Chinese conspiracy theories that COVID-19 was some kind of US military bioweapon date back to January, months before a foreign ministry official in Beijing began to spread the same fake news, according to a new study.
An analysis from the Stanford University Cyber Policy Center has revealed how fringe conspiracy theories can eventually become weaponized by governments to further their geopolitical ends.
Zhao Lijian, a deputy director-general of the Chinese Foreign Ministry’s Information Department, took to Twitter on March 12 to suggest “the US army brought the epidemic to Wuhan.” He included a clip from the chief of the US Center for Disease Control who merely said that some patients who died from COVID-19 might not have been tested.
This was followed a few hours later by another tweet of Zhao's which shared an article from a conspiracy theory site that “the virus originated in the US.”
After Washington complained at the unfounded allegations, Chinese ambassador to the US, Cui Tiankai, distanced Beijing from the rumors.
Stanford’s analysis revealed that these could be found online as far back as January 2, when a Chinese language YouTube video dismissed the idea of COVID-19 as a US bioweapon. Chinese Twitter users at the end of the month took the opposite line, claiming the coronavirus was a US creation. These posts remain online, despite the social media site’s crackdown on COVID-19 misinformation.
By February 1, speculation began to spread that the virus was linked to US attendance at the Military World Games, which took place in Wuhan in October 2019.
The Stanford report authors urged online users to exercise skepticism at what they read online, even when posted by government officials.
“In times of uncertainty, speculation and political blame games, continued vigilance is key when it comes to assessing and sharing information — even, or sometimes especially, when it comes from state channels,” they said.
“Social media companies need to maintain their efforts to proactively remove unfounded speculation and disinformation on their own platforms, regardless of who posts it. Citizens and journalists should question the intentions an actor promoting online content may have before possibly amplifying misleading voices.”.
Online threats have risen by as much as six-times their usual levels over the past four weeks as the COVID-19 pandemic provides new ballast for cyber-attacks, according to Cloudflare.
The web security and content delivery vendor analyzed UK traffic figures for the past four weeks compared to the previous month and noted a sharp uptick in malicious activity.
It revealed that hacking and phishing attempts were up 37% month-on-month, while on some days, the firm was blocking between four- and six-times the number of attacks it would usually see.
The firm said the uptick was the result of “recreational” hackers with more time on their hands. However, professional cyber-criminals are also using the global incident to further their own agendas.
Phishing attempts have soared by over 600% since the end of February, including traditional impersonation scams but also business email compromise (BEC) and extortion attacks, according to Barracuda Networks.
In Hong Kong, likely state-sponsored attackers are even using the virus as a lure to trick users into clicking on news links booby-trapped with iOS spyware.
Domain registrars are ramping up efforts to halt automatic registration of any website names that are linked to COVID-19, for fear they may be phishing sites or those selling counterfeit goods like surgical masks and pharmaceuticals.
Interpol announced last week that it had already managed to seize $14m worth of such fake goods.
Even the National Cyber Security Centre (NCSC) has been stepping in to remove malicious and phishing sites.
Aside from the rise in threat levels, Cloudflare also noted an overall uptick in internet use of 17%, as the majority of the country is urged to stay indoors and work from home.
Online searches for tutoring grew most during the past four weeks, up 400%, while politics (320%), TV (210%) and gardening (200%) also spiked.
The NCSC has carried out research, determining the path to certification for Cyber Essentials could be made clearer, that the standard was being implemented consistently across the UK and that assessor and advisor standards were consistent. Its research showed that customers were confused by the use of five different organizations to deliver the scheme, as each organization operated the scheme in a slightly different way.
After a tender process, the NCSC has appointed a single Cyber Essentials Partner – The IASME Consortium, with effect from today.
Introduced in 2014, Cyber Essentials enables organizations to demonstrate that they meet defined standards of online security and seeks to identify that organizations have key controls in place. The scheme provides successful applicants with a certificate that lasts for 12 months.
It was intended to enable companies to understand the basic controls all organizations should implement to mitigate the risk from common internet-based threats, and concentrated on five key controls:
- Boundary firewalls and internet gateways
- Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organization
- Access control – ensuring only those who should have access to systems have access and at the appropriate level
- Malware protection
- Patch management – ensuring the latest supported version of an application is used and all necessary patches have been applied
IASME said that today’s new partnership will help make fundamental cyber-protection more understandable, accessible and practical. Dr Emma Philpott, MBE, chief executive of IASME, said: “IASME contributed to the original writing of the scheme and has been involved in its delivery ever since. We welcome the prospect of continuing to work in partnership with NCSC to further develop and grow the Cyber Essentials scheme.
“We are particularly looking forward to working with the wider network which includes all Cyber Essentials Certification Bodies which will allow us to offer expert support and certification to organizations across the whole of the UK and Crown Dependencies.”
IASME welcomed new certification bodies whom had come on board during the transition period, and thanked other certification bodies that had been a part of the journey to date. “Together we will provide a comprehensive, UK-wide network of licensed Certification Bodies to ensure regional support is available to all those who need it.”
Anne W from the NCSC, added: “The move to a single Cyber Essentials Partner allows us to work closely with IASME to develop the scheme and build further on the success to date. Cyber Essentials is an important scheme within the NCSC’s extensive portfolio of tools and guidance, all of which make a significant contribution to making the UK one of the safest places in the world to live and do business online.”
A company claiming to provide “the world’s most secure online backup” leaked metadata and customer information in over 135 million records after misconfiguring an online database, Infosecurity has learned.
The team at vpnMentor discovered the privacy snafu as part of its ongoing web mapping project that has already uncovered major cloud data leaks at brands including Decathlon, PhotoSquared and Yves Rocher.
It was traced to Californian-headquartered SOS Online Backup, which claims to be a multi-award winning provider with 12 data centers around the globe. The firm was contacted on December 10 and again seven days later. Although it never replied to the researchers, the incident was mitigated on December 19.
“The exposed database contained over 135 million records, totalling almost 70GB of metadata related to user accounts on SOS Online Backup. This included structural, reference, descriptive, and administrative metadata covering many aspects of SOS Online Backup’s cloud services,” vpnMentor explained.
The trove also included PII such as names, emails, phone numbers, business details (for corporate customers) and account usernames.
“By exposing so much metadata and user PII, SOS Online Backup has made itself and its customers vulnerable to a wide range of attacks and fraud,” warned vpnMentor.
“This database could have been a goldmine for cyber-criminals and malicious hackers, with access to cloud storage highly sought after in the online criminal underworld.”
Aside from the impact of potential reputational damage on the firm, the incident could be investigated by Californian regulators of the new CCPA data protection law, as well as GDPR regulators, if EU citizens’ data is included.
“Finally, the exposed database showed the structure of their cloud-based backup technology, accounts’ systems, and how they work. Hackers could use this information to plan effective attacks and embed malicious software in their system,” vpnMentor suggested.
“This would allow them to steal customer data and files, or attack SOS Online Backup directly.”
The Office of the Inspector General (OIG) has said it lacks confidence that the Federal Bureau of Investigation is executing its Woods Procedures in line with FBI policy when applying for court permission to surveil people in the United States.
The FBI implemented its Woods Procedures in 2001 following errors in numerous Foreign Intelligence Surveillance Act (FISA) applications submitted to the Foreign Intelligence Surveillance Court (FISC) in FBI counterterrorism investigations. The procedures, named for FBI agent Michael Woods, who helped devise them, require that every fact submitted in support of a wiretap application must be verified.
FBI policy requires case agents who will be requesting the FISA application to create and maintain a "Woods File" that contains supporting documentation for every factual assertion contained in the application together with the results of required database searches and other verifications.
A report published by the OIG on March 30 states that a recent audit of the FBI found that in some FISA applications, Woods Files had gone missing or may not have ever existed.
Over the past two months, auditors visited 8 FBI field offices and reviewed a judgmentally selected sample of 29 applications relating to US persons and involving both counterintelligence and counterterrorism investigations.
The OIG report states that "we could not review original Woods Files for 4 of the 29 selected FISA applications because the FBI has not been able to locate them and, in 3 of these instances, did not know if they ever existed."
In all 25 of the FISA applications the OIG were able to review, auditors identified errors or inadequately supported facts.
The OIG said: "For all 25 FISA applications with Woods Files that we have reviewed to date, we identified facts stated in the FISA application that were: (a) not supported by any documentation in the Woods File, (b) not clearly corroborated by the supporting documentation in the Woods File, or (c) inconsistent with the supporting documentation in the Woods File."
The auditors' findings led the OIG to conclude that the FBI's FISA applications were not as accurate as they should be.
"We believe that a deficiency in the FBI’s efforts to support the factual statements in FISA applications through its Woods Procedures undermines the FBI’s ability to achieve its 'scrupulously accurate' standard for FISA applications," stated the OIG.
Hotel chain Marriott International announced today that it has suffered a second data breach.
According to an incident notification published on their website, the company spotted unusual activity occurring in an app that guests use to access services during their stay.
An investigation into the activity revealed that the login credentials of two Marriott employees had been used to access "an unexpected amount" of guest information.
Marriott said guest data that may have been compromised in the breach included contact details, loyalty account information, personal details such as birth dates, and information concerning linked partnerships and affiliations like airline loyalty programs.
Precisely what information was accessed varied from guest to guest, but in some cases email addresses, phone numbers, and employer details were exposed.
Marriott said: "At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020."
While the investigation into the data breach is ongoing, Marriott said that "we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers."
On March 31, 2020, Marriott sent emails about the incident to guests involved. The hotel chain has offered guests affected by the incident a year's worth of personal information monitoring from IdentityWorks free of charge.
Marriott said: "We have also set up a self-service online portal for guests to be able to determine whether their information was involved in the incident and, if so, what categories of information were involved."
This latest data breach has affected approximately 5.2 million Marriott guests. The hotel chain has advised Marriott Bonvoy account holders to change account passwords and to monitor their accounts for suspicious activity.
In November 2018, Marriott reported a data breach that saw the records of approximately 339 million guests exposed. In a catastrophic and ongoing cybersecurity incident, threat actors were found to have had unauthorized access to the hotel's Starwood network since 2014.
The majority of British people don't back up their data even though they know how to do it.
Of those running the gauntlet of data loss in the event of theft, infection, accidental deletion, or destruction, 52% said they didn't keep any information on their device that was important enough to back up.
Other Brits who don't back up their data said that they had intended to get around to it but had not been successful. Of those, 10% said it had slipped their mind, while 13% said that they were too busy with other tasks to find time to back up.
The remaining 26% of Brits throwing data preservation to the wind by not performing backups confessed that they hadn't bothered to find out how to carry out this simple task.
Of the Brits who do back up their data, 47% do so once a month, while 20% do so continuously and 17% perform a backup every 1 to 6 months.
While 39% of Brits who do actually back up their data do so to cloud storage, the most popular method, practiced by 59% of those surveyed, was to use an external hard drive.
Android users showed a marked preference for using external hard drives over cloud storage for their backups, while iPhone users were only slightly more likely to choose an external hard drive over the cloud.
"Losing personal documents, photos and videos can be a painful experience and it’s not until this happens that they realize how valuable it actually is,” said Luis Corrons, security evangelist at Avast.
“It’s important to back up data on a regular basis, keeping memories, captured in the form of photos and videos, safe and secure.”
Avast researchers recommend backing up data regularly to two locations, in effect creating a backup backup. They also advise users backing up to an external hard drive to protect that drive from ransomware attacks by disconnecting it once the backup is complete.
Sensitive information about US voters was left exposed due to a data breach by the voter contact and canvassing app Campaign Sidekick, which is used by the Republican party in election campaigns. It has been revealed by the cybersecurity company UpGuard that an unprotected copy of Campaign Sidekick’s app’s code was mistakenly left freely available on its website. The breach has since been secured.
Originating during the 2002 election cycle, Campaign Sidekick has been used to help digitalize election campaigning as part of a wider approach by the Democratic and Republican parties to capture, unify, analyze and act on data about US voters. The Campaign Sidekick app helps collate information from interactions that take place with voters during canvassing.
On February 12 2020, UpGuard found that the git directory on app.campaignsidekick.vote was publicly available online. The files were downloaded and discovered to contain some sensitive data, following which the analyst informed Campaign Sidekick of the breach. Following communication between the two organizations, the breach was secured on February 15 2020.
With extensive data analytics now used in election cycles, it is critical that political parties have the most rigorous cybersecurity techniques and practices in place to protect individuals’ data.
“Organizations need to understand the ease with which attackers can access sensitive data by exploiting vulnerable third parties. Political campaign staffs rely on a broad ecosystem of third parties to help them do business, and it only takes one mistake within a single app to expose sensitive voter data,” commented Kelly White, CEO, RiskRecon.
“Any organization involved in maintaining the integrity of elections – from campaign staffs to party officials to state and local election boards – needs to better understand the security practices of all parties in the data chain of custody and hold those parties accountable.”
There have been several high profile election data breaches in recent years, including leaked emails relating to Hillary Clinton’s campaign to run for Senate.
Chinese government plans to push through standardization of a new internet architecture could broaden the threat landscape, destabilize security and privacy, and fragment the world wide web, a new NATO report seen by Infosecurity will warn.
First proposed at the UN’s International Telecommunication Union (ITU) last September, the plans call for a replacement to the current TCP/IP model, dubbed “New IP.” They’re being led by Huawei, China’s state-run telcos and the government itself.
Published by the FT, the plans claimed that TCP/IP is broken, incapable of supporting IoT advances, space-terrestrial communications and other innovations coming down the line, such as holographic comms.
It also points to security vulnerabilities in the current model and claimed its “ubiquitous, universal and better protocolled system” would provide improved security and trust for the internet.
However, an upcoming report from Oxford Innovation Labs (Oxil) for NATO is extremely apprehensive of the plans. China is effectively “creating a perception of necessity” for its new model when in fact TCP/IP is far from completely broken — in fact, it has adapted consistently well to everything thrown at it over the years, it says.
Even worse, the New IP model for a decentralized internet infrastructure (DII) will undermine security and embed “fine-grained controls in the foundations of the network” — ultimately putting more control into the hands of the ISPs.
“New IP would centralize control over the network into the hands of telecoms operators, all of which are either state run or state-controlled in China,” the report authors told Infosecurity. “So, internet infrastructure would become an arm of the Chinese state.”
New IP also includes plans for an object identifier resolution system to replace the current Domain Name System (DNS), ostensibly to improve performance, stability, privacy and security. But Oxil claimed: “The use of alternate technologies for identification on the internet and the DNS would lead to less predictability in cyberspace and new questions around norms and governance.”
It also criticized the New IP plans for distributed ledger technology (DLT), which China claimed is necessary to counter overt centralization of internet architecture, in the hands of IANA, CAs and other bodies.
In the Chinese model, governments are likely to have control over the DLT, thus enabling mass surveillance, Oxil argued.
“It is not uncommon for language of ‘trust’ to replace ‘security’ in Chinese DII-related discussions. This is concerning because it indicates that the principle of ‘security by design’ – at least in the Western context – is not being adopted in DII’s development. In the long-term this could negatively impact cybersecurity globally,” the report claimed.
The plans are being pushed through at pace at an ITU level, with Oxil and other UN delegates alarmed at the speed such radical changes are being proposed, and the impact of global standardization of New IP.
It will “increase the threat landscape by introducing new security uncertainties across the stack” and provide authoritarian governments everywhere with a new model for controlling the populace, Oxil warned.
The fragmentation of the global internet into national, government-run “intranets,” will also undermine the predictability of cyberspace and NATO’s ability to protect and defend its networks, it continued.
“A proliferation of alternate internet technologies will increase the internet’s threat landscape, decrease predictability, and potentially destabilize existing and future norms for responsible state behavior in the online environment,” the report concluded.
Security researchers have discovered tens of millions of accounts from a third-party version of Telegram that were leaked online in another cloud misconfiguration.
Bob Diachenko and the Comparitech team found the exposed data on March 21. It had been posted to an Elasticsearch cluster, password-free, by a group called “Hunting system” in Farsi.
Although the cluster was deleted on March 25, a day after Diachenko informed the hosting provider, at least one user had apparently already posted it to a hacking forum.
That’s bad news, because the trove contained 42 million records from a third-party version of popular messaging app Telegram. They included user account IDs, phone numbers, names, and hashes and secret keys.
As Telegram has been banned in Iran since anti-government protests in 2018, the database could put users at risk of being singled out by the authorities as having something to hide.
Although the hashes and keys can’t be used to access accounts, third-party hackers could use the other information in financially motivated attacks, warned Comparitech.
“SIM swap attacks are one example. A SIM swap attack occurs when the attacker convinces a phone carrier to move a phone number to a new SIM card, allowing them to send and receive the victim’s SMS messages and phone calls. The attacker could then receive their one-time access verification codes, granting full access to app accounts and messages,” explained privacy advocate, Paul Bischoff.
“Affected users could also be at risk of targeted phishing or scams using the phone numbers in the database.”
This isn’t the first such privacy incident involving messaging users in the country. In 2016, hackers identified the user IDs, phone numbers and one-time verification codes of 15 million Telegram users after activation codes were likely intercepted by phone carriers.
Houseparty is offering $1m for evidence of a suspected smear campaign, after several reports emerged that multiple users had had other online accounts compromised via the video conferencing app.
The platform has become extremely popular over recent weeks as consumers flock online to socialize safely during a time of lockdowns and social distancing.
However, similar reports in UK tabloid media outlets on Monday pointed to social media “hysteria” over Houseparty users claiming that their use of the app had somehow led to other accounts being compromised.
These include PayPal, Spotify, Amazon, Netflix, Instagram and eBay.
“Anyone who’s using the #Houseparty app be super careful. My bank account was hacked today and it has been linked back to the app. Lots of other people are experiencing the same thing. I’d definitely recommend deleting it,” noted one user in a typical post on Twitter.
However, security experts have leaped to Houseparty’s defense, claiming there’s no evidence linking Houseparty to compromises of other accounts. If the stories are true, it’s more than likely that reused passwords are to blame.
Experts recommended users switch to two-factor authentication for log-ins across as many sites as they can, and to use a password manager.
As a result of the outcry, the video conferencing platform said it is now looking at whether these rumors were a coordinated attempt to defame the company.
“We are investigating indications that the recent hacking rumors were spread by a paid commercial smear campaign to harm Houseparty. We are offering a $1m bounty for the first individual to provide proof of such a campaign,” it said on Twitter.
“All Houseparty accounts are safe - the service is secure, has never been compromised, and doesn’t collect passwords for other sites.”
Users have also complained on social media that when they tried to delete the app it required them to re-enter their password, and then claimed it was incorrect.
Adverts and listings that capitalize on the COVID-19 outbreak are appearing on Instagram and Facebook despite being banned.
On March 6, Facebook and Instagram announced a temporary ban on ads and listings selling medical face masks on its marketplace. On March 19, Rob Leathern, head of trust and integrity for Facebook ads and business platform, extended the ban to include hand sanitizers, coronavirus testing kits, disinfecting wipes, and several other products.
Tenable's Satnam Narang has observed a growing number of adverts for COVID-19 essentials since the ban was issued.
"Despite the ban, advertisements continue to appear on Facebook and Instagram, some as recently as March 26," said Narang.
"I began observing an uptick in activity in my Instagram Feed on Friday, March 20. All of a sudden, every single sponsored post in my Instagram Feed had something to do with masks, whether it be N95 masks, surgical masks or face shields."
Advertisers have carefully moderated the language they use in their ads in a slippery attempt to get around the ban.
"Many of the advertisements don’t overtly reference COVID-19 or the novel coronavirus that causes it in their posts," said Narang. "They do, however, talk about protecting oneself from 'harmful particles' and how to 'stay protected at all times' while referencing N95 masks or harmful viruses and bacteria, implying a connection to COVID-19."
Narang observed carefully worded ads appearing in his Instagram feed and showing up in his Instagram stories. Some were native to Instagram, but others originated from Facebook advertisers, including duamaskcom and Plengoods.
Alongside Facebook pages and Instagram accounts created recently for the sole purpose of promoting COVID-19-related items like N95 masks, Narang observed opportunists compromising the accounts of existing pages in order to advertise their products.
"The Facebook Page for a Greek restaurant in Zimbabwe was compromised and used to push an advertisement for surgical masks to Instagram. The page does not appear to have been maintained since 2008," said Narang.
But the crappy behavior of the few has not caused Narang to lose his faith in humanity.
He told Infosecurity Magazine: "It’s certainly disheartening to see opportunists trying to profit from this crisis, but I’ve definitely seen a lot of kindness that gives me hope: People within communities volunteering to pick up groceries for the elderly, high-risk individuals creating blueprints to 3D print masks and other personal protective equipment, folks brokering deals to secure N95 masks for frontline workers, and retired medical professionals coming out of retirement to help out on the front line."
Narang urged users of these platforms to "help by reporting these ads using the built-in reporting functionality on social media services."
An American court has ordered injunctions against two telecom carriers that facilitated hundreds of millions of fraudulent robocalls to consumers in the United States.
The scam calls predominantly targeted elderly and vulnerable people, successfully conning victims out of personal information, money, and property. Many of the robocalls were made by fraudsters overseas impersonating government agencies and conveying alarming messages.
Victims were tricked into thinking that their assets were being frozen, their personal information had been compromised, or their benefits were about to be stopped.
In some calls, fraudsters impersonated employees at legitimate businesses, including Microsoft.
The injunctions, which relate to two separate civil actions, are the first of their kind to be obtained by the United States Justice Department. Both orders were issued by the US District Court for the Eastern District of New York, and both civil actions are pending.
The first injunction bars husband and wife Nicholas and Natasha Palumbo and two entities from operating as intermediate voice-over-internet-protocol (VoIP) carriers.
The Palumbos, of Scottsdale, Arizona, own and operate Ecommerce National LLC and SIP Retail, which do business as TollFreeDeals.com and sipretail.com, respectively. The couple are currently being investigated for what the District Court described as “widespread patterns of telecommunications fraud, intended to deprive call recipients in the Eastern District of New York and elsewhere of money and property.”
The court noted that though the Palumbos had been warned more than 100 times of specific instances of fraudulent calls' being transmitted through their network, they never severed their business relationship with any entity they learned was associated with fraudulent call traffic.
In the second matter, the court entered consent decrees that permanently bar New York resident John Kahen, aka Jon Kaen, and three entities—Global Voicecom Inc, Global Telecommunication Services Inc., and KAT Telecom Inc.—from operating as intermediate VoIP carriers conveying any telephone calls into the US telephone system.
“These massive robocall fraud schemes target telephones of residents across our country, many of whom are elderly or are otherwise potentially vulnerable to such schemes,” said Assistant Attorney General Jody Hunt of the Department of Justice’s Civil Division.
Carnegie Mellon University (CMU) has launched a cybersecurity-focused master's degree program.
The new program centers on building expertise in risk management, information security, and data privacy and aims to develop key skills in operations, strategy, and analysis.
To earn their master's degree, student teams will have to solve real security problems for a national capital area–based organization or government agency.
Instead of being created as a standalone course, the new program will exist as a security-focused track within CMU's established Master of Science in Information Technology (MSIT) program, taught at Heinz College of Information Systems and Public Policy in Washington, DC.
The MSIT: Information Security and Assurance (Cybersecurity-DC) program will be taught by leading security practitioners and researchers and experts from the CERT Division of CMU’s Software Engineering Institute (SEI).
Among the instructors already lined up for the program is retired Brigadier General Gregory J. Touhill, appointed by President Barack Obama as the first federal CISO of the United States government and currently serving as AppGate Federal Group's president.
"Cybersecurity-DC will create a robust pipeline of highly skilled mission-ready security professionals where it’s needed most—in the heart of the National Capital area region," said Touhill. "Federal agencies and private companies need creative leaders with the blend of skills we teach to better manage risk while defending their organizations and stakeholders against emerging threats."
The program will be delivered in a hybrid format that will see students complete the majority of coursework online. However, some in-person group sessions, seminars, and exams will take place at Heinz College’s DC campus.
"During these sessions, cohort members will have the opportunity to develop a tight-knit community and create lasting peer networks," said a spokesperson for CMU.
“We’re excited to offer this program, which is unique in the field,” said Andy Wasser, associate dean at Heinz College.
“Cybersecurity-DC brings together professionals to collaborate and form close bonds with their cohort. It effectively combines the convenience of online learning with our ethos of experiential learning and practical experience, which is crucial to success in the security context.”
The new program will commence in August 2020.
Security awareness training and simulated phishing provider KnowBe4 has announced that it has discovered a new type of phishing scam warning people that they’ve come into contact with a friend/colleague/family member who has been infected with the coronavirus and so are at risk of being infected themselves.
The email, which is crafted to appear as though it has come from a legitimate hospital, instructs users to download a malicious attachment and proceed immediately to the hospital.
The attachment contains hidden malware, KnowBe4 explained, with a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system and serve as a platform for a variety of criminal activities.
“This is a new type of malware that we’re seeing, as it was reported for the first time just a few days ago,” said Eric Howes, principal lab researcher, KnowBe4. “For the bad guys, this is a target-rich environment that preys on end-users’ fears and heightened emotions during this pandemic. Employees need to be extra cautious when it comes to any emails related to COVID-19 and they need to be trained and educated to expect them, accurately identify them and handle them safely.”
The latest discovery is yet another example of how cyber-criminals are seeking to exploit people through phishing emails during the COVID-19 pandemic.
The British government has launched a new rapid response unit to coordinate the fight against online misinformation about COVID-19.
Reports suggest that the unit, operating from within the Cabinet Office and Number 10, will help to deal with “false and misleading narratives about coronavirus.” These will include everything from phishing scams to fake ‘experts’ issuing false medical advice.
Culture secretary, Oliver Dowden, has claimed that fake news could cost lives.
“We need people to follow expert medical advice and stay at home, protect the NHS and save lives,” he’s quoted by the BBC as saying. “It is vital that this message hits home and that misinformation and disinformation which undermines it is knocked down quickly.”
As part of these efforts, the government is relaunching a campaign on misinformation called “Don’t Feed the Beast.”
Most social media companies have said they will work with governments to try and halt the spread of rumors online.
Earlier this month, Twitter said it was broadening its definition of online harm to include content that contradicts guidance from public health and other trusted bodies. However, it also admitted that increasing its reliance on automated systems may result in more mistakes as they lack the context that human moderators can bring.
Also earlier in March, the UK’s National Cyber Security Centre (NCSC) said it was removing malicious and phishing websites linked to the pandemic, as businesses and consumers continue to be exposed to credential theft, identity fraud, ransomware and more.
The National Crime Agency also last week released information for individuals and businesses on how to stay safe from fraud and other scams.
It’s claimed the new government rapid response unit is dealing with around 70 incidents of misinformation each week.
A leading insurance provider appears to have been targeted by a notorious ransomware group, which is threatening to release information stolen from the company if it doesn’t pay up.
Chubb Insurance, which offers cyber-policies as well as other types of protection, has become the latest company singled out by the Maze group.
Once organizations have been infected with Maze ransomware the group lists them on its dedicated ‘News’ site, which Infosecurity won't link to, where they are given notice that stolen records will be published unless the ransom is paid.
It’s a relatively new but increasingly popular tactic used by ransomware gangs to force payment even if the victim organization has backed-up.
The group claimed on its site that Chubb was “locked” at some point in March. It included the emails of the firm’s CEO, COO and vice-chairman as ‘evidence’ of its intent, although the insurer has claimed its systems remain untouched.
"We are currently investigating a computer security incident that may involve unauthorized access to data held by a third-party service provider. We are working with law enforcement and a leading cybersecurity firm as part of our investigation,” it said in a statement.
“We have no evidence that the incident affected Chubb’s network. Our network remains fully operational and we continue to service all policyholder needs, including claims. Securing the data entrusted to Chubb is a top priority for us. We will provide further information as appropriate.”
That said, security researchers have discovered unpatched vulnerabilities at the firm which could theoretically have provided a route to ransomware infection.
Bad Packets Report claimed last week to have found five exposed Citrix Netscaler servers, after scanning for the CVE-2019-19781 vulnerability.
The flaw in Citrix Application Delivery Controller (ADC) and Citrix Gateway could allow an unauthenticated attacker to perform arbitrary code execution. It’s already been linked to multiple ransomware attacks including one on a German car parts manufacturer.
Global online payment fraud losses are set to soar by more than 50% over the coming four years to exceed $25bn per year, according to a new report from Juniper Research.
The market analyst’s report, Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2020-2024, predicted a 52% growth in merchant losses to scams over the period.
The growing popularity of online shopping combined with the enhanced security of card-present transactions through the EMV initiative is helping to drive much more fraud into e-commerce, the analyst claimed.
This is despite the launch of Secure Customer Authentication (SCA) checks in Europe, although this initiative has been delayed several times. The new rules, part of the EU’s PSD2 banking regulation, will now come into force by December 31 2020 in Europe and March 2021 in the UK.
They mandate that certain transactions be subject to two-factor authentication in order to help lock fraudsters out. However, there are concerns that SCA might also create extra user friction which puts consumers off.
Juniper Research urged merchants to work closely with security vendors to design and implement extra authentication checks in shopping apps that minimize friction.
It also argued that e-commerce providers must take a more educational role, providing information to customers on the need for improved cybersecurity and changes to checkout processes, as well as details on some of the most popular scams.
The analyst claimed this was particularly important in China, which it said will account for 42% of e-commerce fraud by 2024.
“The explosion of e-commerce means that fraudsters have evolved their tactics, and so merchants must also evolve,” argued report co-author, Nick Maynard.
“E-commerce merchants must educate their users in anti-fraud best practice, as the human element is consistently the most vulnerable to exploitation in the online payments ecosystem”.
American domain registration companies are taking steps to combat coronavirus-related fraud.
Budget hosting provider Namecheap Inc. has halted automated registration of website names that reference the COVID-19 health crisis. The Los Angeles–based company's action comes after a surge in fraudulent websites seeking to profit from the pandemic.
Online scams proliferating from the coronavirus outbreak have included fraudulent charity websites, sites selling fake vaccines and cures, and infection-tracking sites that deliver malware.
In an email to customers sent on March 26, Namecheap CEO Richard Kirkendall said the company was removing terms such as “coronavirus,” “COVID,” and “vaccine” from the company's domain availability search tool.
While legitimate domains can still be registered manually by company employees, Kirkendall said that Namecheap was working with authorities to "proactively prevent and take down any fraudulent or abusive domains or websites related to COVID19 or the Coronavirus."
America's largest US domain registry business GoDaddy is also taking action against unscrupulous COVID-19 cyber-criminals. The Arizona firm said it has already taken down several fraudulent sites as part of its "human review process."
A GoDaddy spokesperson said: "We do not tolerate abuse on our platform and our Universal Terms of Service (UTOS) gives us broad discretion to act on complaints, and this includes COVID-19 abuse. To date, our teams have already investigated and removed COVID-19 fraud sites in response to reports, and our vigilance will continue long after the COVID-19 crisis comes to an end."
In neighboring Canada, Toronto firm Tucows Inc., which operates retail registration business Hover, is flagging all "covid" and "corona" domains for manual review. Company spokesperson Graeme Bunton said that the Tucows was on the lookout in particular for any sites peddling fake COVID-19 cures or tests.
Efforts by the companies to combat fraud come after New York Attorney General Letitia James wrote to the internet's largest domain registrars on March 20, asking for their help in tackling coronavirus-related fraud.
Letters were sent to GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance International Group (owner of Bluehost.com, Domain.com, and HostGator.com).
On Saturday, the US Department of Justice filed its first court action against a website operator accused of committing fraud to profit from the global COVID-19 pandemic.
The United States government is planning to relocate a family cemetery in Maryland to make way for a new cyber-defense facility.
Last week, a Maryland District Court judge granted the federal government the right to possess a cemetery that is located on the grounds of Fort George G. Meade. The 418-square-foot site, embraced by a chain-link fence, is currently the resting place of members of the Downs family.
In 1917, as World War I was raging, the Downs family saw their land transformed into a military base. Now it seems likely that the family's cemetery is to be taken over for the grave purpose of national defense.
Court filings indicate that two members of the Downs family are interred at the plot, both of whom enjoyed impressive longevity for their time. The first person to be buried there was Mary A. Downs, who lived from 1803 to 1875. The second individual to be laid to rest at the site was William Downs, who was born in 1790 and didn't shuffle off this mortal coil until 1883.
Should the Department of Defense's plan to obtain the cemetery succeed, the land will be used to build national security computing facilities. The DoD has said that it will move William and Mary's headstones to Bethel Cemetery, where their remains will be re-interred.
According to the Anne Arundel Genealogical Society, there is “a possibility that slaves owned by the Downs family were buried outside the fenced cemetery and a larger area was then cordoned off using orange construction fencing.” However, court filings state that an archaeological study of the area revealed no additional graves.
Downs family descendant Mike Myers has raised no objection to the department's plans to relocate his ancestors.
Annapolis resident Myers said: "My grandmother, she was into family history, so if she was alive it would have mattered to her. It really doesn’t matter to me one way or the other."
What is now Fort Meade was once the Downs family farm, built on land owned by the Downs family since before the Civil War. The farm became Camp Meade—a training base for US soldiers destined to fight overseas in World War I—in 1917.
Then in 1919, William T. Downs, along with dozens of local residents, sold his farm to the government so that Fort Meade could be built.