Welcome to the latest copy of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we analyze the wild world of security.

In a short span of just a few weeks, a bunch of major firms including Chubb, Cognizant, Toll, ExecuPharm, Fresenius, and CPC Corp. have all become victims of ransomware attacks.

What’s more, the coronavirus beginning has proven to be an accomplished befalling for abyss to target hospitals, schools, and local governments using acceptable email lures and other means.

“The communicable has likely raised added absorption for APT actors to gather advice accompanying to COVID-19,” the US Cybersecurity and Infrastructure Aegis Agency (CISA) said in an advising on Tuesday. “For example, actors may seek to obtain intelligence on civic and all-embracing healthcare policy, or access acute data on COVID-19-related research.”
, in a post last week, warned that
attackers had breached target networks for several months and were lying low in wait for the most appropriate time to deploy ransomware for quick banking gain.

In fact, cybersecurity aggregation Trustwave found that ransomware attacks have become the most common aegis incident, before acquittal card and banking data breaches for the first time. According to Coveware, a ransomware adventure acknowledgment firm, the boilerplate ransom acquittal now stands at $111,605.

Although ransomware groups have pledged not to attack healthcare providers during the pandemic, not everyone seems to be making good on that promise. The fact that the stakes are now higher has additional the affairs of a victim paying the ransom.

It’s worth noting that COVID-19 doesn’t appear to have spurred more ransomware attacks than usual. That could change soon though.

“Looking forward, we ahead encryption plus beat attacks to abide to become more popular,” Brett Callow, a threat analyst at aegis firm Emsisoft, told me.

“Like other businesses, bent enterprises adopt strategies that have been proven to work and, given the number of groups that now exfiltrate, it’s safe to assume the action is indeed working.”

What’s trending in security?

The author of the abominable Love Bug computer virus was tracked down, Xiaomi was found capturing users’ browsing history even in anonymous mode, and Indian telecom giant Jio apparent a database absolute coronavirus test resultswithout a password.

  • Investigative announcer Geoff White tracked down Onel de Guzman, the man behind the abominable Love Bug computer virus, to a mobile phone repair shop in Manila. De Guzman said he regretted autograph the virus, which turned 20 this week. [BBC]
  • Smartphone maker Xiaomi was found capturing millions of people’s web and phone use, including web browsing activityin anonymous mode, via its Mint Browser for Android. The aggregation has rolled out an update that adds a ambience to attenuate aggregated data accumulating while in clandestine mode. However, the option is not enabled by default. [TNW]
  • The UK, one of the few countries that has absitively to adopt a centralized access for its contact archetype app, explained how its system will work and why it needs access to area data. [The Register]
  • In order to make sure people apparent to the coronavirus are abject lockdown orders, Chinese authorities are installing aegis cameras aimed anon at residents’ doors — and, sometimes, even inside their homes. [CNN]


  • Kaspersky advisers abundant a targeted espionage campaign, called “PhantomLance,” via Play Store spyware apps, aimed at a few hundred users in Vietnam, Bangladesh, Indonesia, and India. PhantomLance’s hackers have been tied to OceanLotus (aka APT32), who are widely believed to be alive on behalf of the Vietnamese government. APT32 was also afresh complex in a spear phishing campaign targeting associates of the Wuhan government and Chinese Ministry of Emergency Management to aggregate intelligence on the COVID-19 crisis. [WIRED]
  • Baddies are taking advantage of a surge in movie piracy to infect abeyant victims with malware delivered via fake movie torrents, including movies like and . [CyberScoop]
  • Now, even Android phones are affected to ransomware attacks. “Black Rose Lucy” malware encrypts files and displays a ransom note asking for $500 while claiming to be from the FBI, accusing victims of autumn porn on the device. [Check Point Research]
  • Phone hacking firms such as Cellebrite and NSO Group are casting spy tools to governments to help trace people who may have come in acquaintance with addition tested absolute for the coronavirus. [Reuters]
  • Zoom and Microsoft Teams have become advantageous targets for cybercriminals. Not only are stolen Zoom accreditation being sold on the dark web, hackers are using fake Zoom installer software to spread malware and phish for accreditation via clever social engineering tricks. [IntSights / Abnormal Security]
  • An agent of Israeli surveillance vendor NSO Group used the company’s Pegasus spyware to target a love interest. [Motherboard]
  • The CISA appear handy assets to deeply telework from home. [CISA]


  • A new Android malware called “EventBot” abuses Android’s accessibility appearance to steal acute data from banking apps, read SMS messages, and even hijack SMS-based two-factor affidavit codes. [The Hacker News]
  • Nigerian cyber abyss complex in phishing email activities under the name SilverTerrier have launched at least 10 COVID-19 themed malware campaigns, bearing over 170 phishing emails to target governments, universities, and medical accessories across the US, the UK, Australia, Canada and Italy. [Unit 42]
  • reCAPTCHA, which is about used to verify human users before acceptance access to web content, is being abused by hackers to slip past email aegis barriers and trick biting people into administration their credentials. [Barracuda Networks]
  • Microsoft explained how it handles bugs in its software and casework using apparatus acquirements models. [Microsoft]
  • The fortnight in breaches and data leaks: NintendoGoDaddy, Tokopedia, CAM4, Unacademy, Lineage OS, Ghost, Australia’s Department of Home Affairs, and Facebook-backed Indian telecom giant Jio, which apparent a database absolute coronavirus test after-effects after a password.

Data point

Because, India’s COVID-19 contact-tracing app (called Aarogya Setu aka Health Bridge) makes use of GPS data that could let hackers define who letters a absolute diagnosis.

That’s it. See you all in two weeks. Stay safe!


Read next: Google’s Read Along offline app can help your kids learn to read better

Corona coverage

Read our daily advantage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.