cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Chinese weaponisation of Coronavirus data - Social Engineering

Hi All

 

It appears that once again we have a strategy from state sponsored sources, affecting the rest of the world.  So do you infect yourselves, get over it and then watch whilst the rest of the world shuts down and then launch cyber attacks whilst everyone else is suffering?

 

https://www.forbes.com/sites/zakdoffman/2020/03/12/chinese-hackers-weaponized-coronavirus-data-to-la...

 

If this is correct, we are definitely in a new era - social engineering has reached new heights.

 

Regards

 

Caute_cautim

8 Replies
Highlighted
Advocate III

Re: Chinese weaponisation of Coronavirus

@Caute_cautim and @Kaity 

If at all possible, please modify the Subject of this initial post.

I suggest Chinese weaponisation of Coronavirus Data

The linked article is about a disinformation campaign using the DATA ABOUT coronavirus  in an Information operation. However, the subject line appears to be about weaponizing the virus itself. This is an important distinction, because there are already rumors and speculation that the virus itself is a weaponized product that escaped from a development lab. 

A disinformation campaign is central to the work in cybersecurity and information security; concern over possible biological warfare is outside the scope of our profession.  

 

Thanks,

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html
Highlighted
Contributor III

Re: Chinese weaponisation of Coronavirus

The only tangent I can see COVID-19 and InfoSec would be the physical security side of things, not much else. Somewhere, someone has to occasionally touch a machine in a data center. HR and executive management can deal with the human side of effects of the virus. We can help prepare for the "zombie COVID-19 assault" or whatever next panic ensues by doing what we always do - prepare for the worst.

 

From a enormous but near empty office outside of Chicago.

 

- b/eads

Highlighted
Community Champion

Re: Chinese weaponisation of Coronavirus

@BeadsI simply cannot understand why Americans are queuing up for guns to purchase?  Given that New Zealand has the opposite laws with the recent Amnesty to hand them back for cash.   Given the current situation, won't this cause major chaos further down the line? 

 

Regards

 

Caute_cautim

Highlighted
Advocate III

Re: Chinese weaponisation of Coronavirus


@Caute_cautim wrote:

@BeadsI simply cannot understand why Americans are queuing up for guns to purchase?  Given that New Zealand has the opposite laws with the recent Amnesty to hand them back for cash.   Given the current situation, won't this cause major chaos further down the line? 

 

Regards

 

Caute_cautim


John,

The reports on gun purchases do not link to the virus itself. Rather, the reports were that Asians, particularly Chinese, in California were buying guns to protect themselves in case mob violence erupted blaming them for the virus. Sadly, we have seen unwarranted craziness in USA such as people avoiding Chinese restaurants out of fear of the virus.

 

No, this will not cause major chaos.

 

The use of guns for self defense in USA has a long and positive history. Those who choose to lawfully own guns for defense for the most part also take formal training on both the defense use and legal aspects of such use. 

The overall topic of firearms, self defense, and comparisons between the situations in USA, UK, Australia, and New Zealand is a hot button that can go south very quickly in an online forum. I recommend we close this thread for that reason.

If you would like to continue the discussion on a one to one basis, please e-mail me directly.

 

Sincerely,

 

Craig

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html
Highlighted
Community Champion

Re: Chinese weaponisation of Coronavirus

@CraginS   Understood, I agree.

 

Regards

 

Caute-cautim

Highlighted
Community Champion

Re: Chinese weaponisation of Coronavirus


@Beads wrote:

The only tangent I can see COVID-19 and InfoSec would be the physical security side of things, not much else. Somewhere, someone has to occasionally touch a machine in a data center.

I view the greater infosec implications coming from the forced changes in work locations resulting in dramatic changes to how corporate data is being accessed, where it it stored and how it is being protected.

 

For example,

  • most of our PCs are going home, where we are counting on personal "cable modem firewalls" instead of our enterprise firewalls as the first layer of defense.  All the sudden, our corporate AV is becoming even more important, yet our tools may not be prepared to push updates while off-site.
  • as utilization increases, we risk running out of mfa licenses, causing management to consider relaxing the mfa requirements, "until things settle down".
  • instead of storing data on corporate network shares, there is an increased interest in storing in the cloud. 
  • Instead of all laptops hairpinning their web browsing through the corporate firewalls, increased traffic overwhelms the corporate ISP link and forces one to implement split tunneling, again "till things settle down".
  • Budget get blown to h*ll becuase one needs to purchase more VPN client licenses and firewalls.
  • WSUS servers do not work on laptops that are "at home", but not "VPN connected", such as happens for people that are satisfied with using just office365.

And, due to the urgency of everything, there is no time to work out policy, exceptions, mitigating controls, etc.  We are being forced in to quick reactions, rather than well considered decisions.

Highlighted
Community Champion

Re: Chinese weaponisation of Coronavirus

@Beads   Interesting points, plus add to your list BYOD's, using personal computing systems, to communicate or bypass corporate controls, introduce ShadowIT and other avenues of malware and the like.

 

Plus move away from traditional VPNs towards Web Services via Port 443.

 

Regards

 

Caute_cautim

Highlighted
Contributor III

Re: Chinese weaponisation of Coronavirus

Fair question but a political statement not one based on InfoSec as I suggest.

 

Keep in mind America is a country born from war not agreement with a tyrannical government across the Atlantic so ingrained in our collective psyche that our founding fathers sought to enshrine our non-digital rights to protect ourselves from both enemies within and outside our borders. We are not an island but one of three countries on the same continent and have fought too many wars in defense of not only our homeland but on behalf of others as well. Not to discount the efforts of New Zealand, Australia and many others but our culture and our beliefs are no one but our own while those beliefs stay at home.

 

As an American I rarely comment on foreign governments or cultural issues outside of the US so I am equally dismayed by all the comments by non-US citizens about much the same but with little to any practical insight.

 

I see very little activity at the local gun shops or ranges nearby as I drove by yesterday afternoon. Most of us are working in quarantine and haven't seen an uptick in the number of stories concerning guns, people demanding to buy arms and ammunition in any feeds save Quora but Quora is so left leaning they want to report anything anti-gun, etc.

 

If memory serves there is an off topic area. Perhaps, in the future we could stick to more resilient InfoSec matters and save the politics for another board.

 

Take care and regards,

 

- b/eads