CyberWire Daily - Ill-received pranks. SFO breach. Silicon Valley cooperates on contact tracking. COVID-19 disinformation and scams. Notes on ransomware and booter services.
Episode Date: April 13, 2020Vandals prank victims with security researchers’ names. San Francisco International discloses compromised networks. Google and Apple cooperate on contact tracking tech. Chinese disinformation campai...gns rely on ad purchases and social media amplification. Phishing attempts and other scams. Notes on ransomware. And police in the Netherlands take down some DDoS-for-hire services. Andrea Little Limbago on government created internet blackouts, guest is Herb Stapleton from the FBI on COVID-19 scams. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_13.html Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. With security researchers' names, San Francisco International discloses compromised networks,
Google and Apple cooperate on contact tracking tech,
Chinese disinformation campaigns rely on ad purchases and social media amplification,
phishing attempts and other scams, notes on ransomware,
and police in the Netherlands take down some DDoS for hire services.
for higher services.
From the CyberWire studios at DataTribe,
I'm Dave Bittner with your CyberWire summary for Monday, April 13th, 2020.
Scammers with an evident vendetta
against Sentinel-1's Vitaly Kremez
and MalwareHunter team
are distributing a wiper
effective against Windows systems.
Bleeping Computer calls it a nasty prank, but prank seems too weak here.
There's nothing in the report to suggest fun or whimsy or even forgivable bad judgment or poor taste.
The malware is an MBR locker, and Bleeping Computer thinks the wiper was created from tools
made available on YouTube and Discord.
Neither Sentinel-1, Cremez, or Malware Hunter Team have anything to do with the attacks.
San Francisco International Airport disclosed last week that two of its networks,
SFO Connect and SFO Construction, were compromised.
Users are advised to change their passwords.
That would be, for the most part,
airport employees and contractors. The attackers, Forbes writes, were apparently after Windows
device credentials. Turning to some of the ways in which the COVID-19 pandemic is affecting security,
two big Silicon Valley rivals are cooperating to enable contact tracking.
Apple and Google are engaged in a joint development of Bluetooth tracking functionality
that would notify mobile device users if they've been in proximity to someone
who's been infected with the coronavirus.
As the Wall Street Journal describes it,
the contact tracking system would be enabled by opt-in,
and both parties would have to opt-in.
It also depends upon self-reporting on the part of infected
individuals, which means that for the system to be effective, it would have to attract widespread
opt-in as well as inspire a willingness on users' parts to keep their status up to date.
There are, of course, concerns about the possibility of privacy abuses that could
follow in the train of public health measures. CNBC has a discussion of
how information sharing would need to be limited to avoid this. False positives are one problem,
as The Verge points out, but concerns about the implications of entrusting governments with such
tools have also arisen. The UK's National Health Service is closely involved with the joint Apple-
Google project, according to The Times,
and the NHS has also shown, as The Guardian reports,
a strong interest in deploying big data tools from Palantir and others against the pandemic.
Motherboard thinks it sees signs that lawful intercept brokers and NSO Group is named in dispatches here, see the increased government interest in tracking contacts as an opportunity
for increased market penetration. The Wall Street Journal has an overview of the shape,
scope, and probable objectives of the Chinese government's disinformation campaign concerning
the coronavirus pandemic. The effort's goals seem to be at least threefold. First, deflect any blame
for mishandling the epidemic away from
the Chinese government. This would include misleading accounts about the epidemic's
emergence and subsequent development, as well as disinformation about its recent progress.
Like, for example, the claim that none of Hubei province's 42,000 healthcare workers
were infected with COVID-19, a claim contradicted by earlier journal reporting.
The second objective is to fix any blame there might be for the emergence of the virus somewhere
else. That somewhere else has usually been the United States, China's principal international
rival. And third, there's a broader effort to portray China as a good international citizen,
a reliable and technologically
savvy provider of humanitarian aid. A contrast is generally drawn to the United States,
with the Americans depicted as the opposite, unreliable, inept, and unfeeling. This would
be a move toward displacing, where it can, the U.S. from exercising this kind of soft power.
The methods the Chinese services have adopted depend strongly on state-run media
gaining access to social media audiences through advertising,
with subsequent amplification in other social media posts.
Researchers at the Stanford Internet Observatory told the Wall Street Journal
that Beijing has purchased over 200 political ads on Facebook since the end of
2018. More than a third of those, however, were bought within the past two months, and those,
for the most part, focused on trying to shape global perception around China's handling of
the coronavirus outbreak. China's Facebook political advertising has drawn roughly 45
million views since February 15th, which in volume at least exceeds the reach that the Internet Research Agency
achieved around the U.S. 2016 elections.
The Internet Research Agency being, of course, the now notorious Russian troll farm.
Facebook said last October that it would label ads purchased by state media,
and Twitter says it's banned advertising by state media.
Chinese government operators, however, have proved able to run ads unlabeled on both platforms.
Two techniques are noteworthy.
There's a tendency to pick up casual posts along the lines of,
You know, I had a funny cold a couple months ago. Wonder if it was coronavirus.
These are amplified to suggest that the virus had its origins outside of China.
There's also a tendency to communicate by insinuation. So the claim that COVID-19 is
the product of a U.S. biowarp program is typically made not by assertion but by posing a question.
Was COVID-19 an American weapon? Inquiring minds want to know. Shouldn't this be investigated?
We're not saying
it's so, but it sure sounds suspicious. And so on. Such conspiracy mongering gains traction with
repetition. The intended audience is Southeast Asia, Eastern Europe, and Africa. Much of the
Chinese disinformation has been picked up opportunistically by Russian and Iranian services.
opportunistically by Russian and Iranian services. The U.S. FBI has been hard at work responding to the increased volume of malicious online activity that's followed the COVID-19 pandemic.
Herb Stapleton is Cyber Division Section Chief at the FBI. What we've seen so far is really
cyber actors exploiting the COVID-19 pandemic through a variety of malicious activities
and really targeting a wide range of entities in both the public and private sector.
So some of the things that we're most concerned about include some of the typical cyber schemes
that you would see or scams that you would see, but with a COVID-19 kind of pretext or flavor to them. So work from home kinds of scams, impersonation scams,
business email compromise, those kinds of things.
And the COVID-19 sort of theme comes in
when the malicious actors will sort of try to impersonate
maybe a government entity like the CDC
or a healthcare-related entity like
the World Health Organization to try to sort of trick people into believing that they're
getting either official information about the COVID-19 pandemic or entitled to some
type of medical treatment or something like that.
But basically, it turns out to be really a scheme designed to steal personal information or money or even to deploy malware onto somebody's devices or system.
Now, for the folks in our audience who are primarily cybersecurity professionals, what sort of actions can they take to assist the efforts that you all are making at the FBI to fight these sorts of things?
You know, I think among cybersecurity
professionals, a little added vigilance is appropriate. You know, some of the things that
we are concerned about are with the increase in telework, we also see an increase in people using
telework type software and applications, remote desktop type of applications, and those create added vulnerabilities.
So really being extra vigilant for potential exploitation of those types of legitimate
software tools, and also just making sure that the employees have an awareness of what could
be waiting out there. So, you know, software from untrusted sources, we worry about malicious actors
potentially using legitimate looking telework software that they might offer at a free or
reduced price that ultimately they would use to gain access to sensitive information or to send
phishing links that are predicated to look like some type of legitimate telework software tool.
some type of legitimate telework software tool. Now, in terms of reporting to you all there at your agency, is it the FBI's Internet Crime Complaint Center? Is that the best avenue to
send reports? So we try to provide, you know, multiple ways that the public and companies out
there can get in touch with the FBI. So the Internet Crime Complaint Center is certainly one of the best
avenues to report these types of internet fraud scams or even cyber suspected cyber intrusions.
We also encourage companies to contact our local FBI field office as well. If, you know, if they
have an immediate situation or need some immediate help, calling the FBI field office is also a great
way to get in touch with the FBI and get some assistance. That's Herb Stapleton from the Federal Bureau of Investigation.
Crunchbase reports that startups have been hit hard by the pandemic, with many of them forced
to lay off workers. Big Tech, however, is hiring, and they're looking in particular for cybersecurity
talent. Facebook alone, the Wall Street Journal reports,
plans to hire 10,000 people during 2020,
and the Silicon Valley Business Journal reports
that big tech is also taking some measures
to sustain their small business supply chain.
Phishing attacks and phone scams
continue to use COVID-19 fears as bait,
the South Florida Times reports,
and that's no surprise. Other
criminal activity concentrates on the newly expanded remote work attack surface, with Zoom
representing a favorite avenue of approach. Forbes says that Zoom-related threats have increased 2,000
percent since the pandemic began to force social distancing and telework. There's a thriving black
market in Zoom vulnerabilities as criminals race against the teleconferencing provider's efforts to upgrade its security.
Doppelpamer ransomware operators have released documents
belonging to Boeing, Lockheed Martin, and SpaceX.
Those three companies were not themselves directly infected with ransomware.
Rather, it was a subcontractor, Visser Precision, who suffered infection.
When Visser declined to pay the ransom, the register writes, the gang began releasing
stolen files. The incident illustrates two noteworthy trends, the convergence of ransomware
with data theft and the extent to which organizations are exposed to significant third-party risk.
Another ransomware operator, the gang behind Sodinokibi, says, according to Bleeping Computer,
that they'll abandon Bitcoin and adopt Monero as their currency of choice.
A Europol statement that Monero is impossible to track seems to have prompted the decision.
Finally, Hackreed reports that Dutch police have taken down 15 DDoS-for-hire services.
And in addition to knocking the booters offline, police in the Netherlands have made at least one arrest.
A 19-year-old man was arrested on charges related to a distributed denial-of-service attack,
knocking out two Dutch government websites for several hours on March 19th.
on March 19th.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges
faster with agents,
winning with purpose,
and showing the world what AI was meant to be.
Let's create the agent-first future together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now. We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,
and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And I'm pleased to be joined once again by Andrea Little-Limbago.
Andrea, it's always great to have you back.
I wanted to explore this notion that we're seeing more and more blackouts on the Internet,
why that's happening and what the implications of that are.
Can you give us some insights?
Sure. What is happening, and it's
really becoming a global phenomenon, is the use of governments of basically controlling either
sections of the internet within their country or countrywide blackouts. And it's in response to a
variety of both domestic and international issues. So a good example is Iran using internet blackouts
during protests to help try and prevent greater congregation amongst and communication from the protesters.
And so you see that going on there and that you see that in the attempts for various kinds of Internet blackouts across the globe for other kinds of protests.
But then you see in India, which is actually just ended one of the longest blackouts of a democracy.
I think it probably was the longest Internet blackout of a democracy in the Kashmir region.
And again, it's an area under historic instability,
historically remains a source of tension between Pakistan and India.
And so India leveraging what they could for control to again suppress any kind of communication,
access to information,
and just greater control over what's going on on the ground amongst the population.
And I think the case of India, I think, should be one that is particularly troubling
because it is within a democracy and because it went on for so long.
Because you can imagine how much of the economics depends on it,
how much of our lives depend on the internet for banking, for shopping, for ordering
a taxi.
It's so many different components.
And even in areas that aren't as deeply penetrated with the internet, there still is a huge reliance
on it.
And so it has an economic impact, has a social impact.
And really, at the end of the day, it's what the governments are using as one of their
many tools to try and control what may be going on on the ground.
Well, what sorts of workarounds are available to people?
You know, I think of in days past when there would be news blackouts,
you know, people could, you could put up a satellite dish and, you know,
get the BBC or something like that, you know.
So that was something that crossed borders.
Are there similar types of ways that folks can work around these blackouts?
Yeah, and this is where we're seeing some interesting innovation, I guess, from the people on the ground.
And it could be anything from leveraging more so Bluetooth.
There actually is an interesting case in Hong Kong of a Bluetooth app that allowed communications to occur.
And so you can see something along those lines.
In certain cases, they might be able to work around and move to different areas of the
country than to get VPN access.
And so there's sort of the combination of a technical and a physical real world combination
of innovations that they're trying to do.
And there are different cases of where people did go to like as far as close to a border
of another country to get access to their internet to then be able to try and communicate.
And so it just, you know, it's interesting to see.
But in many cases, you know, a lot of the folks don't have a solution and they are in
the dark, legitimately in the dark.
And so we will see what happens with it.
So in many cases, they're fairly short-lived.
And so, you know, the incentive
to try and figure out work, you know, a workaround for that isn't quite there yet. But other cases,
like the Indian case, you know, where it is so far-reaching and so impactful across the society.
I think in Hong Kong is another case with some of the protests where it really does spark
innovation on the ground to try and find a workaround. But again, it's one of those things that it's really, really hard
and you don't really truly realize how dependent you are on the internet
until it's a complete blackout.
Yeah, it strikes me that there must be some sort of balance there
because you don't want to necessarily tank the economy
because banking cannot be done, because commerce cannot be done.
I would imagine there's a lot of pushback there from your regular citizens who are just trying to get their business
done day to day. Yeah, no, exactly. You know, an interesting case that wasn't necessarily a
internet shutdown, but when Russia tried to block Telegram, they accidentally blocked,
and I can't remember, several dozen IP addresses that then ended up basically shutting down a range of grocery shopping, taxi services, research portals from the universities.
So basically had a huge economic impact across the country.
And that was just trying to stop one app.
And so you imagine what would happen in trying the entire Internet blackout.
It does have an economic effect.
happen in trying the entire internet blackout, you know, it does have an economic effect. And so,
again, I think as for governments, they are weighing the cost benefit of what may happen through it. And I think for the last few years, there have been at least a dozen different
internet blackouts just on the African continent alone. And those numbers keep, you know, keep
increasing. And so to date, it seems that the sort of the cost benefit analysis of it is very much so
in favor of doing the blackout for a short period of time, despite what some of the economic ramifications
might be. Hmm. All right. Well, Andrea, a little embargo. Thanks for joining us.
All right. Thank you.
Cyber threats are evolving every second and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly
and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your
company safe and compliant. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Vaughn, Tim Nodar,
Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell, Thanks for listening. We'll see you back here tomorrow. Thank you. into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.