The news at large this week has understandably focused on the new coronavirus that continues to spread throughout the world. It's slowly seeping into the world of cybersecurity as well, as hackers and scammers take advantage of confusion, anxiety, and lax work from home set-ups to stir up trouble.The need for information has spurred partnerships between encrypted messaging app WhatsApp and several governments; on Friday, the World Health Organization announced that it, too, would use the ubiquitous Facebook subsidiary to provide reliable, up-to-date information . The White House, meanwhile, has discussed using phone data to help track the spread of the novel coronavirus, but it's not clear how much good that would actually do.
For those who need a little good news this week—probably everyone?—Microsoft along with dozens of international partners recently dismantled the infamous Necurs botnet . And HBO managed to make a documentary about election security that actually makes you care about election security.Lastly, an organization called Shadowserver has helped keep the internet safe for the last 15 years. Unless it can raise a significant amount of money, fast, all the malicious traffic it has diverted and contained threatens to spill back into the internet .
This week, the Chinese firm QiAnXin spotted Russian hackers—possibly affiliated with the groups Sandworm and Fancy Bear —sending phishing emails laced with malicious document attachments to Ukrainian targets.Meanwhile, the Vietnamese security firm VinCSS detected a high volume of novel coronavirus-related phishing emails over the last two weeks attributed to government hackers.
But wait, there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.Ransomware Operators Pledge Not to Hit Hospitals for NowWell, this is... nice? It's definitely something. BleepingComputer reached out to the operators of multiple strains of ransomware, asking if they had plans to stop hitting hospitals during the coronavirus pandemic. Two of them actually wrote back to say yes, absolutely, they'll take it easy on the health care industry (except pharmaceutical companies) until the Covid-19 situation improves. Please take this with gigantic boulders of salt, especially given that ransomware attackers historically love to go after hospitals . And even if the proprietors of DoppelPaymer and Maze—the two who responded to BleepingComputer–do keep to their word, lots of prolific ransomware remains in play. In fact, hackers hit a Czech hospital earlier this week.
It Costs More Than Ever to Break Into an iPhoneGrayKey is a forensics tool used by law enforcement to access locked and encrypted iPhones. New documents unearthed by Motherboard this week show that the cost of licensing the online version of the tool has increased to $18,000 per year. Another forensics company, Cellebrite, announced last year that it could break into basically every iOS device . Just good to remember the next time the FBI says it has no choice but ask Apple to unlock an iPhone for them .
Credit Card-Skimming Hackers Play Cat and Mouse Game on NutriBullet SiteAround months ago, Magecart hackers placed malicious code on the NutriBullet website, letting them glean credit card info from online transactions. This part is pretty standard, Magecart affects thousands of domains big and small. But what's slightly different with this case is that every time the Magecart code got removed, the hackers would simply add it back, over and over, thanks to a deeper flaw in NutriBullet's infrastructure. The back and forth has gone on so long that security company RiskIQ went ahead and called NutriBullet out for not doing enough to solve the problem, in an attempt to save people from getting ripped off when they bought their fancy blender.
Health and Human Services Got Hit With a DDoSAfter some initial confusion about whether it had been hacked and if so how, it appears that the Department of Health and Human services experienced nothing more than a failed distributed denial of service attack at the beginning of the week. Nothing to see here, really; it's mostly worth noting for the reminder that everyone's understandably pretty on edge, even when it comes to some relatively routine scanning activity.WIRED is providing unlimited free access to stories about the coronavirus pandemic . Sign up for our Coronavirus Update to get the latest in your inbox.
More From WIRED on Covid-19
- Gear and tips to help you get through a pandemic
- The doctor who helped defeat smallpox explains what's coming
- Everything you need to know about coronavirus testing
- Don’t go down a coronavirus anxiety spiral
- How is the virus spread? (And other Covid-19 FAQs, answered)
- Read all of our coronavirus coverage here