Security Weekly News Episode 19 - 2020-03-17
News - COVID, HHS, Android Phones, Nintendo
Doug White's Content:
- US Government takes regulatory steps for blockchain technology adoption.
- The Senate votes to renew surveillance powers, delaying changes to the rules.
- But Surveillance may be expanded to follow suit from other countries fighting COVID-19.
- Looking for terrorists results in arrests of usual suspects.
- Dbags attack Health and Human Services during pandemic.
- HHS Website
- COVIDLock ransomware targets Android phones.
- Android Stalkerware can steal data, credentials, etc.
- Online Gaming pushes the limits of some platforms and Isaac Newton invents Calculus.
Jason Wood's Content:
I don’t think any listeners are too surprised at this news, but yes it indeed appears that attackers have decided to take advantage of people’s fears around COVID-19. As more and more people are finding themselves working from home for the first time and are feeling more isolated than normal, I suspect they will be hungry for more information about the pandemic. They may be more likely to open emails and provide data to web pages related to this topic than they normally would be. So here is some information to use in some timely security awareness information for your colleagues.
First, here is an article from BitDefender titled Phishing Email Aims to Trick Hospital Staff with ‘Coronavirus Seminar’. It details a campaign to steal credentials from healthcare workers by requiring employees to view training on Coronavirus. The email included threats of disciplinary action if employees did not view the training. While the email itself had spelling issues and the usual urgency of a phishing message, the topic is of enough concern that people responded. It worked well enough that a Czech hospital had to cancel surgeries and send patients to another hospital while they dealt with the ransomware attack. To make it worse, the hospital was one of the largest COVID-19 testing labs in the country. That is just grim.
I also some some tweets worth bringing up with stats about the increase in phishing. @ReyBango sent a message out earlier today that stated, “Please be extra careful opening any Coronavirus/COVID-19 related emails. There's a TON of phishing campaigns going on by miscreants capitalizing on the situation. " In response, @richsentme gave some statistics to support Rey’s observation. "I ran some numbers in our systems and I've seen a 900%+ increase over the past month in malicious emails with either coronavirus or COVID in the content/subject. Attackers are trying to capitalize." Attackers are busy at work trying to take advantage of the situation and no, they don’t care.
Not be left out are the nation states. Threatpost has an article that headlines with APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT. For those not familiar with APT 36 aka Mythic Leopard, they are a group associated with Pakistan and are actively targeting India’s defense, embassies, and other government entities. They are also using fake health advisories to lure in users into executing Crimson RAT on their systems, which allows the group to collect credentials, disable security products, take screenshots, etc.
Finally, this is obviously a warning to us in security as well. Like everyone else, we are concerned about our family members and ourselves. This is a very stressful time for everyone. However, we also need to be aware that our work may experience an increase in its operational tempo due to attacks. Take care of yourselves and your loved ones first. Then be make sure you are prepared to keep working (whether remotely or not) to detect and respond to attacks your organizations may experience.
Fullaudio - None
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweeklyLike us on Facebook: https://www.facebook.com/secweekly