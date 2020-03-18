New Cases/Deaths

Nicaragua recorded its first case after a 40-year-old man tested positive. The individual had recently visited Panama.

El Salvador reported its first case after an individual, who had recently visited Italy, tested positive.

Fiji confirmed its case after a Fiji Airways flight attendant tested positive. The individual had recently visited the US and New Zealand.

Italy saw 475 new deaths, the biggest increase per day since the beginning of the outbreak. The country’s death toll is now at 2,978.

Wuhan and the Hubei province reported no new cases. The 34 new cases that were recorded over the last day were all individuals arriving from abroad.

Actions by Governments

Countries plan to track locations of individuals to minimise coronavirus spread

The United States, which is currently in discussions with Facebook and Google, is intending to use such measures to see whether individuals are practicing social distancing or to track the movement of infected individuals.

Israel’s Shin Bet plans to use technology originally implemented to keep track of the movement of Palestinian militants to monitor infected patients. However, a Supreme Court petition has been lodged against the measures, which were not put to the Knesset.

Hong Kong has made it mandatory for individuals entering the region to wear an ‘electronic wristband’ that connects to a smartphone to provide location-tracking services. This was implemented to ensure that individuals are observing quarantine requirements. According to the government’s CIO Victor Lam, the technology ‘does not pose privacy concerns’ and will only capture location changes.

US-Canada border to close to all non-essential travel

US President Donald Trump and Canadian PM Justin Trudeau have announced the new measure that will not affect cross-border trade. Details on the closure are yet to be released.

Transport for London to close up to 40 London Underground stations

TfL announced that they will partially shutdown the transport network as of Thursday morning. No night Underground services will be running, and bus services are to be significantly reduced. So far, nine Underground stations have been closed.

UK schools, colleges and nurseries to be shut from Friday

Schools will close indefinitely except to look after the children of key workers. More details are yet to be released, but exceptions will most likely include children of NHS staff, the police and food delivery drivers. This year’s academic exams have been cancelled in England and Wales, with Scotland and Northern Ireland yet to make a decision.

Actions by Companies

Google paused future updates for Chrome and Chrome OS to ensure their stability for those who depend on them while working from home. Security-related updates will be released for Chrome 80.

Greene King, UK’s largest pub retailer, notified its tenants that the collection of rent and the associated charges of insurance, licensing, and maintenance and service, will be delayed.

Kingfisher, owner of UK DIY retailer B&Q, is planning to discuss a shift to monthly rather than quarterly rental payments with landlords, in an effort to conserve cash during the pandemic.

Aviva, Standard Life and L&G have suspended property funds over property valuations. According to two independent valuation firms, it is currently impossible to accurately value property due to the economic uncertainty resulting from the pandemic.

Tesla is reducing the workforce at its California factory from 10,000 to 2,500 employees.

Qantas is standing down 20,000 of their workforce and suspending international flights.

Siemens Gamesa has closed a factory in Spain.

Airbus has halted production in France and Spain.

Yamaha has closed factories in France and Italy.

Canadian telecom firms Bell and Telus are closing their retail outlets until March 31st, 2020. Rogers is keeping 93 open for critical services.

Canadian Tire Corporation is closing many retail stores, and reducing the working hours of the remainder.

AT&T is closing 40% of its non-franchised stores, with the working hours of the remaining stores reduced. T-Mobile and Sprint are also taking the same action.

Greggs, the largest bakery in the UK, is closing all restaurant seating areas.

Zara has closed 3,785 stores across the globe, and has closed all stores in Spain.

Burberry is closing 40% of their stores, after experiencing a 70-80% decline in sales.

Ryanair is to ground nearly all of their fleet, and will only operate a small number of flights between the UK and Ireland.

Private companies in talks to produce ventilators

General Motors and Ford Motor are reportedly in talks with White House officials to begin repurposing their production lines to produce ventilators. Elon Musk has stated, via tweet, that Tesla will repurpose a factory to also help produce them. This follows appeals to donate respirator masks, following a shortage in the United States.

Geopolitics

US & Taiwan pledge to improve bilateral cooperation

The American Institute in Taiwan (AIT) has issued a joint statement with Taiwan’s foreign ministry to address COVID-19. To combat the virus, both sides will strengthen ‘consultation and cooperation on combatting the COVID-19 virus, which originated in Wuhan’. The sharing of best practices and cooperation will extend to research and development of vaccines, testing and other medicines, in addition to conferences and the exchange of equipment. The AIT is the de facto US Embassy in Taiwan.

Cuba allows stranded British cruise ship to dock

The MS Braemer had at least five confirmed cases and 52 passengers displaying symptoms of infection when it was denied a berth in the Bahamas and in Carribean ports. While ‘obstacles’ prevented US officials from allowing the ship to dock on American soil, Cuban authorities accepted a request from the British Foreign Office and allocated it a berth. The cruise ship had over 600 mainly British passengers aboard, and no Cuban nationals.

Boris Johnson under pressure to push back Brexit deadline

The Prime Minister has refused to state whether the UK will extend the Brexit transition period that begins in December 2020, noting that ‘there’s legislation in place that I have no intention of changing’. The EU would accept a request for an extension to the negotiation process – one which has been assigned a deadline considered restrictive even before COVID-19 appeared in Europe.

WHO officials warn Donald Trump against using ‘Chinese virus’ terminology

Dr. Mike Ryan, executive director of the WHO’s emergencies program, has stated that using ‘Chinese virus’ to refer to COVID-19 could lead to racial profiling and is unnecessary, given that viruses are borderless and indiscriminate in infecting individuals. The WHO has deliberately given the virus a generic name to avoid stigmatizing any group or country. Donald Trump has noted that his usage of the term refers to its origin.

Leaked report states pro-Kremlin media are pushing COVID-19 disinformation

Pro-Kremlin media sources have spread disinformation in order to aggravate the western public health crisis, according to a leaked report authored by the European Union’s diplomatic service. Disinformation samples from Russian sources characterise COVID-19 as a biological weapon created by the UK, US or China, as a hoax, or as being spread by migrants.

Response to coronavirus may reshape international leadership

The contrast between the responses of the United States and China to the outbreak of COVID-19 may negatively affect the former’s leadership role in global politics, according to directors from the Asia Group and Brookings. Despite Beijing’s initial failure to contain the outbreak, its subsequent actions, including the provisioning of testing equipment to Italy, Iran and Serbia, stand in sharp contrast to ‘American disarray’. The United States must therefore work to coordinate a global response to COVID-19, in addition to focusing on efforts at home, if the country is to restore faith in US leadership.

Drugs & Vaccines

China-based biotech enters Phase I vaccine trials

CanSino Biologics, also known as CanSinoBIO, has begun testing their vaccine candidate Ad5-nCoV. The response from animal studies indicates a ‘strong immune response, and a good safety profile’.

J&J aim to start human vaccine trials

Paul Stoffels, Chief Scientific Officer at Johnson & Johnson, has said that the company will begin human trials in early November 2020, with a potential candidate vaccine being selected by the end of March 2020.

Blood thinner testing by Japanese researchers

Nafamostat, a blood thinner that is typically used to treat kidney disease and pancreatitis, has been identified as a ‘potential therapy’ for those with the disease. Clinical trials are set to begin within four weeks.

Cybersecurity Impact

US authorities brace themselves for coronavirus-themed cyberattacks

US Attorney Scott Brady stated that authorities in the US are trying to prepare their partners and the public for an ‘unprecedented wave of cyberattacks and cyber fraud’ related to coronavirus.

Attorney General William Barr encouraged attorneys across the US to counter criminal activity that will result from coronavirus-themed attacks. Barr also announced that assistant attorney Shaun Sweeney would be made the US coronavirus-fraud coordinator.

Ransomware attackers temporarily halt targeting medical organisations during pandemic

BleepingComputer reached out to ransomware operators to ask if they planned to continue targeting medical and healthcare organisations during the coronavirus pandemic.

DopplePaymer operators stated that they would not target nursing homes, hospitals, and where possible the emergency departments of local governments. The attackers stated that if they accidentally infected these targets they would decrypt their systems for free.

Maze ransomware operators informed Bleeping Computer that they would not target medical organisations until the ‘stabilization of the situation with the virus’.

Malicious coronavirus applications utilise commercial spyware

Researchers at Lookout discovered a malicious Android application, named ‘corona live 1.1’, which was actually a SpyMax sample. The application, which requests permissions to access the user’s files, and can take pictures and record video, is a trojanised version of the legitimate application ‘corona live’.

SpyMax is a commercially available tool that allows the operator to access the target’s data and files, record audio and video, kill background processes, and more.

The researchers pivoted from the app’s C2 server and found evidence of a larger surveillance campaign dating back to April 2019. The attackers had developed 30 unique APKs that were functional and used a variety of commercially available surveillance families.

While the two newest apps use coronavirus themes, the earliest applications are titled ‘Libya Mobile Lookup’. Researchers speculated that the actors behind the campaign and the attackers’ primary targets reside in Libya.

Malicious coronavirus attacks and domain registration continues to rise

Researchers at RiskIQ reported that they had seen roughly 65,500 coronavirus-related domains being registered from March 15th to March 18th, 2020. ZDNet stated that the majority of domains appear to be promoting scams or are set as private sites, most probably to distribute malware.

Cynet reported a spike in phishing attacks directed against users in Italy. This coincided with a rise in malicious login events. Various email-based attacks against Italian users also rose. 35% of emails contained a link to a malicious website, while 32% contained documents with malicious macros.

Proofpoint have also updated their list of ongoing coronavirus-themed attacks. Campaigns include BEC attacks, scams, phishing, malware distribution, and more. The attacks have targeted a wide variety of organisations across the globe.

PlugX delivered in latest campaign using the current coronavirus outbreak as a lure

Security researcher Marco Ramilli observed a malware variant being spread via a fake PDF that is actually a LNK file. The infection consists of multiple stages, with the final payload appearing to be a well-known variant of the PlugX remote access trojan. PlugX has previously been used by several Chinese threat actors, with APT27 being the most notable.

According to Ramilli, the campaign’s controller shut everything down a few hours after his analysis began, meaning that more information on the network, commands and any additional plugins are not available. Details of the infection stages are available on Ramilli’s blog.

TrickBot and Emotet use coronavirus news stories to avoid security software

TrickBot and Emotet operators have incorporated news stories about coronavirus into the crypters that they use to obfuscate malware code. MalwareHunterTeam stated that the attackers implemented the changes approximately one month ago.

The attackers hope that using current news stories will cause some security software to determine that the malware is harmless. TrickBot and Emotet previously used this tactic in January 2020 when they utilised stories relating to the impeachment of President Donald Trump.

Student and staff targeted in coronavirus phishing campaign

Abnormal Security reported that threat actors were taking advantage of the confusion surrounding the operational status of higher education institutes in order to try and obtain user login details.

Attackers disseminated an email to between 10,000 and 20,000 users which purported to be from university health teams. The researchers did not disclose the names of targeted institutions. The message contained a link which would redirect to a phishing site disguised as an Office 365 login page.

