Tag Archives: campaign

Chinese, Iranian hackers targeted Trump and Biden campaigns

Google announced Thursday that state-sponsored Chinese and Iranian hackers targeted campaign staff of both Joe Biden and President Donald Trump in recent election attacks.

In a series of posts on Twitter, Shane Huntley, director of Google’s Threat Analysis Group (TAG), detailed the recent attempts by advanced persistent threat (APT) groups to compromise both presidential campaigns through phishing attacks, which he said were unsuccessful.

“Recently TAG saw China APT group targeting Biden campaign staff and Iran APT targeting Trump campaign staff with phishing. No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement,” Huntley wrote on Twitter.

In addition to confirming the attempted attacks, Huntley also attributed the activity to APT31, a Chinese hacking group also known as Zirconium, and APT35, Iranian hackers also known as Newscaster Team.  

A spokesperson from Google verified the hacking attempt in an email to SearchSecurity.

“We can confirm that our Threat Analysis Group recently saw phishing attempts from a Chinese group targeting the personal email accounts of Biden campaign staff and an Iranian group targeting the personal email accounts of Trump campaign staff. We didn’t see evidence that these attempts were successful. We sent the targeted users our standard government-backed attack warning and we referred this information to federal law enforcement. We encourage campaign staff to use extra protection for their work and personal emails, and we offer security resources such as our Advanced Protection Program and free security keys for qualifying campaigns.”

Phishing has been a major vector in previous election campaign attacks as well. For example, John Podesta, chairman of Hillary Clinton’s 2016 presidential campaign, fell victim to a phishing attack prior to the election.

An investigation by Atlanta-based cybersecurity firm SecureWorks Inc. uncovered a malicious link created with the Bitly URL-shortening service used by hackers to gain access to Podesta’s Gmail account. The Bitly account used to create the link was connected to a domain controlled by the Russian state-sponsored APT group known as Fancy Bear.

Go to Original Article

Racing against time, medical researchers, life science companies and COVID-19 survivors launch national campaign to drive blood plasma donation – Stories

“The Fight Is In Us” campaign seeks to mobilize COVID-19 survivors to accelerate the development of potentially lifesaving therapies

Editor’s note – May 26, 2020 – The list of participants below was updated following initial publication.

REDMOND, Wash., USA, and NEW YORK — May 26, 2020 — A coalition of world-leading medical and research institutions, blood centers, life science companies, technology companies, philanthropic organizations, and COVID-19 survivor groups has come together to support the rapid development of potential new therapies for patients with COVID-19. Working together under the “The Fight Is In Us” campaign, the coalition is seeking to mobilize tens of thousands of people in the United States who have recovered from COVID-19 to donate their blood plasma, which contains vital antibodies that have fought off the disease and could now help others do the same.

The campaign is working against two urgent timelines: to recruit COVID-19 survivors within two months of their recovery to ensure that their blood plasma contains a robust enough concentration of antibodies to have a positive effect, and to address the substantial seasonal increase in COVID-19 cases anticipated this fall in the Northern Hemisphere by the Centers for Disease Control and Prevention (CDC) and other public health experts.

“As an early survivor of COVID-19, I was desperate to do whatever was in my power to be a part of the solution. I started Survivor Corps to mobilize and connect the thousands of people affected by COVID-19 to support all ongoing scientific, medical and academic research, and this coalition is furthering our goal,” said Diana Berrent, founder of Survivor Corps. “Inside COVID-19 survivors is the antibody-rich blood plasma that may help stem the tide of this pandemic. The time is now for superhero volunteers to donate their blood plasma and to potentially help stop COVID-19 in its tracks.”

Individuals who have recovered from COVID-19, or know someone who has, can visit TheFightIsInUs.org to understand if they may be eligible to donate and find a nearby blood or plasma donor center using a simple self-screening tool. Donating blood plasma is a generally safe and proven process. The coalition offers more than 1,500 locations at which COVID-19 survivors can choose to donate. Donations can be made at both blood and plasma donor centers.

The coalition partners are working on two distinct approaches for treating COVID-19 that both urgently require collection of convalescent plasma now. One approach is the direct transfusion of blood plasma though the Expanded Access Program for convalescent plasma, which is currently being administered with authorization from the Food & Drug Administration by Mayo Clinic. Its safety and efficacy are currently being evaluated through multiple clinical trials in different populations. Blood donor centers throughout the country are currently collecting convalescent plasma from COVID-19 survivors for this purpose. The other approach is the development of a medicine known as a hyperimmune globulin (H-Ig), which is being manufactured now and will be studied in clinical trials this summer. Through the manufacturing process, the plasma is pooled, concentrated and purified, resulting in a vial of medicine with consistent levels of antibodies that is easy to store, distribute and administer to patients. Coalition members developing an H-Ig include the CoVIg-19 Plasma Alliance (CSL Behring, Takeda, ADMA Biologics, Biopharma Plasma, Biotest, BPL, GC Pharma, LFB, Octapharma and Sanquin) and Grifols.

About The Fight Is In Us

“The Fight Is In Us” is an initiative to maximize the individual and societal benefit of COVID-19 plasma. The campaign will focus on recruiting COVID-19 survivors to donate their plasma at licensed blood and plasma donor centers. The campaign will begin in the United States, and then expand to Europe.

This is a united effort bringing together several coalitions and organizations, including academic medical institutions (the National COVID-19 Convalescent Plasma Expanded Access Program led by Mayo Clinic and including Johns Hopkins University, Michigan State University and Washington University School of Medicine in St. Louis); plasma companies (Grifols and the CoVIg-19 Plasma Alliance including those announced at its inception — Biotest, BPL, CSL Behring, LFB, Octapharma, and Takeda — and new members ADMA Biologics, Biopharma Plasma, GC Pharma, and Sanquin); national blood center organizations (including the AABB, America’s Blood Center and Blood Centers of America); health benefits company Anthem Inc.; health care diagnostics company LabCorp; grassroots, survivor, and non-profit groups including Stop the Spread, Survivor Corps, and XPRIZE; and marketing and media support from the Ad Council. Ashfield Healthcare is providing contact center service to support COVID-19 survivors.

“The Fight Is In Us” is also supported by advisory and technology members. The Bill & Melinda Gates Foundation and the Lasker Foundation are providing advisory support. Microsoft is providing technology support for the recruitment website and self-qualification tool. The website and tool are hosted by the MITRE Corporation. MITRE is appreciative of the Microsoft AI for Health program for their support of MITRE’s hosting of the recruitment website and self-qualification tool in the Azure cloud. Uber Health is providing free, roundtrip Uber rides to and from donor the centers for those who are eligible to donate.

The combined efforts of these organizations will contribute specialist advisory expertise, technical guidance and additional support to potentially save more lives — together. But the coalition’s success depends on the urgent support of survivor donors around the world. Those who have recovered from COVID-19 can learn more about how to donate their strength and about the coalition partners at TheFightIsInUs.org.

For Media Inquiries:

Microsoft Media Relations
WE Communications for Microsoft
(425) 638-7777
[email protected]

About AABB

AABB is an international, not-for-profit association representing individuals and institutions involved in the fields of transfusion medicine and biotherapies. The Association is committed to improving health through the development and delivery of standards, accreditation and educational programs that focus on optimizing patient and donor care and safety. AABB membership includes physicians, nurses, scientists, researchers, administrators, medical technologists and other health care providers. AABB members are located in more than 80 countries and AABB accredits institutions in more than 50 countries. For more information, visit: www.aabb.org.

About Bio Products Laboratory (BPL)
Recognising the power of plasma and with over 60 years heritage in the industry, BPL supplies high-quality plasma derived medicines to meet the needs of clinicians, patients and customers globally.  Headquartered in the United Kingdom and with plasma collection centres across the United States, we are dedicated to producing medicines for the treatment of immune deficiencies, bleeding disorders and infectious diseases as well for critical care.  BPL invests in the latest R&D, technology and manufacturing methods, and continuously adapts to ensure that we continue to serve all our stakeholders effectively.  For more information visit http://www.bplgroup.com.

About the CoVIg-19 Plasma Alliance

In an effort to help fight against the COVID-19 pandemic, a new alliance was created in April 2020 to help develop a potential plasma-derived therapy for people at risk for serious complications from COVID-19.

The CoVIg-19 Plasma Alliance brings together world-leading plasma companies to work on the development of an investigational unbranded polyclonal anti-SARS-CoV-2 hyperimmune globulin medicine with the potential to treat patients who are at risk for serious complications from COVID-19.

The “I” and “g” in CoVIg-19 stand for immune globulin, which the CoVIg-19 Plasma Alliance will use to concentrate the antibodies into a potential medicine.

The Alliance, formed by CSL Behring and Takeda, also includes the leading-edge expertise of ADMA Biologics, Biopharma Plasma, Biotest, BPL, GC Pharma, LFB, Octapharma and Sanquin. The Bill & Melinda Gates Foundation is providing advisory support. Microsoft is providing technology including the Alliance website and the Plasma Bot for donor recruitment. Experts from the Alliance are collaborating across key aspects such as plasma collection, clinical trial development, and product manufacturing.

About CSL Behring
CSL Behring is a global biotherapeutics leader driven by its promise to save lives. Focused on serving patients’ needs by using the latest technologies, we develop and deliver innovative therapies that are used to treat coagulation disorders, primary immune deficiencies, hereditary angioedema, inherited respiratory disease, and neurological disorders. The company’s products are also used in cardiac surgery, burn treatment and to prevent hemolytic disease of the newborn. CSL Behring operates one of the world’s largest plasma collection networks, CSL Plasma. The parent company, CSL Limited (ASX:CSL;USOTC:CSLLY), headquartered in Melbourne, Australia, employs more than 26,000 people, and delivers its life-saving therapies to people in more than 70 countries. For more information, visit www.cslbehring.com and for inspiring stories about the promise of biotechnology, visit Vita www.cslbehring.com/Vita.

About Grifols

Grifols is a global healthcare company founded in Barcelona in 1909 committed to improving the health and well-being of people around the world. Its four divisions – Bioscience, Diagnostic, Hospital and Bio Supplies – develop, produce and market innovative solutions and services that are sold in more than 100 countries.

Pioneers in the plasma industry, Grifols operates a growing network of donation centers worldwide. It transforms collected plasma into essential medicines to treat chronic, rare and, at times, life-threatening conditions. As a recognized leader in transfusion medicine, Grifols also offers a comprehensive portfolio of solutions designed to enhance safety from donation to transfusion. In addition, the company supplies tools, information and services that enable hospitals, pharmacies and healthcare professionals to efficiently deliver expert medical care.

Grifols, with more than 24,000 employees in 30 countries and regions, is committed to a sustainable business model that sets the standard for continuous innovation, quality, safety and ethical leadership.

The company’s class A shares are listed on the Spanish Stock Exchange, where they are part of the Ibex-35 (MCE:GRF). Grifols non-voting class B shares are listed on the Mercado Continuo (MCE:GRF.P) and on the U.S. NASDAQ through ADRs (NASDAQ:GRFS).

For more information, please visit www.grifols.com.

About Mayo Clinic
Mayo Clinic is a nonprofit organization committed to innovation in clinical practice, education and research, and providing compassion, expertise and answers to everyone who needs healing. Visit the Mayo Clinic News Network for additional Mayo Clinic news and An Inside Look at Mayo Clinic for more information about Mayo.

About Octapharma
Headquartered in Lachen, Switzerland, Octapharma is one of the largest human protein manufacturers in the world, developing and producing human proteins from human plasma and human cell lines. Octapharma employs more than 10,000 people worldwide to support the treatment of patients in 118 countries with products across three therapeutic areas: Hematology; Immunotherapy and Critical care. Octapharma has seven R&D sites and six state-of-the-art manufacturing facilities in Austria, France, Germany, Mexico and Sweden, with a combined capacity of approximately 8 mil litres of plasma per annum. In addition, Octapharma operates more than 140 plasma donation centres across Europe and the US. For more information, visit www.octapharma.com.

About Survivor Corps

Survivor Corps is the largest grassroots movement in America dedicated to actively ending this pandemic. We are mobilizing all those affected by COVID-19 to support all ongoing scientific, medical and academic research to find a vaccine and a cure. We hope to get people back into their communities and back to work, all while fostering the spirit of unity and solidarity that is urgently needed during this time of crisis.

With every passing day, thousands of people across the country are being infected with COVID-19. The vast majority will survive and most will likely develop antibodies to the virus. The mysteries to this virus will be solved, in part, by individual donations to scientific research.

Survivor Corps is the epicenter of HOPE. For more information, visit www.survivorcorps.com.

About Takeda Pharmaceutical Company Limited

Takeda Pharmaceutical Company Limited (TSE:4502/NYSE:TAK) is a global, values-based, R&D-driven biopharmaceutical leader headquartered in Japan, committed to bringing Better Health and a Brighter Future to patients by translating science into highly-innovative medicines. Takeda focuses its R&D efforts on four therapeutic areas: Oncology, Rare Diseases, Neuroscience, and Gastroenterology (GI). We also make targeted R&D investments in Plasma-Derived Therapies and Vaccines. We are focusing on developing highly innovative medicines that contribute to making a difference in people’s lives by advancing the frontier of new treatment options and leveraging our enhanced collaborative R&D engine and capabilities to create a robust, modality-diverse pipeline. Our employees are committed to improving quality of life for patients and to working with our partners in health care in approximately 80 countries.

For more information, visit https://www.takeda.com.

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

# # #

Additional Quote Sheet will also be included in press package


“AABB is proud to support blood centers throughout the country that are collecting potentially lifesaving plasma from COVID-19 survivors. The blood banking community is an integral part of our health care system, and their heroism has truly been on display during this pandemic. Convalescent plasma can be a game-changing therapy for patients in need, and we are pleased to be part of a coalition that recognizes and supports the vital work blood centers do.” — Debra BenAvram, CEO of the American Association of Blood Banks (AABB)

Ad Council

“We are proud to join this critical campaign to educate and empower COVID-19 survivors to donate plasma to help save the lives of others. During this time of uncertainty, we know that this will be a powerful tool in the fight against COVID-19.” — Lisa Sherman, President and CEO of the Ad Council

America’s Blood Centers

“Community blood centers continue to be at the forefront of the nation’s efforts to collect convalescent plasma from individuals who have recovered from COVID-19. ABC member blood centers remain committed to ensuring the availability of convalescent plasma as a potential treatment for COVID-19 patients and are pleased to have the support of Microsoft and other partner organizations in expanding the collection of convalescent plasma throughout the U.S. Community blood centers will remain mobilized in assisting the nation’s COVID-19 response efforts.” — Kate Fry, Chief Executive Officer, America’s Blood Centers


“At Anthem, we recognize the importance of building a convalescent plasma biobank in the fight against COVID-19, and are proud to support the efforts to help COVID-19 survivors, patients and their caregivers. Joining the coalition and ‘The Fight Is In Us’ campaign expands on our partnership and leadership in collaborative efforts with community and healthcare organizations to lead through care, guide the recovery and help shape public-private solutions for the future of healthcare.” — Steve Friedhoff, Chief Clinical Officer, Anthem

Ashfield Healthcare

“Ashfield Healthcare is extremely proud to be part of this collaborative partnership in the fight against COVID-19. Patients are at the core of the healthcare services that we provide, and we’re passionate about leveraging our industry-leading contact center service to support COVID-19 survivors. We are committed to supporting the survivors who will be participating in this critical campaign to donate their plasma.” — Greg Flynn, Global President, Ashfield Healthcare

Bill & Melinda Gates Foundation

“Safe and effective treatments for COVID-19 are urgently needed, and convalescent plasma and hyperimmune globulin could play a key role in saving lives and protecting frontline responders from infection until vaccines are widely available. We’re excited that major academic research institutions and life science companies have joined forces to accelerate the development of potentially lifesaving products, and we’re incredibly grateful to COVID-19 survivors for their essential commitment to this fight.” — Trevor Mundel, President of Global Health, Bill & Melinda Gates Foundation

 CoVIg-19 Plasma Alliance 

“Partnership and collaboration are critical to the success of all the coalition development programs that rely on convalescent plasma donation. The more plasma we can collect, and the earlier we can collect it, will directly impact the speed and scale of our efforts. The growing and active involvement of leading public and private companies from outside the plasma industry, who support the drive for plasma donation, underscores the potential of convalescent plasma to fight this public health crisis. Together, we all share the same goal — to save lives by using the power of this scarce resource in different ways.” — Julie Kim, President of Plasma-Derived Therapies Business Unit, Takeda, and Co-Leader, CoVIg-19 Plasma Alliance

“During times of uncertainty, leaders must lead. The hyperimmune globulin therapy has the potential to be one of the earliest treatment options for COVID-19 and also can be scaled and distributed. We look forward to working with NIAID and health authorities to bring this therapy to patients as early as possible. One of the stated goals of the alliance is to be an effective partner for important institutions such as NIAID and also to help develop coherent regulatory strategies that can give global health authorities the confidence to streamline the approval process of hyperimmune globulin therapy for COVID-19.” — Bill Mezzanotte, Executive Vice President, Head of R&D, CSL Behring, and Co-Leader, CoVIg-19 Plasma Alliance


“The development of a hyperimmune globulin for treatment as well as pre- and post-exposure prophylaxis is not just a rapid response to the COVID-19 pandemic. In addition to its attributes as a readily available therapy, it can bridge the time necessary to develop a vaccine. The technology also forms the basis for rapid deployment of a therapy in response to future outbreaks of emerging viruses and other pathogens. ‘The Fight Is In Us’ provides the opportunity to harness biology’s natural solution to fighting disease.” — David Bell, Chief Innovation Officer, Grifols


“LabCorp continues to do everything it can to address the healthcare crisis through our leadership in diagnostics testing and drug development, and now through ‘The Fight is in Us.’ We have performed over 750,000 COVID-19 antibody tests, with the numbers accelerating quickly. We encourage patients who have tested positive for antibodies to consider donating plasma to help patients currently fighting COVID-19 and to protect others in the future.” — Dr. Brian Caveney, chief medical officer and president, LabCorp Diagnostics

Mayo Clinic

“It’s important to know that convalescent plasma is a biological product that has to be obtained from a specific set of patients who have recovered from COVID-19. It cannot be made in a lab. There’s no other source. That’s why reaching as many of these volunteers as possible is so essential.” — Michael Joyner, M.D., Anesthesiologist, Mayo Clinic, and Principal Investigator, Expanded Access Program (EAP) for convalescent plasma to fight COVID-19

“Mayo Clinic’s researchers are working around the clock to accelerate discoveries related to NB SARS-CoV2, the virus, and COVID-19, the disease. Successful outcomes have never been more urgently needed, and we continue to depend on the collaborative efforts of many across the nation and the globe to rapidly discover, translate and apply scientific advances.” — Gregory Gores, M.D., Kinney Executive Dean for Research, Mayo Clinic


“Microsoft has provided the technology infrastructure for a health bot that guides people through their eligibility as a plasma donor and directs them to the nearest donor center. Basically, we’re asking people who have survived COVID-19 to contribute to helping others do the same.” — Peter Lee, Corporate Vice President, AI and Research, Microsoft    

The MITRE Corporation

“We are privileged to serve as a trusted partner to host the website to spread the critical message on how recovered patients can help others in need. Building an army of donors to rapidly develop effective plasma-based treatments is an exemplar of the whole being greater than the sum of its parts.” — Rich Byrne, Senior Vice President, The MITRE Corporation

Uber Health

“There is a long road ahead in the fight against COVID-19, and we must continue to support those on the front lines and those working towards a potential treatment. We at Uber are committed to helping move what matters, and Uber Health is proud to donate rides to the Plasma Collection Coalition, eliminating transportation as a barrier to plasma donation for those who are eligible, and willing, to participate.” — Dan Trigub, Head of Uber Health

Go to Original Article
Author: Microsoft News Center

Microsoft faces hurdles in selling Teams to first-line workers

Microsoft has launched a public relations campaign to convince businesses that its Teams collaboration app is suitable for use by so-called first-line workers. At stake is a significant expansion of Teams into the lives of workers ranging from retail associates to housekeepers to factory hands.

Success will depend on how well the tech giant develops more industry-specific features and recruits additional hardware partners. Both are needed to drive  Microsoft Teams into first-line segments of the workforce, industry analysts said.

“We should not be impressed by a press release,” said Michael Finneran, principal at dBrn Associates Inc. “And at this point what they have is a press release.”

The capabilities Microsoft is adding to Teams are nothing new, Finneran said. The same kinds of features are already available to first-line workers today from established technology vendors like Motorola Solutions and Spectralink, as well as from numerous startups with apps for specific industries.

What’s more, Microsoft has so far discussed first-line workers in broad terms. But nurses, field technicians, and workers on the floor of a manufacturing plant have very different technology needs. The company won’t be taken seriously by many potential customers until it demonstrates an understanding of their industry.

Microsoft will also need hardware partners. Retail sales associates and warehouse workers typically use shared mobile devices with unique features and strict access controls. But many of Microsoft’s features for first-line workers seem to require businesses to let employees use personal smartphones at work.

Microsoft has only just begun to build that hardware ecosystem. Samsung announced this month it would launch a smartphone for first-line workers that will come pre-integrated with a new walkie-talkie feature in Teams. The device, the Galaxy XCover Pro, will launch sometime in the first half of 2020.

Similarly, Microsoft is still in the early stages of rolling out many of the features for first-line workers that its marketing department has hyped in blogs and press releases. 

Some of the newest features won’t launch for months or longer — and when they do hit the market, they’ll only be available in preview. Technology released in preview mode is in the early stages of development. Large organizations often have policies against using software before it passes beta testing.

For example, a walkie-talkie feature in Teams that drew headlines earlier this month won’t be available until mid-2020. Even then, it will only ship to select users in a private preview. Several other device-related Teams features will launch in a public showing. Those capabilities include SMS sign-in, shared device sign-out and a portal for managing devices.

Nevertheless, Microsoft could succeed in getting first-line workers to use Teams in the long run, analysts said. The company has billions of dollars to spend and already has a foot in the door with most enterprises in the world.

“Microsoft can get there if they want to, but they ain’t getting there without really putting their nose to the grindstone,” Finneran said.

Microsoft said in a statement that it has already made progress in getting companies with first-line workers to use Teams. The businesses include plumbing supply firm Ferguson and retailers Ikea and Mattress Firm.

“These are just a few of the companies on the leading edge of involving the first-line workforce in digital transformation,” Microsoft said. It did not provide details on how those companies’ employees were using Teams.

Microsoft’s broad software portfolio will give the company a leg up. Beyond Teams, Microsoft can offer customers a productivity suite, a customer relationship management app and platforms for e-commerce and internet of things (IoT) projects.

“Microsoft is just able to bring more of the pieces to the solution than a lot of its competitors,” said Rob Arnold, analyst at Frost & Sullivan.

And Microsoft has a clear financial incentive to follow through on its rhetoric.

So-called knowledge workers — the kind of desk-based employees who use software like Microsoft Office — represent only 15% to 25% of the U.S. workforce. Worldwide, the percentage falls to 10% to 15%, according to calculations by PKE Consulting LLC.

The rest of the workforce comprises service workers, like bank tellers, nurses, UPS drivers, waiters and maids.

Those kinds of workers haven’t used collaboration apps like Teams in the past. But Microsoft could significantly increase its market footprint if it convinces them to use Teams in the future, said Raúl Castañón-Martinez, analyst at 451 Research.

“I think they are definitely very serious about going after that segment,” he said.

Go to Original Article

A deep dive on SamSam ransomware

New insights into the notorious SamSam ransomware revealed just how successful the campaign has been since it first appeared in 2016.

According to new research from cybersecurity vendor Sophos Ltd., the SamSam ransomware has generated nearly $6 million in ransom payments from more than 200 organizations. The Sophos report details how the campaign operates differently than most traditional ransomware efforts, and it argues that a single threat actor is likely behind SamSam rather than a group of cybercriminals.

Why does the SamSam ransomware work so well? Why does the threat actor behind the campaign take a more manual approach to targeting and infecting victims? Will other cybercriminals take a page from SamSam’s increasingly sophisticated and effective playbook? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Malvertising campaign tied to legitimate online ad companies

Check Point Research uncovered an extensive malvertising campaign that has ties to legitimate online advertising companies.

Check Point’s report, titled “A Malvertising Campaign of Secrets and Lies,” detailed how a threat actor group used more than 10,000 compromised WordPress sites and multiple exploit kits to spread a variety of malware, including ransomware and banking Trojans. The group, which Check Point refers to as “Master134,” was responsible for a “well-planned” malvertising campaign that involved several online advertisement publishers, resellers and networks, including a company known as AdsTerra that Check Point claims was “powering the whole process.”

The technical aspects the Master134 campaign aren’t novel, according to Check Point. The threat actors used unpatched WordPress sites that were vulnerable to remote code execution attacks and then redirected traffic from those sites to pages run by ad networks, which in turn redirected users to a malicious domain that downloads malware to users’ systems.

Check Point researchers took a closer look at how traffic was directed to the malicious domains and found “an alarming partnership between a threat actor disguised as a publisher and several legitimate resellers.” According to the report, Master134 sells its traffic or “ad space” to the AdsTerra network, which then sells it to advertising resellers such as ExoClick, AdKernel, EvoLeads and AdventureFeeds.

The reseller then sells the Master134 traffic to their clients, but Check Point said its researchers discovered an odd pattern with the sales. “All the clients who bid on the traffic directed via AdsTerra, from Master134, happen to be threat actors, and among them some of the exploit kit land’s biggest players,” the report claimed.

Check Point Research speculated that threat actors operating these malicious domains and exploit kits pay Master134 for traffic or “victims,” which are supplied to them via a seemingly legitimate channel of ad networks. While the vendor didn’t accuse AdsTerra or the resellers of knowingly participating in the malvertising campaign, the report did say the ad networks would need to “turn a blind eye” for this scheme to be successful.

“[A]lthough we would like to believe that the resellers that purchase Master134’s ad space from AdsTerra are acting in good faith, unaware of Master134’s malicious intentions, an examination of the purchases from AdsTerra showed that somehow, space offered by Master134 always ended up in the hands of cyber criminals, and thus enables the infection chain to be completed,” the report stated.

SearchSecurity contacted AdsTerra, ExoClick, EvoLeads, AdventureFeeds and AdKernel for comment on the Check Point report.

AdKernel denied any involvement with the Master134 group or related threat actors. Judy Shapiro, chief strategy advisor, emailed a statement to SearchSecurity claiming the Check Point report is false and that AdKernel is an ad-serving technology provider, not an ad network or reseller. Shapiro also wrote that AdKernel did not own the malicious domains cited in the Check Point report, and that those domains were “owned by ad network clients of AdKernel.” The company, however, did not say who those clients were.

The other four companies had not responded at press time.

The Check Point Research report had strong words for the online advertising industry and its inability or unwillingness to prevent such malvertising campaigns from taking advantage of their networks.

“[W]hen legitimate online advertising companies are found at the heart of a scheme, connecting threat actors and enabling the distribution of malicious content worldwide, we can’t help but wonder — is the online advertising industry responsible for the public’s safety?” the report asked. “Indeed, how can we be certain that the advertisement we encounter while visiting legitimate websites are not meant to harm us?”

Stolen digital certificates used in Plead malware spread

Stolen digital certificates at the center of a new malware campaign made the malicious software appear safe before it stole user passwords.

An espionage group used stolen digital certificates to sign Plead backdoor malware and a password stealer component used in attacks in East Asia, according to Anton Cherepanov, senior malware researcher at ESET. The password stealer targeted Google Chrome, Mozilla Firefox and Internet Explorer browsers, as well as Microsoft Outlook.

Cherepanov determined the certificates were likely stolen because the malware code was signed with the “exact same certificate … used to sign non-malicious D-Link software.”

“Recently, the JPCERT published a thorough analysis of the Plead backdoor, which, according to Trend Micro, is used by the cyberespionage group BlackTech,” Cherepanov wrote in a blog post. “Along with the Plead samples signed with the D-Link certificate, ESET researchers have also identified samples signed using a certificate belonging to a Taiwanese security company named Changing Information Technology Inc. Despite the fact that the Changing Information Technology Inc. certificate was revoked on July ‎4, ‎2017, the BlackTech group is still using it to sign their malicious tools.”

ESET researchers contacted D-Link about the stolen digital certificates, and D-Link revoked the compromised certificate on July 3.

Cherepanov said this case was different from recent issues with compromised SSL certificates because the stolen digital certificates were used to sign malicious files, and “unlike SSL certificates, the code signing certificates can’t be obtained for free.”

“Misusing digital certificates is one of the many ways cybercriminals try to mask their malicious intentions — as the stolen certificates let malware appear like legitimate applications, the malware has a greater chance of sneaking past security measures without raising suspicion,” Cherepanov wrote via email. “This technique also helps attackers to circumvent native/built-in protective measures of the OS based on the validity of these certificates. Also noteworthy, certificates from a Taiwan-based company were stolen and misused by Stuxnet.”

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, said “there’s no doubt we’re going to see a lot more of these attacks in the future,” where machine identities and stolen digital certificates are being abused by malicious actors.

“Code signing certificates are a method to ensure the identity of the code developer. Ideally, they verify that the software has been published by a trusted company. They also double-check the software to ensure that it hasn’t degraded, become corrupted, or been tampered with,” Bocek wrote via email. “Because of the power of these certificates, if they fall into the wrong hands they can be the ultimate ‘keys to the kingdom’. Any attacker or developer with malicious intent can obtain a private key for code signing if they really want to. What deters most of them is that they have to register with the [certificate authority] to obtain one, which makes it much easier to identity them if they distribute malicious code. This is why there is a thriving black market for stolen code-signing certificates.”

Year in review: ‘Digital civility’ takes hold, 2018 to bring increased focus – Microsoft on the Issues

2017 was another significant year in online safety at Microsoft. We launched our campaign for “digital civility,” held our first teen council summit and joined forces with others across the globe to promote safer and healthier online interactions among all people. In 2018, we hope digital civility takes even firmer root, as we expand our research and broaden the impact of our findings.

Topics like online hate speech, extremist content, the proliferation of child sexual abuse imagery, and bullying and harassment continued to dominate the headlines – and we took additional steps to protect customers, advance dialogues and collaborate across interested groups on each of these issues.

Jacqueline Beauchere of Microsoft shakes the hand of Pope Francis at the first World Congress: Child Dignity
Jacqueline Beauchere of Microsoft shakes the hand of Pope Francis at the first World Congress: Child Dignity

We joined the Anti-Defamation League’s new Anti-Cyberhate Technology Solutions Lab; we teamed with Facebook, Twitter and YouTube to form the Global Internet Forum to Counter Terrorism, and we participated in the first World Congress on Child Dignity in the digital age, sponsored by the Centre for Child Protection at the Pontifical Gregorian University at the Vatican. We again took part in the International Bullying Prevention Association’s annual meeting with a new focus on research and algorithmic solutions to online abuse, and we helped to shape an upcoming global campaign to prevent bullying and to inspire courage and compassion in youth as they navigate the 21st century digital world.

Safer Internet Day launches Digital Civility Challenge

This list of online ills and potential pitfalls, among others, spurred us to create our campaign for digital civility: online interactions grounded in empathy, respect and kindness. We launched the campaign on Safer Internet Day 2017, including results of research in 14[1] countries about teens’ and adults’ exposure to 17 online risks. We compiled and announced our first international Digital Civility Index, as well as our Digital Civility Challenge that calls on people around the world to pledge on social media to adopt four basic tenets of online life:

  • Treat others as you would like to be treated
  • Respect differences
  • Pause before replying, and
  • Stand up for yourself and others.

Our hope all along was that a variety of internet stakeholders would value the concept of digital civility and be inspired to create their own projects, programs and initiatives grounded in the challenge principles – and we’re starting to see just that: more groups are referencing digital civility and the need for more respectful online interactions.

Council for Digital Good embraces digital civility

To reach young people on some of these ideas, we formed our inaugural Council for Digital Good made up of 15 teens from across the U.S.  Teen council members spent two days on our Redmond, Washington campus in August at our first council summit. On site, they produced individual written manifestos about acceptable online behavior, and followed with artistic and creative works to bring their written words to life. Here’s one artistic creation from Isabella, a 13-year-old from Washington state. Isabella’s painting was recommended to a competition by her school’s Parent-Teacher Association and could garner national attention. And, to think, it all started as a council project. (Note digital civility is front and center!)

Know the right thing, do the right thing

Looking ahead to 2018

Next year, again timed to Safer Internet Day, on Feb. 6, we’ll release even more research on digital civility. We polled teens and adults in the same 14 countries plus nine others[2], and we’re planning further engagements for our teen council, including another in-person event next summer – this time something more public so others can meet and interact with this impressive group of young people.

As we move into the new year, we realize our focus and work on these issues is still developing and is always evolving. We are making progress individually and collectively as we collaborate with others in industry and other sectors. Still, more stakeholders need to be involved, invested and committed to making internet experiences safer and healthier. A series of recommended smart practices for promoting digital civility was another component of our 2017 release that we hope to build on in 2018. Whether you’re a newer technology company, policymaker, educator, civil society leader or parent, there’s a role for you in making the web a more positive place.

We look forward to sharing more in February and throughout 2018. Until then, visit our website and resources page on the Microsoft YouthSpark Hub. For more regular news and information, “like” us on Facebook and follow us on Twitter. Happy 2018, and remember there’s still time to take the Digital Civility Challenge!

[1] Countries surveyed: Australia, Belgium, Brazil, Chile, China, France, Germany, India, Mexico, Russia, South Africa, Turkey, the United Kingdom and the United States.

[2] Additional countries surveyed in the 2018 research are: Argentina, Colombia, Hungary, Ireland, Italy, Japan, Malaysia, Peru and Vietnam.

Tags: digital civility