Phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic, according to Barracuda Networks.
The security vendor observed just 137 incidents in January, rising to 1188 in February and 9116 so far in March. Around 2% of the 468,000 global email attacks detected by the firm were classified as COVID-19-themed.
As is usually the case, the attacks used widespread awareness of the subject to trick users into handing over their log-ins and financial information, and/or unwittingly downloading malware to their computers
Of the COVID-19 phishing attacks, 54% were classified as scams, 34% as brand impersonation attacks, 11% blackmail and 1% as business email compromise (BEC).
As well as the usual lures to click through for more information on the pandemic, some scammers are claiming to sell cures and/or face-masks, while others try to elicit investment in companies producing vaccines, or donations to fight the virus and provide support to victims.
“This is a new low for cyber-criminals, who are acting like piranha fish, cowardly attacking people on mass when they are at their most vulnerable,” argued MP Dean Russell, member of the Health and Social Care Select Committee. “It’s vital that the public remain vigilant against scam emails during this challenging time.”
Unfortunately, computer users are as exposed as ever to phishing scams like these, according to new research.
Security awareness training company KnowBe4 claimed that 38% of untrained end users are susceptible to phishing, i.e. they will fail realistic phishing scenarios. This is up by over 8% from 2019 figures.
The good news is that this average dropped 60% after 90 days of phishing training with real-world simulation exercises, the vendor claimed.
Household brand Tupperware has had several websites compromised by digital skimming code, potentially exposing a million monthly visitors, according to Malwarebytes.
The security vendor discovered a targeted attack aimed at the company’s main dot com site and several localized versions last week.
To harvest Tupperware customers’ card details, the hackers inserted a fake iframe in the site’s checkout page to mimic a real payment form. On further discovery it was found to be loading content from deskofhelp[.]com, a domain registered just days earlier, on March 9, buy a .ru email address.
The same domain is also hosted on a server alongside multiple phishing domains, explained director of threat intelligence, Jérôme Segura.
“The criminals devised their skimmer attack so that shoppers first enter their data into the rogue iframe and are then immediately shown an error, disguised as a session time-out,” he added.
“This allows the threat actors to reload the page with the legitimate payment form. Victims will enter their information a second time, but by then, the data theft has already happened.”
The fraudulent payment form itself was activated by malicious code hidden inside a PNG file, a technique known as steganography. It’s unclear exactly how Tupperware was first hacked to insert the malicious image, but Segura claimed it may have been running an outdated version of the Magento e-commerce platform.
However, the group behind the attack isn’t as polished as many others carrying out Magecart-like attacks. For one, they forgot to localize the iframe, so that on foreign language versions of the site, the fake payment page still appeared in English.
Segura claimed that digital skimming attacks are likely to be ramping up now as online orders come flooding in from shoppers kept at home by COVID-19.
Nearly half (46%) of UK firms reported suffering a security breach or cyber-attack over the past year, an increase on previous years, but they are getting better at recovering from and deflecting such blows, according to the government.
The annual Cyber Security Breaches Survey revealed an increase in the overall volume of businesses reporting incidents, up from 32%. The number of medium (68%) and large (75%) businesses reporting breaches or attacks also jumped, from 60% and 61% respectively.
This puts the 2020 report’s findings in line with the first government analysis in 2017, it claimed.
Of those businesses that reported incidents, more are experiencing these at least three times a week than in 2017 (32% versus 22%).
The government also claimed that organizations are experiencing more phishing attacks (from 72% to 86%) whilst fewer are seeing malware (from 33% to 16%) than three years ago.
However, the rise in incidents has been offset by stronger response and resilience, according to the report. Since 2017, the proportion of businesses listing any outcome from an incident has fallen by 19% and the proportion being negatively impacted has fallen by 18%.
Cybersecurity is also becoming more of a board-level issue: 80% of respondents said it’s a high priority for their senior management and 37% said they have board members with a security brief.
However, elsewhere there’s still some way to go: just 32% reported having cyber insurance, half (50%) have conducted audits in the past year, 15% have reviewed supply chain risk and only a quarter (27%) said they’d reported breaches to anyone beyond their IT/security providers.
The latter is particularly concerning given the strict reporting requirements of the GDPR.
Redscan CTO, Mark Nicholls, questioned whether malware is really on the wane, given new variants of fileless threats that are harder to detect, and pointed out another discrepancy in the report’s findings.
“The most concerning thing for me, is the significant number of organizations that have been targeted and aren’t aware of it. While a significant percentage of businesses identify multiple attacks each week, more than half say they haven’t had a single one in 12 months,” he argued.
“Being able to swiftly detect attacks is key to minimizing damage but many organizations still lack the appropriate controls and a deep awareness of what activity to look for.
RSA Security UK & Ireland regional director, Chris Miller, argued that supply chain risk assessments should be carried out through the lens of potential impact on business operations.
“First, you must identify the most important parts of your business and then focus on protecting them. Ask yourself: which data flows in and out of the business? Which suppliers have access to what corporate data? Where is my most critical data and who can access it?” he said.
“By taking this approach, you can align your security protocols so you know how much access to grant to, and how much trust to place, in your suppliers.”
IT professionals in Canada are joining forces to protect their country's vital services and critical infrastructure from cyber-threats.
The mission of the all-volunteer cyber-defense team will be to defend Canada's health-care providers, municipalities, and critical infrastructure from cyber-attacks launched amid the COVID-19 health crisis.
A volunteer recruitment effort led by the SecDev Group is calling on IT pros to lend a hand by providing preventative measures to thwart attackers. The group is also asking for assistance from volunteers who can offer remedial services that help organizations recover from cyber-attacks.
Rafal Rohozinski, principal and CEO of the SecDev Group, said that not only are cyber-criminals preying on vital organizations made vulnerable by the current coronavirus crisis, but they are also weaponizing public fear over COVID-19.
"Hackers are targeting hospitals and health care providers, preying on their distraction, fear and anxiety and their hope for a cure," said Rohozinski.
"Posing as public health officials from the World Health Organization, [the] Centers for Disease Control and UNICEF, cyber criminals are flooding hospitals, medical laboratories, vaccine testing facilities, municipalities and critical service providers with phishing emails, forcing some to shut down."
So far, twelve companies and associations have volunteered their services. Construction has begun on a secure online exchange service that can match volunteering tech professionals with agencies and institutions in need of cybersecurity help.
Volunteers will offer services such as cybersecurity training and advice to organizations free of charge.
Rohozinski described the group's formation as "both a patriotic and public service reflex" designed to support a deeply interconnected society.
"If the internet goes down, and in particular if critical institutions that we count on—like hospitals, like cities, like utilities—start to be ransomed or start to go down because of cyber malfeasance, we're all in a lot of trouble," said Rohozinski.
No cyber-attacks on Canadian hospitals or institutions have been reported since the COVID-19 health crisis began, but hospitals in Paris and the Czech Republic and a medical research company in Britain that is working on a COVID-19 vaccine have been targeted.
Rohozinski said the launch of the exchange website is expected to take place in the next few days.
The alleged leader of a sexual abuse ring run over the messaging app Telegram has been identified by South Korean officials.
Authorities took the unusual step of naming the man accused after a record five million South Koreans signed multiple petitions on the presidential office website asking for his identity to be made public.
Under the nickname "baksa," which means "doctor" in Korean, Cho Ju-bin allegedly ran an online network that blackmailed 58 women and 16 girls into sharing degrading and sometimes violent sexual digital images of themselves.
Users of the ring paid up to $1,200 in cryptocurrency to view the abusive images, which were allegedly uploaded by the 25-year-old.
The images were posted and viewed in sites known as Nth rooms. According to the news agency Yonhap, police said similar sites are used by more than 260,000 people.
The Korean National Police Agency has arrested 124 suspects in connection with the sexual abuse ring. Cho is one of 18 alleged operators of the ring who have been held in detention since September 2019.
Cho Ju-bin has been charged with violating the child protection act, the privacy act, and the sexual abuse act. He is further accused of abusive and threatening behavior and of coercion.
It is alleged that Cho trapped victims by initially approaching them with offers of part-time work, then paying them for nude photographs. Cho would then allegedly use the threat of exposing a victim's identity to blackmail her into performing sexual acts on video, including some involving violence.
Some victims were allegedly forced to carve the word "slave" into their bodies as proof that they were owned by Cho.
Speaking from outside a police station in the nation's capital Seoul on Wednesday, Cho Ju-bin did not confess to any crimes but told reporters that he had been driven to hurt people by forces outside of his control.
“I apologize to those who were hurt by me,” said Cho. "Thank you for ending the life of a demon that I couldn’t stop.”
Min Gap-ryong, the commissioner general of the Korean National Police Agency, said: "Through strict investigation, the police will entirely transform the social apathy to digital sex crime and strongly root out such crime from our society."
A Cincinnati freight brokerage company is facing a $5m lawsuit over a data breach that occurred last month.
Computer systems at Total Quality Logistics (TQL) were compromised in a cyber-attack that took place on February 23. Customer and carrier information was exposed after threat actors breached the company's online web portal.
Carrier data compromised in the attack included tax ID numbers, bank account numbers, and in some cases Social Security numbers. Breached customer data included email addresses, phone numbers, first and last names, and TQL customer ID numbers.
Now TQL is being sued by an unnamed trucking company owned by Charles Newman of Milwaukee County, Wisconsin. A complaint filed in the US District Court for the Southern District of Ohio alleges that TQL failed to "implement and maintain reasonable security measures over personally identifiable information."
The plaintiff accuses TQL of negligence and claims that the consequences of the data breach were dire and far-reaching.
"Had TQL taken the well-known risk of cyber-intrusion seriously and adequately tested, audited and invested in its IT systems, and adequately trained its staff," the lawsuit states, "the data breach would never have occurred."
The complaint alleges that as a result of the breach, hackers have accessed, "and in a growing number of cases" have used, compromised data to conduct fraudulent transactions. According to the lawsuit, "the full scope of the harm has yet to be realized."
Newman, who is represented by The Kerger Law Firm in Toledo, Ohio, is seeking to have the complaint certified as a class action, which would allow other motor carriers to join the lawsuit.
TQL is one of America's largest privately owned freight brokerage firms, moving over 1.8 million loads of freight across the US and Canada each year. The company has 57 sales offices and a vast network of over 85,000 carriers.
Four days after the breach occurred, TQL president Kerry Byrne sent a breach notification email out to carriers, including Newman.
According to Byrne's email, the attackers may have gained access to TQL's data via an "information/data phishing attempt."
TQL advised carriers to check whether their bank accounts had been compromised and recommended that each carrier take extra security measures, including setting up a fraud alert on their credit files.
Security researchers have described what they claim to be one of the most widespread threat campaigns from a Chinese APT group in recent years, exploiting Citrix and Zoho endpoints at scores of customer organizations.
FireEye explained in a new report that the state-sponsored APT41 group worked between January 20 and March 11 to target 75 customers with attacks on Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central products.
Although the group appeared to be working from a pre-selected group of targets, victim organizations ranged from a huge sweep of verticals, including telecommunications, manufacturing, healthcare, government, oil & gas, higher education, defense, industrial, pharmaceutical, finance, high-tech, petrochemical, transportation, construction, utilities, media, non-profit, legal, real estate, and travel.
Victims were located all over the globe, in the US, Canada, Switzerland, Philippines, Australia, UK, UAE, Finland, France, Malaysia, Denmark, Mexico, Qatar, Saudi Arabia, Sweden, Japan and Poland.
Their first target was Citrix ADC and Gateway devices exposed by the CVE-2019-19781 vulnerability. Although the CVE was only published on December 17 2019, it took the group less than a month to start exploiting it.
FireEye noted a lull in activity around the Chinese New Year holidays, and another drop off between February 2-19, which coincided with strict new Covid-19 quarantine measures in the country.
The group then went on to exploit a Cisco RV320 router at a telecoms firm on February 21, possibly using a Metasploit module combining CVE-2019-1653 and CVE-2019-1652.
APT41 was even quicker to exploit a new vulnerability (CVE-2020-10189) in the Zoho ManageEngine Desktop Central product. A PoC was published on March 5 and the group began attempting to exploit the CVE just three days later at over a dozen FireEye customers, resulting in the compromise of at least five of them.
The raids highlight the resourcefulness and agility of this particular APT group, said the vendor.
“While APT41 has previously conducted activity with an extensive initial entry, such as the trojanizing of Netsarang software, this scanning and exploitation has focused on a subset of our customers, and seems to reveal a high operational tempo and wide collection requirements for APT41,” it concluded.
“It is notable that we have only seen these exploitation attempts leverage publicly available malware such as Cobalt Strike and Meterpreter. While these backdoors are full featured, in previous incidents, APT41 has waited to deploy more advanced malware until they have fully understood where they were and carried out some initial reconnaissance.”
However, a FireEye spokesperson told Infosecurity that the motives for the campaign are still a mystery. APT41 is unusual in that previously it has been observed carrying out attacks for both traditional state-sponsored cyber-espionage and personal financial gain.
Security researchers are warning of a new Android banking Trojan that tricks users into handing over their card details in return for information on who’s infected with Covid-19 in their local area.
The Ginp Trojan is not entirely new; Kaspersky has observed campaigns before using the malware to trick users mainly in Spain into handing over their financial details. However, the naming convention of the new version hints that it’s now ready to go global.
This latest iteration opens a web page on the victim’s Android device after receiving a special command. This ‘Coronavirus Finder’ purports to show a map view detailing the number of people in the local area that have contracted the Covid-19 virus.
Using tried-and-tested social engineering techniques, it states how many people there are infected near the user and requests a small charge, just €0.75, to view the map.
“As you may remember, Ginp is a very capable banking Trojan that relies on a lot of different lures to make users input their credit card data into forms, so that it can steal it. If you guessed this web-page is just another form aimed at stealing data — you’ve guessed it right,” explained Kaspersky malware analyst, Alexander Eremin.
“Once you fill in your credit card data, it goes directly to the criminals … and nothing else happens. They don’t even charge you this small sum (and why would they, now that they have all the funds from the card at their command?). And of course, they don’t show you any information about people infected with Coronavirus near you, because they don’t have any.”
To keep the Trojan at bay, Eremin urged Android users to only download apps from the official Google Play marketplace, to use AV on their handsets and to not grant the accessibility permission to any apps that request it, other than AV apps.
General Electric (GE) has reported a breach of employee data which occurred via a third-party service provider.
The US corporate giant claimed in the filing with the Californian Office of the Attorney General (OAG) that it was notified about the incident on February 28 by Canon Business Process Services.
“Canon had determined that, between approximately February 3 - 14, 2020, an unauthorized party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries entitled to benefits that were maintained on Canon’s systems,” it said.
“Canon has indicated that the affected documents, which contained certain personal information, were uploaded by or for GE employees, former employees and beneficiaries entitled to benefits in connection with Canon’s workflow routing service.”
Documents including direct deposit forms, driver’s licenses, passports, birth, marriage and death certificates, and benefits application forms were exposed, potentially compromising names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, dates of birth, and more.
GE was at pains to point out that its own systems were not affected and said it’s both trying to work out how the unauthorized party gained access to the personal data, and is taking steps to ensure the same thing doesn’t happen again.
Canon is offering a free two-year membership of Experian IdentityWorks Credit 3B product to help those affected detect misuse of their personal information, which they must enrol in by the end of June.
This isn’t the first time GE has suffered a cybersecurity incident, albeit via its supply chain. A year ago the Department of Justice unsealed a complaint against a former GE engineer, Xiaoqing Zheng, which it accused of conspiring with Chinese government-funded companies to steal IP related to the firm’s gas and steam turbine technology.
The US Department of Defense has confirmed that a massive cloud-computing contract potentially worth $10bn will be awarded to a single contractor.
Rumors had circulated that the lucrative Joint Enterprise Defense Infrastructure (JEDI) contract might be jointly awarded to Microsoft Azure and Amazon Web Services. However, a Pentagon spokesman said this morning that the award would not be split.
In an email to news site Breaking Defense, public affairs officer Lt. Col. Robert Carver wrote: "DoD will not ‘split the award,’ as the requirement remains for a single award and the solicitation calls for a single award.”
Under the JEDI contract, the DoD would consolidate most of its more than 500 cloud contracts into a single general-purpose pathfinder contract. The planned change would allow the department to implement high-speed, AI-assisted Multi-Domain Operations and take advantage of emerging technologies.
The JEDI mega-contract was awarded to Microsoft on October 25, 2019. However, in February 2020, a federal judge in Washington ordered the company to halt all work on the project after rival contractor Amazon put forward a legal challenge over how the contract was awarded.
In the challenge, Amazon has suggested that a feud between the company's chief executive, Jeff Bezos, and American president Donald Trump resulted in Microsoft's winning the contract. Amazon had been considered a front-runner to receive the contract after building cloud services for the Central Intelligence Agency.
In a sealed opinion, Judge Patricia E. Campbell-Smith of the Court of Federal Claims ordered all work on the Joint Enterprise Defense Infrastructure project to cease until Amazon’s legal challenge was resolved.
Legal challenges have not been issued by other rival companies IBM, Oracle, and Google, which similarly lost out to Microsoft on this occasion. Google dropped out of the running for the contract in 2018, while Oracle and IBM were deemed not up to the challenge in early 2019.
Speaking after the JEDI contract was awarded to Microsoft, the Department of Defense said: “The acquisition process was conducted in accordance with applicable laws and regulations. All offerors were treated fairly and evaluated consistently with the solicitation’s stated evaluation criteria.”
An elite band of hackers is thought to be behind a digital break-in attempt at the World Health Organization.
WHO Chief Information Security Officer Flavio Aggio said that the attempted attack occurred earlier this month and had made use of a malicious domain. The assailants behind the bungled break-in are yet to be identified.
The hack was just one of a huge number of attempts made against the organization and its partners in recent weeks, according to Reuters. A senior agency official told the news site that since the outbreak of COVID-19, the number of cyber-attacks on the WHO has doubled as criminals attempt to take advantage of the crisis.
The WHO issued a warning last month that hackers had been mimicking the agency in an attempt to steal personal information and money from the public.
This latest unsuccessful break-in was discovered by cybersecurity expert and attorney for Blackstone Law Group Alexander Urbelis, who reported it to Reuters. Blackstone Law Group tracks the registration of suspicious domains from its office in New York.
Urbelis said: “I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic."
Urbelis detected a dodgy site which the WHO's Aggio confirmed had been used in an attempt to steal passwords from multiple staff members at the organization.
According to two anonymous sources approached by Reuters, responsibility for the attempted hack could lie with an advanced hacking group called DarkHotel. The threat group has been carrying out cyber-espionage for at least 13 years.
Digital forensic evidence collected by cybersecurity firms including Bitdefender and Kaspersky suggests that DarkHotel has operation based in East Asia. Organizations targeted by the threat group in the past have included government employees and business executives in China, North Korea, Japan, and the United States.
Other malicious sites detected by Urbelis include thousands of websites that seek to con victims out of their money and/or data by exploiting the current coronavirus outbreak.
Describing how many such coronavirus-inspired sites he encounters during the course of his working day, Urbelis said: “It’s still around 2,000 a day. I have never seen anything like this.”
Researchers at Malwarebytes have unearthed a website advertising fake anti-virus software it claims can protect people from contracting the real human virus COVID-19.
In what comes across as a bizarrely comic case of miscommunication, the site (antivirus-covid19[.]site) offers users the chance to "Download our AI Corona Antivirus for the best possible protection against the Corona COVID-19 virus."
The site's operators carefully chose an academic big hitter to endorse it. According to the website, the Corona Anti-virus was developed by "scientists from Harvard University" who "have been working on a special AI development to combat the virus using a Windows app."
To further authenticate their product's claims, the site's creators have included a meaningless graphic of three people standing around a circular raised platform while staring at some connecting balls suspended in mid-air. One of the figures points at a ball as though symbolically indicating the presence of a cure.
The Corona Anti-virus claimed: "your PC actively protects you against the Coronaviruses (Cov) while the app is running."
It's hard to imagine this ill-conceived ruse netting any victims whatsoever, but those who are persuaded to install the fake Corona Anti-virus will inadvertently infect their computer with malware.
Researchers found that criminals are using the malicious fake anti-virus software to distribute a BlackNet remote administration tool. Users who try to download Corona Anti-virus [antivirus-covid19[.]site/update.exe] will turn their PC into a bot that is ready to receive commands from a threat actor.
"The full source code for this toolkit was published on GitHub a month ago," said researchers. "Some of its features include deploying DDoS attacks, taking screenshots, stealing Firefox cookies, stealing saved passwords, implementing a key logger, executing scripts and stealing Bitcoin wallets."
Researchers reported the site to American web-infrastructure and website-security company CloudFlare.
"We informed CloudFlare, since the threat actors were abusing their service, and they took immediate action to flag this website as a phish," said researchers.
Attack tools designed to target industrial control systems (ICS) are becoming more widespread, raising risk levels for CISOs in affected sectors, according to FireEye.
The security vendor warned that while attacks on OT systems usually require a “high level of skill and expertise” on the part of the hackers, various publicly available tools and exploit modules, often released by white hat researchers, are “making it easier to bridge the knowledge gap.”
The majority analyzed by FireEye were network discovery (28%) and software exploitation (24%) tools, with most designed to be vendor agnostic, or developed to target products from the largest ICS OEMs like Siemens, which accounted for 60% of vendor-specific ICS tools.
Software exploit modules are particularly attractive to budding ICS attackers who may have lower skill levels, the firm claimed.
Developed to automate exploits for specific vulnerabilities, they’re added to legitimate exploit frameworks like Metasploit and Core Impact, or ICS-specific ones like Autosploit, Industrial Exploitation Framework (ICSSPLOIT), and the Industrial Security Exploitation Framework.
The freely available Metasploit framework, used by pen testers, was highlighted by FireEye as particularly useful for cyber-criminals.
Organizations should ensure they understand the scale of the threat to ICS platforms presented by abuse of such frameworks by hackers, FireEye concluded. That's because equipment vulnerable to exploits which use these known tools is “low-hanging fruit” for a range of attackers.
“Awareness about the proliferation of ICS cyber-operation tools should serve as an important risk indicator of the evolving threat landscape. These tools provide defenders with an opportunity to perform risk assessments in test environments and to leverage aggregated data to communicate and obtain support from company executives,” it said.
“Organizations that do not pay attention to available ICS cyber operation tools risk becoming low-hanging fruit for both sophisticated and unexperienced threat actors exploring new capabilities.”
Microsoft is warning that targeted attackers are exploiting two Windows zero-day vulnerabilities in the wild.
Issued on Monday, the security advisory flags two previously undisclosed remote code execution (RCE) bugs. The flaws exist in Microsoft Windows when “the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.”
The vulnerabilities are rated critical and are present in Windows 7-10 and Server 2008 to 2019.
“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially-crafted document or viewing it in the Windows Preview pane,” Microsoft explained.
“Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month.”
Until a patch is available, Microsoft is recommending customers disable the Preview Pane and Details Pane in Windows Explorer, which will mean OTF fonts are no longer automatically displayed.
Another workaround suggested in the security advisory is to disable the WebClient service, which will block what Microsoft described as the “most likely remote attack vector”: the Web Distributed Authoring and Versioning (WebDAV) client service.
However, doing so will mean WebDAV requests aren’t transmitted and any services depending on WebClient won’t start.
A third workaround is to rename ATMFD.DLL, although this doesn’t apply to Windows 10, which doesn’t run the DLL. If organizations decide to go down this path they should be aware that applications that rely on embedded font technology will not display properly.
Interpol has announced a global crackdown on counterfeit medical and pharmaceutical supplies following a surge in demand for items as the COVID-19 pandemic worsens.
The law enforcement organization claimed in an update over the weekend that the latest push in its long-running Operation Pangea strategy had already borne fruit.
It announced the seizure of 34,000 counterfeit surgical masks, as well as “corona spray,” “coronavirus packages” and “coronavirus medicine,” and the shut down of more than 2500 web pages advertising sale of such items.
The week of action, running from March 3-10, saw an 18% increase in seizures of unauthorized anti-viral medicine compared to Interpol's 2018 action week, and a 100% increase in seizures of unauthorized anti-malarial medicine chloroquine. Interpol said the increases were likely due to COVID-19 demand.
“Once again, Operation Pangea shows that criminals will stop at nothing to make a profit,” argued Interpol secretary general, Jürgen Stock. “The illicit trade in such counterfeit medical items during a public health crisis shows their total disregard for people’s wellbeing, or their lives.”
In total, global customs and regulatory authorities inspected 326,000 packages and seized 48,000. Alongside the COVID-19-related items, there were discoveries of large volumes of vitamins, erectile dysfunction pills, anti-cancer medication, hypnotic and sedative agents, anabolic steroids and more.
Interpol warned that often unauthorized versions of these either contain the wrong amount of active ingredient, or are genuine items but have been stolen and then improperly stored or have expired.
Europol, which took part in the operation, claimed 37 organized crime groups had been dismantled as part of the raids, €13m ($14m) in potentially dangerous pharmaceuticals seized, 121 arrests made, and a total of 4.4 million units seized.
The operation highlights the continued agility of criminal gangs in using current events to help increase illegal profits.
A third of UK businesses do not currently have the tech infrastructure to handle long-term remote working, according to new data commissioned by Leonne International and conducted by independent survey company Censuswide.
The concerning research comes at a time when large numbers of businesses have closed their offices and implemented mass working from home efforts as part of social distancing attempts to help slow the spread of the highly-infectious coronavirus (COVID-19).
The survey quizzed 200 senior business decision makers from large and medium-sized companies on the business impact of the COVID-19 crisis, discovering that 41% plan to increase their IT and tech investment in the coming weeks to cope with the new remote working structure.
Worryingly, 28% of respondents said they were actively planning to make redundancies to survive the crisis.
Tech expert Sridhar Iyengar, MD of Zoho Europe, said: “The COVID-19 crisis poses an existential threat to many businesses, with a significant number of companies completely unprepared for the sudden shift towards 100% remote working.
“With many businesses scrambling to introduce virtual meetings, manage projects online and provide essential daily briefings for employees, the tech industry has a moral obligation to step in and offer resources to help companies to adapt to this new way of working.”
Jonathan Young, CIO, FDM Group, a FTSE 250 company, added that whilst the sudden shift to complete remote working will be a shock for many companies, it’s vital to recognize that organizations can find ways to operate without a formal office space.
“Despite millions of workers remaining isolated at home for the foreseeable future and juggling family commitments, workers still want to get online and do their jobs as efficiently as possible. It’s critical that businesses leaders take action to address these demands, bringing together digital talent from across the business to ensure every member of staff has access to online support and systems to continue operating as normal.”
The fallout from the COVID-19 pandemic has seen numerous tech companies offer free products, services and advice to organizations to support them as they turn to long-term remote working strategies.
The US Department of Justice on Saturday filed its first court action against a website operator accused of committing fraud to profit from the global COVID-19 pandemic.
A temporary restraining order was filed in a federal court in Austin against the operator of coronavirusmedicalkit.com, who allegedly offered fake coronavirus vaccines for sale in a shameless attempt to cash in on a health crisis that has killed 15,430 people.
The website claimed to offer consumers access to COVID-19 vaccine kits approved by the World Health Organization in exchange for a shipping fee of $4.95. To gain access to the fake vaccine, users were required to enter their credit card information on the website.
The scam emerged as scientists around the world race to develop a vaccine for COVID-19.
An investigation of the website and its operators is now underway. Meanwhile, the federal court used a statute that permits federal courts to issue injunctions to prevent harm to potential victims of fraudulent schemes to shut the site down.
In response to a request from the Department of Justice, US District Judge Robert Pitman issued a temporary restraining order requiring that the registrar of the fraudulent website immediately take action to block public access to it.
The enforcement action follows US Attorney General William Barr's recent instructions for the department to prioritize the detection, investigation, and prosecution of illegal conduct related to the coronavirus health crisis.
“The Department of Justice will not tolerate criminal exploitation of this national emergency for personal gain,” said Assistant Attorney General Jody Hunt of the Department of Justice’s Civil Division.
“We will use every resource at the government’s disposal to act quickly to shut down these most despicable of scammers, whether they are defrauding consumers, committing identity theft, or delivering malware.”
Christopher Combs, special agent in charge of the FBI’s San Antonio Field Office, said scammers posed a dual threat to Americans who are "understandably desperate to find solutions to keep their families safe and healthy."
"Fraudsters who seek to profit from their fear and uncertainty, by selling bogus vaccines or cures, not only steal limited resources from our communities, they pose an even greater danger by spreading misinformation and creating confusion," said Combs.
A British communications company on a mission to "bring connectivity to everyone everywhere" successfully launched 34 new American-made satellites into space on March 21.
OneWeb's low-earth-orbit satellites were carried into space aboard a Soyuz launch vehicle that took off from Baikonur Cosmodrome, Kazakhstan. Saturday's launch—the third to be successfully completed by the company—brought the total number of active satellites being operated by OneWeb up to 74.
This latest space mission is part of OneWeb's plan to put 648 satellites into space to deliver high-speed, low-latency connectivity globally by 2021. The company launched its first batch of satellites in 2019 and its second batch just weeks ago, on February 7.
Adrian Steckel, CEO of OneWeb, said in February that the company was on track to deliver commercial services in the Arctic later this year. However, Bloomberg reported last week that OneWeb is encountering major financial difficulties and is considering filing for bankruptcy.
Bloomberg said that OneWeb, which has the backing of SoftBank Group Corp., is struggling to remain afloat due to high costs, stiff competition, uncertain regulation, and the economic effects of the COVID-19 outbreak.
OneWeb is headquartered in London but builds its satellites at a high-volume production factory in Florida, which as of Sunday evening had 1,007 confirmed cases of the novel coronavirus.
Word of OneWeb's possible bankruptcy filing came to Bloomberg from "people with knowledge of the [bankruptcy] preparations" who wished to remain anonymous.
Speaking after the satellite launch on Saturday, OneWeb's Steckel made no mention of any possible financial difficulties the company may be experiencing. Instead, the CEO emphasized the need for global connectivity amid the current health crisis, which has seen people around the world enter a state of self-isolation.
“In these unprecedented times following the global outbreak of COVID-19, people around the world find themselves trying to continue their lives and work online. We see the need for OneWeb, greater now more than ever before," said Steckel.
"High-quality connectivity is the lifeline to enabling people to work, continue their education, stay up to date on important healthcare information and stay meaningfully connected to one another. The crisis has demonstrated the imperative need for connectivity everywhere and has exposed urgent shortcomings in many organizations’ connectivity capabilities."
Law enforcement agencies in Virginia have created a new task force to deal specifically with the rising deluge of scams based around the COVID-19 outbreak.
The Virginia Coronavirus Task Force is a joint federal and state initiative led by assistant United States attorneys from both the Eastern and Western Districts of Virginia, in partnership with experienced fraud investigators from the Virginia State Police and the FBI.
“The FBI is fully committed to address criminal activity during this unprecedented time—especially cyber-crime,” said David Archey, special agent in charge of the FBI’s Richmond Division.
"We encourage the American public to continue being vigilant and take steps to protect themselves against those that may exploit the concerns surrounding COVID-19 as a means to steal your money."
Agent Archey advised the public to think before they click and to verify the authenticity of any information about the coronavirus pandemic that they glean via the internet.
"Consider these tips: Do not open attachments or click on links from senders you do not recognize; Verify the information being shared actually originates from a legitimate source; Do not share your logins, banking information or other personal information in response to an email; and only visit websites that you have manually typed their domains into your browser," said Archey.
Thomas Cullen, US attorney for the Western District of Virginia said the task force would do all in its power to punish "morally reprehensible" fraudsters exploiting the global health crisis.
“Federal prosecutors in Virginia are working closely with the FBI and the Virginia State Police to identify individuals who are engaging in coronavirus fraud, in its various forms, and preying on vulnerable populations," said Cullen.
"We are focused on the fraud, not the amount of the loss, and will utilize all available tools and statutes to put bad actors in federal prison."
Coronavirus scams currently doing the rounds involve bogus charities, fake medical and vaccine supplies, malicious virus tracking apps, investment scams touting fictitious cures, and price-gouging scams.
Americans in search of verified information on the COVID-19 outbreak are advised to visit the website usa.gov/coronavirus. Internet scams and other suspicious activities can be reported to the FBI's Internet Crime Complaint Center via the website ic3.gov.
Numerous LinkedIn users are claiming to work for established companies, with the companies often left powerless to act upon this problem.
According to a LinkedIn post by Andy Cuff, CEO and founder, Computer Network Defence Ltd, he has been alerted to at least seven profiles of people claiming to work for his company. He said in the post that 21 people were listed as working for the company, “of which seven are now imposters” and asked for suggestions regarding their possible intentions. “I've seen a recent upturn in LinkedIn members claiming to work for our company (CND), I'm not sure of their intentions but they don't seem to be farming connections (except one),” he said.
Speaking to Infosecurity, Cuff said that the profiles had been found by a member of his team, with one person falsely claiming to be working for CND “as a digital marketing executive in India.” Cuff said another member of his team said they had seen people claiming to work for him based in India, the Philippines and South America.
“As a business owner, you own the company page and can remove them, but what some companies were doing was if they had a bad falling out with an employee, they removed them so they had a gap in their career history,” he explained, saying that is why that option was removed by LinkedIn. “So the only way to sort it is to reach out.”
Cuff said that to block or report “is wholly ineffective” and the only way is to contact LinkedIn and ask them. “We are the oldest UK cybersecurity recruitment agency, and we rely on Linkedin,” he said. In one case with a person from South America, they claimed that they worked for CND in 2001, three years before the business was actually founded “and you couldn’t tell if the account was legitimate or not.”
He later published an update on March 14, saying that LinkedIn had passed it onto the relevant team, after he originally had “tried reporting them to LinkedIn with no effect.”
In a statement to Infosecurity, a LinkedIn spokesperson said: “Protecting our members and making sure that LinkedIn remains a safe, trusted and professional community is our number one priority. Fake accounts are not tolerated.
“At the end of last year, we published an expanded transparency report showing the steps we took to keep our platform and professional community safe. This included taking action on 21.6 million fake accounts, of which 19.5 million fake accounts – 95% – were prevented from being created at registration.
“We take a fake account report very seriously, and our team takes action on content and profiles that violate our Terms of Service and Professional Community Policies.”