Pete Recommends Weekly highlights on cyber security issues April 25, 2020

Subject: Over 500,000 Zoom Accounts Sold on the Dark Web and Hacker Forums
Source: MacRumors

Zoom has surged in popularity in recent weeks as the number of people working from home has increased, but concerns about the videoconferencing app’s security have also made the headlines. However, the availability of Zoom accounts on the dark web does not appear to be a direct consequence of the app’s failings.
Rather, the sale of the login details are said to be the result of “credential stuffing attacks,” where hackers attempt to log in to Zoom using accounts leaked in older data breaches.

Successful logins are then collated into lists and sold on or offered for free to other hackers, with the intention of using them in zoom-bombing pranks or for malicious reasons.

The accounts are reportedly being shared via text sharing sites as lists of email addresses and password combinations. The accounts can include a victim’s email address, password, personal meeting URL, and their HostKey.

Subject: Trump ‘LIBERATE’ tweets are hailed by far-right extremists: NBC
Source: Business Insider

  • Donald Trump’s “LIBERATE” tweets, denouncing the coronavirus lockdown in various US states, were criticized by the Gov. Jay Inslee of Washington for “fomenting domestic rebellion and spreading lies.”
  • The president tweeted support for the anti-lockdown protests in Michigan, Minnesota, and Virginia.
  • Far-right social media began to buzz with claims that Trump was signaling his support for the “boogaloo” – a term extremists use for a planned armed insurrection, NBC reported.
  • Experts on far-right networks have warned that extremists want to exploit the coronavirus crisis.

The tweets, from the president’s account on Friday, appeared to attack the coronavirus lockdown restrictions in three states: Michigan, Minnesota, and Virginia. Trump called on his millions of followers to “save your great 2nd Amendment. It is under siege!”

Subject: China is experiencing a gold rush for surgical masks — more than 38,000 companies registered in 2020 to make or trade face masks. But mask quality and scams are now issues.
Source: Business Insider via Yahoo

  • China is currently experiencing a boom of production for medical equipment, in particular masks. The price of basic surgical masks has increased from about 30 cents to 70 cents since the pandemic began.
  • Since the beginning of 2020, 38,000 new companies in China have registered to make or trade face masks. In all of 2019, there were 8,594 new companies.
  • But with more supply and demand, the quality of China’s exported masks has proven to be an issue, and scams have taken off, costing several individuals millions of dollars.
  • In a report from the South China Morning Post on April 17, the mask supply and demand boom was called a “wild feeding frenzy,” while the founder of a mask inspection company called it “the Wild West.”

The deluge of new companies, and the wild-west way of operating, has led to problems with quality. In late March, the Netherlands recalled 600,000 coronavirus face masks it imported from China after discovering they were faulty, Business Insider previously reported.

Subject: Chinese Agents Spread Messages That Sowed Virus Panic in U.S., Officials Say
Source: The New York Times

Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the condition of anonymity to publicly discuss intelligence matters. The amplification techniques are alarming to officials because the disinformation showed up as texts on many Americans’ cellphones, a tactic that several of the officials said they had not seen before.
That has spurred agencies to look at new ways in which China, Russia and other nations are using a range of platforms to spread disinformation during the pandemic, they said.

Two American officials stressed they did not believe Chinese operatives created the lockdown messages, but rather amplified existing ones. Those efforts enabled the messages to catch the attention of enough people that they then spread on their own, with little need for further work by foreign agents. The messages appeared to gain significant traction on Facebook as they were also proliferating through texts, according to an analysis by The New York Times.

The officials say the Chinese agents also appear to be using texts and encrypted messaging apps, including WhatsApp, as part of their campaigns. It is much harder for researchers and law enforcement officers to track disinformation spread through text messages and encrypted apps than on social media platforms.

“It is part of the playbook of spreading division,” said Senator Angus King, independent of Maine, adding that private individuals have identified some social media bots that helped promote the recent lockdown protests that some fringe conservative groups have nurtured.

Given the toxic information environment, foreign policy analysts are worried that the Trump administration may politicize intelligence work or make selective leaks to promote an anti-China narrative. Those concerns hover around the speculation over the origin of the virus. American officials in the past have selectively passed intelligence to reporters to shape the domestic political landscape; the most notable instance was under President George W. Bush in the run-up to the Iraq War.

Subject: Apple security flaw may let hackers infect iPhones using the Mail app
Source: Business Insider

  • Hackers may have discovered a way to infiltrate iPhones using Apple’s email software, according to cybersecurity firm ZecOps.
  • The flaw allows attackers to send a message containing malicious software that doesn’t need to be clicked on in order to infect a device, the researchers found.
  • The vulnerability specifically affects those who use Apple’s Mail app.
  • This flaw is the latest in a string of Apple security issues that have been discovered in the last year. A spokesperson for Apple did not immediately respond to Business Insider’s request for comment.

Subject: Zoom adds data center routing, security updates
Source: ZDNet

Furthermore, Zoom said it’s in the process of upgrading to the AES 256-bit GCM encryption standard, a more widely tested and trusted solution compared to the 256-AES ECB encryption scheme it has relied on to date. Zoom has also grouped its security features together in a new security icon in the meeting menu bar, and added a tool for meeting hosts to report abuse.Overall, Zoom’s 5.0 update is part of the company’s response to criticism from cybersecurity researchers that its platform was littered with privacy and security issues.

Zoom 5.0 is slated for release within the week, Zoom said. Adoption of the AES 256-bit GCM encryption standard is scheduled for system-wide account enablement on May 30.

Subject: Hackers tempt federal workers with free fast food in COVID-19 scams
Source: CNET

Cyberspies backed by foreign governments are using offers of free meals to trick US government workers into revealing login information, Google says. Hackers are finding every opportunity they can to exploit the coronavirus pandemic, even using the disease to promise free meals for government officials, Google detailed in a report Wednesday.

The tech giant said it’s been blocking 18 million malicious coronavirus emails every day, and that’s not including the 240 million spam emails related to the virus. Cybercriminals are not the only ones taking advantage of the pandemic. Google’s Threat Analysis Group said it’s found more than a dozen hacking groups backed by various governments that are using COVID-19 as a cover for tricking people into clicking malicious links.

The attacks differ from cyber criminal schemes in that government-backed hackers are often doing it for espionage purposes rather than financial gain. Google said it found one campaign that targeted US government employees by offering coupons and free meals from American fast food chains.

The scam involved COVID-19 messaging and directed victims to a website disguised as a page for arranging meal deliveries. The ploy was designed to steal government workers’ Google account login credentials, the tech giant said.

Subject: SIFMA asks U.S. SEC to intervene for brokers in CAT database fight
Source: Reuters

NEW YORK (Reuters) – U.S. brokers should not be forced to sign an agreement that could make them liable for breaches of a massive new industry trading database that they have no control over, a leading financial industry trade group told regulators on Wednesday.Brokers must soon begin sending sensitive information derived from their clients’ trades to a new database called the Consolidated Audit Trail (CAT) that the Securities and Exchange Commission tasked exchange operators and the Financial Industry Regulatory Authority (FINRA) with building and operating. But before they begin sending the information, the brokers must sign an agreement that limits the financial liability of the exchanges and FINRA, collectively called self-regulatory organizations (SROs), to $500 per reporting firm if there is a breach of that data.That puts the brokers on the hook for any security breaches of the database, which they have no control over, said Kenneth Bentsen, chief executive officer of the Securities Industry and Financial Markets Association (SIFMA), which represents banks, broker-dealers and asset managers.

“SIFMA’s guiding principle is ‘they who hold the data bear the liability,’” Bentsen said in a statement.

The CAT will allow regulators to track all trades from their inception, pinpointing buyers, sellers, exchanges and brokers involved, with one former SEC commissioner likening it to a Hubble Space Telescope for the securities markets.

Subject: New Government Technology Could Herald Our New Normal
Source: NextGov

This got me thinking about ways that we could perhaps get back to something akin to normal but in a safer way. And that led me to NextgenID, a company that is working on an access management and credential issuing machine that could be used to protect federal buildings without the need for person-to-person contact. I reached out to them, and they graciously let me take a hands-on (virtually of course) tour of their ID Capture Kiosk.

The kiosk looks like a little Star Wars robot and is designed for the issuing of HSPD-12 compliant credentials. It comes equipped with facial recognition, fingerprint readers, signature capture and voice recording. It’s compliant with Federal Information Processing Standard Publication (FIPS) 201-2 for personal identity verification, FIPS 140-2 for its crypto module and the NIST Special Publication 800-63A digital identity guidelines for enrollment and identity proofing.

Normally, when a federal employee or contractor needs to enroll or renew their Homeland Security Presidential Directive 12 (HSPD-12) identity credentials, they have to meet with an identity management official face-to-face and provide their biometric data. The kiosk eliminates that, placing the official on the screen while graphics and flashing LEDs on the kiosk help direct the person enrolling what to do.

Ironically, the system was designed before the coronavirus hit as a way to increase operational efficiency. It’s almost a happy accident that it could work so well in a post-virus world.

“While COVID-19 was not initially on our radar screen, it creates a use case that utilizes capabilities we designed into the system from the start,” said NextgenID Chief Operating Officer Dario Berini. “We are grateful that we have this capability and that it enables an extremely important federal system to continue to operate without putting operators and enrollees in close contact and potential danger.”

filed under

Subject: Coronavirus: YouTube bans ‘medically unsubstantiated’ content
Source: BBC via Yahoo

YouTube has banned any coronavirus-related content that directly contradicts World Health Organization (WHO) advice.The Google-owned service says it will remove anything it deems “medically unsubstantiated”. Chief executive Susan Wojcicki said the media giant wanted to stamp out “misinformation on the platform”. The move follows YouTube banning conspiracy theories falsely linking Covid-19 to 5G networks.

Mrs Wojcicki made the remarks on Wednesday during her first interview since the global coronavirus lockdown began. “So people saying, ‘Take vitamin C, take turmeric, we’ll cure you,’ those are the examples of things that would be a violation of our policy,” she told CNN. “Anything that would go against World Health Organization recommendations would be a violation of our policy.” Mrs Wojcicki added YouTube had seen a 75% increase in demand for news from “authoritative” sources.

Posted in: Cybercrime, Cybersecurity, Email Security, Employment Law, Health, KM, Privacy, Technology Trends