The DarkHotel group could have been looking for information on tests, vaccines or trial cures.

The World Health Organization (WHO) has attracted the notice of cybercriminals as the worldwide COVID-19 pandemic continues to play out, with a doubling of attacks recently, according to officials there. Problematically, evidence has also now apparently surfaced that the DarkHotel APT group has tried to infiltrate its networks to steal information.

Alexander Urbelis, cybersecurity researcher/attorney at Blackstone Law Group, told Reuters that he personally observed a malicious site being set up on March 13 that mimicked the WHO’s internal email system. Its purpose was to steal passwords from multiple agency staffers, and Urbelis noted that he realized “quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic.”

The attack appeared to be aimed at achieving a foothold at the agency rather than being an end unto itself: “The targeting infrastructure seems to focus on certain types of healthcare and humanitarian organizations that are uncommon for cybercriminals,” Costin Raiu, researcher at Kaspersky, told Threatpost. “This could suggest the actor behind the attacks are more interested in gathering intelligence, rather than being financially motivated.”

As for the “why” of the attack, which was thwarted, Raiu said that information about remediation for coronavirus – such as cures, tests or vaccines – would be invaluable to any nation-state’s intelligence officials.

Continue reading “WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike”

source:  various


As we all do our best to deal with the COVID-19 pandemic, Artemus Central has amassed a number of media snippets that we’re calling “grinnables”.  We hope that they do just as we intended them to do: put a grin on your face!

Stay safe, smile when you can, and know that we’ll get through this mess together.   


And finally…(Turn up your volume!)

source: (courtesy of FAN, Jim Gossler)

A U.S. defense agency that specializes in turning science fantasies into realities jump-started technologies and nurtured companies that are now at the forefront of the response to the COVID-19 pandemic.

The Defense Research Advanced Projects Agency (DARPA) has taken risks where others wouldn’t. Its pursuit of high-risk, high-reward technologies, combined with its mission-driven approach to managing projects is promising to pay off in the fight against COVID-19.

DARPA was behind the creation of DNA and RNA vaccines, funding early R&D by Moderna Inc. (NASDAQ:MRNA) and Inovio Pharmaceuticals Inc. (NASDAQ:INO) at a time when the technologies were considered speculative by many scientists and investors.

The military R&D agency believed nucleic acid-base vaccines could be developed much faster than conventional technologies. Its funding, project management and vote of confidence helped de-risk the science and attract investments and partnerships.

NIH selected Moderna as its partner for COVID-19 vaccine development. This week, an RNA vaccine produced by Moderna became the first COVID-19 candidate vaccine to be administered in a Phase I trial.

Inovio is on track to start a Phase I trial of an DNA-based COVID-19 vaccine in early summer.

Continue reading “DARPA’s Gambles Might Have Created The Best Hopes For Stopping COVID-19”

source: (courtesy of Artemus FAN, Chuck Miller)


Today, the Department of Defense announced William (Bill) K. Lietzau as the new Director of the Defense Counterintelligence and Security Agency (DCSA).

“Bill’s leadership experience within the military, government, and industry, combined with his role leading DCSA transformation efforts, make him the ideal candidate to hit the ground running and lead the DCSA,” said Joseph D. Kernan, Under Secretary of Defense for Intelligence and Security. “Bill understands the criticality of the background investigation and security mission, and the necessity to ensure a trusted workforce and protect critical defense information from theft or disclosure.”

Lietzau will replace Acting Director Charles Phalen Jr., who has been acting director since July 2019. Under Phalen’s leadership, the NBIB was successfully transferred from the Office of Personnel Management to the DOD on October 1, 2019. This transfer consolidated 95% of the federal vetting enterprise under a single agency in the DOD. Additionally, he was instrumental in leading a workforce that spans the country to reduce the background investigation inventory backlog, improve processing timelines, and achieve a steady state level of clearances.

“I want to thank Charlie for his dedication and commitment to the DCSA mission, and for his willingness to lead the DCSA workforce through one of the largest organizational transfers in the Executive Branch and positioning the Agency for transformation while maintaining uninterrupted support for all of DOD and its government agency customers,” said Kernan.

DCSA is a strategic asset to the Nation and its allies – ensuring a trusted federal, industrial and affiliated workforce, and enabling industry’s delivery of uncompromised capabilities by leveraging advanced technologies and innovation. The Agency uniquely blends critical technology protection, trusted personnel vetting, counterintelligence, and professional education to advance and preserve America’s strategic edge.


Commentary: Don’t be me.

Deep breath. I did something really stupid with some of the most important data in my life. And I don’t know how I did it.

I took today’s basic security advice: use a password manager and then have it create different passwords for each site. I chose the 1Password password manager and after installing it, upgraded to a subscription so I could access my passwords across multiple devices.

Then came the weekend that I tried logging into the app and found my password wasn’t working.

I typed it in a few times. Slowly. Then with cut and paste. Nothing registered. It had been working smoothly with my iPhone’s Face ID to unlock access to my passwords, but that stopped working after a phone reboot. And I realized suddenly that the master password being asked for wasn’t the same as the password I had been using previously, before I added the subscription. Bewildering? Yes. My fault? Absolutely. Can I explain how I entered this fugue state of password confusion? Not at all

At some point I fumbled my passwords. I have mismanaged my supposedly careful management of my passwords. I feel like I’m in an utter nightmare.

This could happen to you. I hope it doesn’t.



Amid sharply falling public markets and spiraling panic around the rapid proliferation of the coronavirus (a.k.a. Covid-19), the cybersecurity industry seems to be well poised for sustainable growth despite some foreseeable turbulence.

Publicly traded security companies and some specific niches will unescapably suffer in a short term, however, private cybersecurity companies and later-stage startups with sufficient reserves of cash may rapidly gain new clients and markets. That is not to say that the industry will enjoy an absolute and everlasting success but, contrasted to other sectors of the economy, will be in a comparatively good shape.

Let’s have a look at the five underpinning reasons for a bright future in the cybersecurity industry among the coronavirus havoc:

Many traditional businesses will flee online

Countries affected by the coronavirus now actively restrain or even flatly prohibit a wide spectrum of daily activities including attending schools, visiting public places and restaurants, let alone international travel and conferences. Unsurprisingly, most of the affected businesses will have now to swiftly reinvent themselves and adapt to the new reality or see revenues hit extremely hard.

A considerable number of offline processes will somehow migrate to the Internet, replacing consultations with doctors and lawyers with agile video calls, favouring Zoom and WebEx for internal business meetings, delivering food and goods to homes instead of eating out or weekend shopping in overcrowded malls.



Attackers are using YouTube redirect links, whitelisted by various security defense mechanisms, to evade detection

Researchers are warning of an increase in phishing emails that use YouTube redirect links, which help attackers skirt traditional defense measures.

If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect the victim to their phishing landing page. URL redirects have been used in previous campaigns, including malicious redirect code affecting Joomla and WordPress websites and HTML redirectors being used by Evil Corp. Now, a new campaign is using legitimate YouTube redirect links.

“Most organizations allow the use of platforms such as YouTube, LinkedIn, and Facebook and whitelist the domains, allowing for potentially malicious redirects to open without any fuss,” said researchers with Cofense, in a Wednesday post.”

Researchers said that the emails using this method originated from a fraud domain,, which was recently registered, on Feb. 19. The attackers purported to be with SharePoint, a web-based collaborative platform that integrates with Microsoft Office. The email indicated that a new file has been uploaded to the target company’s SharePoint site, and included an option to “View File.”

When a user hovers their mouse over the “View File” URL, they see a seemingly-legitimate embedded YouTube link (hXXps://www[.]youtube[.]com/redirect?v=6l7J1i1OkKs&q=http%3A%2F%2FCompanyname[.]sharepointonline-ert[.]pw).


image source:


“Although the email may appear illegitimate to a trained ey””A curious or unsuspecting end user may click the button expecting to see a legitimate file,” said researchers.

When they click on the URL, victims are redirected to YouTube, and then immediately redirected to another link (companyname[.]sharepointonline-ert[.]pw), which is the final phishing landing page.



Just because it meets the complexity test does not mean it is secure.


Most of the insider threats and some very public hacks (Yes I am talking to you, John Podesta) are due to poor password choice.  But it is not just the basics of simply changing the default passwords.   You have to change it to something complex, upper and lower case, numbers and special characters, it also has to be not easily guessed.

We had a new client that lost his password to his san.  He did not remember it, and as he always used the same form of a password – company name with capitalization, a special character, and some numbers – creating a complex password, they thought they were secure.   But in reality, it was a false sense of security there was an easily guessed password, and the company data was vulnerable to anyone who wanted to spend the time with a minuscule bit of information about the company.

Because we needed access to the san – I wrote a simple 47 line python script to churn through all the various options.  It took us less than a minute to crack the password we were in.   It helped me tremendously that they did not turn on any brute force blocking or disabling on failed attempts.  It also helped that they had default usernames enabled.    I only had to guess just a few of the 12 characters in the password.   But because computing is cheap and time is not relevant when your computer does the work for you.  I say helped, but for real it made the job of hacking in more straightforward and less time-consuming.

Lessons Learned

The main lesson learned here for my customer is password security is not hard, it just has to happen.   For better security now they use strong random passwords generated by a program.  Disable login for all default users.   Brute force blocking with time outs of at least 15 min. Where applicable and especially for access to the systems remotely, two-factor logins and biometrics are utilized.