San Francisco Bay area. Verily is said to have been motivated to establish the site more quickly than intended by public expressions of expectation by both the US President and the Governor of California, according to the Washington Post.
The site's utility for screening is limited, the Guardian maintains, and its hasty construction on top of Verily's Project Baseline platform (designed generally to let individuals enroll in clinical trials, and which in its inception had nothing to do with coronavirus) combined with its close coupling to Google accounts, has raised privacy concerns. Verily has sought to allay those concerns with its data use policies.
The New York Times reports that in Israel, Prime Minister Netanyahu has directed Shin Bet, the country's internal security service, to open a previously unknown database collected for counter-terrorism purposes to public health authorities. They would use the data to track encounters in which the virus could be spread.