The persistence of misinformation. Scattered Canary and fraud. Contact-tracing updates.
the cyberwire logoMay 20, 2020

News for the cybersecurity community during the COVID-19 emergency: Wednesday, May 20th, 2020. Daily updates on how the pandemic is affecting the cybersecurity sector.

The persistence of misinformation. Scattered Canary and fraud. Contact-tracing updates.

COVID-19 misinformation finds alternative outlets.

Increased fact-checking and content moderation by social media providers may have pushed misinformation into other channels where it can circulate without much hindrance. The Washington Post takes the documentary Plandemic as its example. The documentary, whose long trailer has been pushed from YouTube and other social media, has been circulated using such apps as Google Drive. Short comments on the trailer, written to avoid language that would trip content moderation alerts, appear on Major social media platforms, and these in turn direct visitors to the sites where the trailer is available.

Plandemic, which retails a complex and implausible conspiracy theory about the alleged corporate and government interests that the film makers claim are behind the pandemic, has provided a popular example of COVID-19 misinformation. It's often cited as an example of the dangerous potential of misinformation. Its recent distribution also affords an example of the difficulty of controlling such misinformation's spread.

Attacks against unemployment relief programs.

Unemployment relief assistance designed to compensate workers who've lost their jobs during the economic stress of the pandemic are being targeted by scammers. Agari reports that much of the criminal fraud against such relief programs observed in the US states of Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming are the work of the Scattered Canary gang, a criminal group based in Nigeria.

The researchers outlined a few of the approaches. They found that eighty-two fraudulent claims for CARES Act Economic Impact Payments were filed between April 15th and 29th. Since April 29th at least one-hundred-forty-seven fraudulent unemployment claims were filed the state of Washington. Between May 15th and 16th, seventeen fraudulent unemployment claims were filed in Massachusetts. And most recently Agari has observed signs that the criminals are turning their attentions toward Hawaii, where on the evening of May 17th two claims were registered with the state's Department of Labor and Industrial Relations.

The techniques Scattered Canary is using are the grubby, low-tech stuff of petty cyber crime. BleepingComputer says that the gang is using social security numbers and other personal data stolen from identity theft victims to create bogus accounts on assistance sites. As the Washington Post points out, state relief agencies are under the gun to provide assistance to people who need it in a hurry, and haste is usually accompanied by a certain relaxation of vigilance.

Pandemic-themed phishing campaigns.

Lastline this morning released the results of a study that focused on NRDS (newly registered domains) with an evident COVID-19 theme. They've concluded that there's less novelty about those efforts than might have been expected. While phishing is up, it appears the criminals are devoting more effort to refreshing and re-emphasizing existing campaigns to match the times than they are in coming up with innovative approaches.

Progress of contact-tracing apps.

The UK's contact-tracing app, undergoing trials on the Isle of Wight, is attracting further skepticism about its efficacy. While download rates during the trials have been reported to be satisfyingly high, ComputerWeekly reports that recent studies have cast doubt on the willingness of British users to install the app.

The existing NHS App, not the contact-tracing app, but rather the app through which patients access healthcare data and book appointments with their doctors, is being considered for adaptation into an "immunity passport," the Telegraph writes. According to the app's developer, iProov, addition of facial recognition software to the tool could be used to verify the identity and immunity status of users.

Taking advantage of a crisis.

Australia's government has condemned unnamed nation-states for "conducting and supporting cyber attacks under the cover of the coronavirus crisis," the Australian Financial Review reports. The countries may be unnamed, but the prospect of arousing China's ire the article alludes to suggests that the subtext indicates a bad conscience in the vicinity of Beijing.