News for the cybersecurity community during the COVID-19 emergency: Thursday, May 7th, 2020. Daily updates on how the pandemic is affecting the cybersecurity sector.
COVID-19 and the markets, legitimate and illegitimate.
Tech firms, including some in or adjacent to the cybersecurity sector, haven't been immune to the economic pressures of the pandemic. Here are three examples, from the US West Coast heart of the industry: the Silicon Valley Business Journal reports that Cohesity has cut staff (and done so only a few weeks after raising $250 million in capital), that cloud provider Nutanix has laid off almost 1500 employees (about 27% of its workforce), and that Cloudera yesterday confirmed that it was readying a round of layoffs.
The cybersecurity sector proper, however, while seeing a slowdown due to the caution so prevalent in the markets it serves, has proven relatively resilient under pressure. Security needs have remained relatively stable, and, after all, security itself remains a relatively small and bearable fraction of corporate budgets, SecuityBrief points out in a survey of industry observations of the sector.
The criminal market has followed opportunities opened up by the crisis. Not only has it become a commonplace that COVID-19 has been dangled all over the Internets as effective phishbait. It's surfaced in a new round of attacks by familiar Nigerian gangs, a business email compromise campaign Palo Alto Networks is calling "Silver Terrier," and Illusive Networks believes it's detected a nation-state-sponsored ransomware campaign with strong similarities to the techniques used by TrickBot.
Bots have also been causing trouble through automated applications for emergency relief. Some of the problems with emergency relief programs are technical, not necessarily nefarious, but rather artifacts that emerge in any rapidly expanded system that wasn't designed to handle large volumes of requests. TechTarget reports that the US Small Business Administration will no longer process applications for Payroll Protection Program loans filed using robotic process automation tools. So many requests have come in by RPA that the system was overwhelmed. But some of that activity is nefarious, since RPA tools benefit criminal as well as legitimate enterprises. The Wall Street Journal says that the US Justice Department is actively investigating fraudulent applications for assistance.
Another area where criminals see opportunity under the present state of emergency, ZeroFox reports this week, is with compromise attempts against celebrities' accounts and attacks offering free streaming services. Sports and entertainment figures, when their social media accounts can be turned to criminal use, can be used to drag their fans in. And when you're stuck at home with little to do, free streaming services can be dangerously attractive.
Twitter's still trying to control the rumor that 5G causes COVID-19.
One would have hoped the odd belief that cell towers are somehow the cause of coronavirus infections would have by now passed its expiration date. Alas, no: Twitter is still grappling with the dissemination of that particular theory, often linked by the credulous to suspicion that the whole matter is linked to a deeper conspiracy to cull the herd, to prepare for some horrendous world order of social control (and that fear exists in left, right, and center forms). The Telegraph says that Twitter's most recent approach to the rumor is to prompt people who tweet it to read an official British report debunking the cell-service origin theory, which is so direct and almost charmingly naive that one wishes them all success. Why not give the invisible hand of the marketplace of ideas a chance to work its magic? Give reason a chance?
This particular bit of misinformation is dangerous not because it's affecting treatment or compliance with public health advice; it's dangerous because it's inspired people to vandalize cell towers. An ex-Googler told the Telegraph earlier piece that he sees structural problems with social media that tend to cause misinformation cascades. He's concerned mostly with YouTube, and sees the algorithmic push to "optimize watch time at all costs" as fostering the propagation of spectacularly false and spectacularly attractive content. Substitute "engagement" for "watch time" to generalize the problem. The problem has involved more than just vandalism: some telecom maintenance workers in the UK were attacked by locals who accused them of setting up the virus infrastructure.
One almost wishes for a return of alien invasion conspiracy theories. At least you'd know what to say. (That would be, "Klaatu barada nikto.")