Grand fraud, phishing, dis- (or mis-) information.
the cyberwire logo53 days ago

News for the cybersecurity community during the COVID-19 emergency: Tuesday, April 7th, 2020. Daily updates on how the pandemic is affecting the cybersecurity sector.

Grand fraud, phishing, dis- (or mis-) information.

Forget about that Brooklyn Bridge. Could we interest you maybe in a Statue of Unity?

For just $4 billion it can be yours, art lovers, patriots, philanthropists. And it's for a good cause, too: the proceeds (we hear) will help the state of Gujarat deal with the coronavirus. But of course not really. Reuters reports what must be the brassiest online scam to surface so far during the pandemic emergency. We hope no one fell for it.

The Statue of Unity, about twice the height of the Statue of Liberty in New York Harbor, commemorates Sardar Vallabhbhai Patel, one of India's founders. At a hundred-eighty-two meters tall, the Statue of Unity would be tough to fit on your coffee table, but with heroic art, who measures, really? The moxie and low cunning behind the scam really put all the other COVID-19 grifters in the shade. What's a business email compromise scam baited with masks and hand sanitizer (for which Europol collared some guy in Singapore, according to ZDNet) compared to the offer of a monumental heroic stature, whose steel framing, reinforced by concrete and brass coating, supports a bronze cladding? Think big, skids.

More of the ordinary, dreary scams are being reported around the world. The FBI, according to Smart Office, received twelve-hundred COVID-19-related scams in a single week. ZDNet reports that Brazilian authorities saw a 124% increase in scams last month, and also that the Australian Signals Directorate is going on the counteroffensive against offshore grifters targeting Australian citizens. Back in the US, the Wall Street Journal notes that the Securities and Exchange Commission has suspended trading of two stocks over the companies' dubious claims about their activities during the pandemic emergency. Both are obscure penny stocks trading in the loosey-goosey over-the-counter market.

Baited, and unabated.

More seriously, ransomware attacks against hospitals have not only continued despite criminal protestations of good intentions, but an Interpol warning suggests that the volume of attacks has actually increased. BleepingComputer, which received promises from some ransomware gangs that they'd place medical facilities off limits for the duration of the pandemic emergency, has been tracking the criminals' activity and reports that Maze, Ryuk, and Sodinokibi have all been used recently against healthcare and pharmaceutical targets.

Social media grapple with dis- and misinformation.

YouTube, Facebook, and WhatsApp are trying various measures to come to grips with the volume of fear, nonsense, and lies in circulation about COVID-19. YouTube is using a relatively soft hand with "borderline content" (that is, content not in formal violation of the platform's guidelines), and is especially concerned about the bogus theory that cell towers are responsible for the virus. Videos peddling this particular meme "could lose advertising revenue," will be removed from search results, and will also see reduced recommendations in Google's algorithm, CNN reports. The Telegraph says that Facebook is meeting with British government officials this week to see what it can do to prevent further threats and vandalism inspired by the cell-tower panic. And WhatsApp, according to Computing, is concentrating on inhibiting the spread of false information by restricting message forwarding to one chat at a time.