Elite Hackers Are Using Coronavirus Emails to Set Traps

Credit to Author: Lily Hay Newman| Date: Sat, 14 Mar 2020 14:00:00 +0000

In a week dominated by news of the global Covid-19 pandemic, companies scrambled to find ways of securely supporting employees working from home. But the challenges are extensive, and in sectors like critical infrastructure and government defense, there's often no safe way for workers to be remote.

Meanwhile, President Donald Trump suggested (not for the first time!) on Tuesday that a wall at the southern border with Mexico would help stop the spread of the novel coronavirus into the US. This is not true for a number of reasons. And Washington state made a good case for vote-by-mail infrastructure when its Democratic primary went smoothly on Tuesday in spite of the region's major Covid-19 outbreak. The majority of voters send in their ballots rather than appearing at a polling place in person.

In other news, there were some small mercies in the security world this week as the certificate authority Let’s Encrypt engineered a massive course-correction after discovering a bug that could have broken millions of websites across the web. And researchers found that a staggering 83 percent of medical imaging devices run on operating systems that are too old to receive security patches from their developers—exposing the machines and healthcare networks more broadly to potential attack.

But wait, there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

Phishing scams have been taking advantage of fears about the spread of novel coronavirus to craft Covid-19-themed emails for weeks. Now, more sophisticated state sponsored hackers are getting in on the game. This week, the Chinese firm QiAnXin spotted Russian hackers—possibly affiliated with the groups Sandworm and Fancy Bear—sending phishing emails laced with malicious document attachments to Ukrainian targets. The emails, which claimed to come from Ukraine's Center for Public Health of the Ministry of Health, came amidst a larger disinformation campaign that stoked fear about the spread of Covid-19 in Ukraine and resulted in riots.

Meanwhile, the Vietnamese security firm VinCSS detected a high volume of novel coronavirus-related phishing emails over the last two weeks attributed to government hackers. The emails include a malicious attachment that purports to contain information about Covid-19 from the Vietnamese prime minister. Another campaign attributed to Chinese actors by researchers at Check Point targeted victims in Mongolia. North Korean hackers were also spotted targeting South Korea with phishing attacks at the end of February. The campaigns seemed to target government officials with malware-tainted documents.

As always, be vigilant for scams in times of stress and uncertainty. Here's how to spot a phishing attempt and keep yourself safe.

The world of digital ads often feels like a lawless free-for-all—and the story of Daniel Yomtobian’s empire of allegedly malicious Chrome extensions isn't helping the industry's image. Yomtobian is the Los Angeles-based founder and CEO of Advertise.com Inc, an ad network and marketing analytics firm. But an investigation by BuzzFeed News, conducted in conjunction with the cybersecurity firm White Ops and traffic analysis group DoubleVerify, charges that Yomtobian is behind a pernicious Chrome extension known as MyPDF, which Google repeatedly removed. In fact, the analysis appears to trace more than 60 malicious extensions back to Yomtobian. "To be clear, I and Advertise.com have never operated an 'ad fraud traffic scheme,'" he told BuzzFeed News. "We have never generated 'fraudulent traffic.'" The findings, though, paint a picture of the muddled digital ad ecosystem and its problematic incentives.

Comcast customers can pay a few dollars per month extra on their bills to keep their numbers unlisted. Last week, the company accidentally published the personal data of 200,000 customers—all of whom had specifically paid for extra privacy. The mistake exposed names, phone numbers, and addresses. The company has removed the data and is offering an $100 credit to each impacted individual. Comcast also says that customers can change their phone numbers for free, though that is typically no easy feat. Incredibly, this is not the first time Comcast has made this mistake. In 2012, the company did essentially the same thing and ended up paying a $33 million settlement.

The controversial facial recognition service Clearview AI, which aims to identify people using a database of photos taken from social media platforms and other websites, is being sued by Vermont's attorney general. The suit alleges that the company's bulk collection of online images for facial recognition is prohibited by the state's Consumer Protection Act and its data broker law. Clearview AI already faces numerous lawsuits after exposés by the New York Times and Buzzfeed. Tech companies including Google, Microsoft, and Twitter have also sent cease-and-desist letters to the company.

https://www.wired.com/category/security/feed/