COVID-19 ISO Insights

Report: Cyber Criminals Targeting Long-Term Strategy to Exploit COVID-19 Vulnerabilities

April 13, 2020

By: David Geller, CPCU

The COVID-19 outbreak has generated a plethora of concerns, and cybersecurity appears to be no exception.

The Wall Street Journal has reported that a variety of dynamics are exacerbating the risk of cyber attacks being levied on employees, employers, hospitals, and other targets. Here are a few factors that the article mentions:

  • Different cybersecurity experts explained to the WSJ that some virtual private networks (VPNs) have been overwhelmed by the huge surge in office closures during this social distancing period.
  • Employees that are working on personal computers enable cyber criminals to operate on a greater surface area to execute attacks. Conversely, this larger space to cover increases the level of difficulty for intrusion-detection tools and cybersecurity teams to identify potentially malicious behavior.
  • IT teams that are already working to keep an unprecedented number of employees productive also have to keep a keen watch on adverse cyber activity from criminals, who are reportedly sensing vulnerability and acting accordingly.

There have already been reports of high-level attacks consummated during the outbreak. Marriott, per CNN, revealed that the log-in info of two employees were used to access the account info of over 5 million guests. The Chief Information Security Officer for the World Health Organization (WHO) informed Reuters that hacking attempts against the agency and its partners have escalated in recent weeks. And the WSJ article notes that United Kingdom’s National Crime Agency is “investigating an alleged ransomware attack against a drug-testing company that has carried out trials for the ebola vaccine and other treatments.”

In addition to ransomware, a vice president at security company Okta expressed to GCN that he has “‘never seen this volume of phishing’” as he has during this crisis.

While cyber criminals can use ransomware, or other tools, to effectively paralyze the computer systems of victims, the WSJ states that the implications for this surge of cyber escapades may not manifest for “days, weeks, months, or longer.”

The article cites an opinion from a cybersecurity and privacy lawyer that more sophisticated hacking groups may seize this opportunity to discretely rummage through compromised networks for high worth information, including: bank account numbers, trade secrets, personally identifiable information, and more. In time, the lawyer says the criminals could do the following with these assets:

“[The attackers will] then start siphoning off those resources as inconspicuously as possible, or wait to hit all the assets in one fell swoop when the company is most vulnerable… Some hackers even try to get money from the stock market using nonpublic information they acquire.”

Consortium of Cybersecurity Experts Link Up to Address Explosion in Hacks

According to GCN, on March 25th, over 800 cybersecurity experts formed the COVID-19 Cyber Threat Intelligence (CTI) group to assist vulnerable individuals and employees from being preyed on by cyber criminals. The group is reportedly being helmed by executives from Amazon, Okta, Microsoft, and other large tech firms.

It may not be feasible for this group to tackle all of the vectors that hackers are engaging in, but per GCN, the group will be prioritizing the defense of medical resources and related critical infrastructure, a sector that was already vulnerable to these attacks. Additionally, the consortium will reportedly be assisting the communication networks and services that have become so vital as remote work has spiked.

CTI, per the article, is also acting proactively to identify the enterprises with vulnerabilities that may be most appealing for cyber criminals so they can preemptively halt a future attack.