Plus, the security industry’s need for more female staffers and President Biden’s plans for a new cybersecurity team
Twitter has launched a pilot program called Birdwatch, a “community-based approach” to identifying misleading information in tweets. ZDNet reports that users will be able to write notes to provide context for tweets. The notes then get rated by participants for their helpfulness. “Twitter, due to its 'instantaneousness', has been abused many times to spread inaccurate information, and nowadays there are barely any tools to help us distinguish fake news. Birdwatch can be a powerful ally to help users and stop the spread of misinformation,” commented Avast Security Evangelist Luis Corrons. In the first phase of the pilot, Birdwatch will remain a separate site from Twitter, until the company has the confidence that the notes will be helpful and appropriate. The pilot will be available to US-based individuals with accounts in good standing, verified credentials, a US phone carrier, and two-factor authentication. Corrons says, “The crowdsourced approach has its benefits, although there is one caveat; the same people spreading misinformation will try to abuse and game the system, they could use it as a weapon to discredit proper news. So far the pilot program has taken some measures, such as making sure the people allowed are not bots (verified credentials) or having their account secured (2FA).” Twitter plans to create the new site as an open build, allowing all contributed data and code to be publicly available. Could the open approach Birdwatch is taking lead to a new era of crowd-based information ratings? Our own citizen’s guide to spotting fake news and our recent post about propaganda hacking have more thoughts on that subject. In March of 2020, Twitter, along with Facebook, Google, LinkedIn, Microsoft, Reddit, and YouTube issued a joint statement promising to work together and with government healthcare agencies to globally fight Covid-19 related misinformation. More recently, Twitter permanently suspended former US President Donald Trump's account "due to the risk of further incitement of violence" after the US Capitol was attacked by rioters on January 6. In a 2020 Cybersecurity Workforce Study, 22% of companies reported a significant shortage in their dedicated cybersecurity staff. In the same survey, it was identified that only 25% of the industry’s employees are women. Financial Times reports that recruiters are having difficulty retaining female hires and that companies need to create a culture and opportunities that will help them keep the few women they have on their rosters. A 2020 global survey of mid-sized companies across all sectors by IBM Security reported that cyber attacks cost targeted companies an average of $3.9 million. Google’s threat analysis team has found numerous fake social media profiles on Twitter and LinkedIn that are posing as cyber vulnerability researchers. The attackers ask real researchers to work together, then share collaboration tools that install malicious code on the researcher’s systems. Google has attributed the attacks to “a government-backed entity based in North Korea.” Ars Technica reports that North Korea’s cyber army has thousands of expert hackers committing everything from small-scale fraud to theft of cryptocurrencies, weapons tech, and nuclear secrets. Emails claiming to be from the United Kingdom’s National Health Service (NHS) are asking recipients to accept or decline an invitation to schedule their Covid-19 vaccination. Upon clicking a button in the email, targets are brought to a false NHS site that asks for personal information including the person's name, mother's maiden name, address, mobile number, credit card information, and banking information. The page then redirects the browser to the real NHS site. To help combat the phishing scam, the NHS tweeted that the vaccine is free and that they will never ask for bank account information or personal identification documents. See the content of the phishing emails and fake site at Bleeping Computer and read more in our post about Covid-19 spearphishing scams in the US. After the November elections, CISA Director Christopher Krebs was fired by now former-President Trump. During that time, CISA, along with the FBI and the U.S. Department of Health and Human Services, had warned of an "increased and imminent" cyberthreat amid the Covid-19 pandemic. According to Reuters and CyberScoop, President Biden will likely tap Jen Easterly as the new national cyber director; Robert Silvers to lead the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency; and Eric Goldstein as CISA's Cybersecurity Division head. Read more about the extensive cybersecurity backgrounds and qualifications of all three potential nominees on Healthcare IT News. Earlier this week, law enforcement agencies from around the world successfully wrested control of the Emotet botnet away from its operators. Find out more in our coverage of this significant takedown operation.Cybersecurity roles need more women
North Korea hacking cybersecurity researchers
UK Covid-19 vaccine phishing attack
President Biden to hire seasoned cyber experts
This week’s ‘must-read’ on The Avast Blog