This Week In Security - 03/30/2020
International Cybersecurity Experts Unite Against COVID-19-themed Cyberthreats
Hundreds of volunteers with cybersecurity expertise have united to form the COVID-19 CTI League aimed at fighting cyberthreats relating to the COVID-19 pandemic.
The group includes members from 40 different countries and will be “working to combat hacks against medical facilities and other frontline responders to the pandemic”. COVID-19 CTI, which standards for Cyber Threat Intelligence, will also be attempting to shore up communication services and systems that those working from home are reliant on.
One of the COVID-19 CTI managers, Marc Rogers of the security company Okta, says the volume of threats is unlike anything he’s seen before, adding, “I am literally seeing phishing messages in every language known to man”.
Rogers revealed that the group had already “dismantled one campaign that used a software vulnerability to spread malicious software”, although he was reluctant to provide details. Rogers said the group would be hesitant about sharing any information about either the threats or the group’s actions, for fear of inspiring copycat threats.
Law enforcement agencies throughout the world have welcomed the collaboration which Rogers described as a “level of cooperation” never seen before, adding,“I hope it continues afterward because it’s a beautiful thing to see”.
Masks Not an Issue for Chinese Facial Recognition Software
The Chinese technology company, Hanwang, says it’s developed facial recognition software that can correctly identify masked individuals.
The company says, “its masked facial recognition program has reached 95 percent accuracy in lab tests, and… is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails”.
According to the chief technical officer for Hanwang, Huang Lei, said, “The problem of masked facial recognition is not new, but belongs to the family of facial recognition with occlusion”. In other words, it’s not dissimilar to the technology required to accurately identify people with beards or wearing a scarf over their face.
A study performed last year at the UK’s University of Bradford showed it was possible to “train a facial recognition program to accurately recognize half-faces by deleting parts of the photos they used to train the software”.
At present, Hanwang’s devices are only truly effective in “office settings with a database of up to 50,000 employee faces”. While the system uses photos from the Chinese police department’s identification card database, it is not capable of working on such a large scale yet, but who knows what the future may hold?
Healthcare and Ransomware Laid Bare
As a ransomware attack leaves Illinois public health district, Champaign-Urbana, battling to inform the public of the risks of COVID-19, the team behind Maze ransomware calls off healthcare attacks.
Earlier this month, the Champaign-Urbana health district experienced a severe ransomware attack that left its website reeling and its staff unable to access important health records. Staff resorted to Facebook to keep its public up to date.
In the meantime, in an unprecedented show of altruism, the Maze ransomware group promised to “stop all activity versus all kinds of medical organizations until the stabilization of the situation with the virus”.
The Maze group also promised “discounts” to its so-called “partners” who might consider themselves victims rather than partners.
Not all ransomware groups are as considerate and, last week, the second-biggest hospital in the Czech Republic ground to a halt after a cyberattack forced the University Hospital Brno to “shut down its IT network”.
As the hospital is one of the country’s main testing laboratories for COVID-19, there are also fears that the attack “may have disrupted its testing capabilities”.
Let’s hope more cybercrime consortiums follow the Maze group’s lead and leave crucial healthcare facilities around the world alone until the pandemic is over.
Zero-Day Attack Leaves Windows Users Vulnerable
Microsoft warns users to take precautions against attackers who are “actively exploiting a Windows zero-day vulnerability”.
The company announced that the attack involved two code-execution flaws that can be exploited “by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane”.
Users have been advised to disable both the preview and details pane in Windows Explorer, deactivate the WebClient service and either disable or rename the ATMFD.DLL component.
While these measures should keep you safe, tinkering with the ATMFD.DLL could, according to Microsoft, “cause display problems for applications that rely on embedded fonts and could cause some apps to stop working if they use OpenType fonts”.
At present, the attacks seem to be limited to a small number of targets “who work in a specific environment that’s of interest to the government sponsoring the hackers”, although Windows users at large could come under that as “awareness of the underlying vulnerabilities becomes more widespread”.
For the beleaguered tech company, this is the third time in weeks it’s had to patch a zero-day vulnerability and, while it is working on a solution, has admitted that “a patch may not be ready until April 14’s “’Patch Tuesday‘”.