Nary is the slice of modern life unaffected by the global COVID-19 pandemic. That’s the “pan” part of the word, which sets it apart from its less widely spanning epidemic that’s spread through one or a few communities. Pandemics are diseases that span the globe. This virus, now a pandemic, has created a panoply of effects, mostly negative, that includes the criminal spectrum. According to my typical topic de jour, that leads to crimes and fraud perpetrated online. Criminals tend to be opportunists and the fear, uncertainties, and real results of the coronavirus are each fueling their innovation to capitalize on the situation. I suspect that there are currently more U.S. citizens prone to criminal acts springing from COVID-19 than those testing positive for the virus, itself. It’s a suspicion, not a prognosis. Let me share just a small handful of what’s going on, some of which you should be acutely aware of because you and your family may be susceptible to the scumbag, antisocial actors who translate tragedy into profits.
Some criminal endeavors began early and are already evolving. At some time after the virus’s December beginnings in China, hackers realized the fear that was gestating as the virus spread. When we get scared, and when we are looking so desperately for answers to unknowns, our guards too frequently fall. That’s why phishing emails started circulating with false promises of medical advice or cures. A criminal creates an email that appears to be coming from the CDC or a similar authority. Within the body of the email there is a link to learn more, or to get registered for early testing, or whatever may tantalize you to click it. When you click it, the hacker’s job is nearly complete because by that action you unwittingly activated some malicious software. That “malware” then does its thing: steals information, encrypts it so that you can’t read it, installs a way into your machine without requiring a password. The effects of malware are only limited by the criminal imagination that deploys it.
More recently, these phishing scams have become wildly sophisticated and their sources changed from profit-focused online criminals, usually organized crime syndicates, to the mighty powers of state actors. Government sponsored cyber-offensive forces got into the game in the past weeks and now security experts are seeing COVID-19 based phishing attacks from North Korea, China (ironically?), Russia (go figure), and other well-funded, well-organized campaigns. At that level, their targets tend more toward government officials than us ham-and-eggers. It’s the motivation more than the target profile that impresses me.
Such attacks, whether by organized crime or foreign governments, have real and negative effects on the ability to contain and ultimately cure the disease. The U.S. Department of Health and Human Services, which manages the Centers for Disease Control and Prevention among other critical functions, was hit over the weekend with a cyberattack that was, thankfully, less than successful. Hackers tried to flood HHS computer systems with millions of nonsensical communications, the intent of which was to overwhelm its servers toward a shutdown, therefore putting a real hitch in the works to cure and communicate about the coronavirus. A misinformation campaign was levied at the same time causing false information to be circulated, seemingly, from HHS such as a national quarantine order. No data was stolen from HHS, and the desired slowdown of systems never came to be. This time.
On another front, America’s workforce, or at least a large segment of it, is being temporarily moved out of the office and into a remote work setting. Millions of people are working from home and possibly will continue so for weeks to come. That presents a major shift in communications and internet use from intently designed networks and infrastructure built and funded by corporate monies to your $100 WiFi router that’s made to facilitate Alexa commands, or let you watch Netflix. It’s as if all over-the-road trucking commerce suddenly was limited to county roads. Not only does this paradigm shift place way too much internet traffic on gravel roads instead of the Information Superhighway, but it also highlights the vast difference between home user security and corporate security programs. Home security most often starts and stops with a “creative” password, like “LastnameHousenumber.” Or worse, whatever the router manufacturer set as a password and you never changed. Give me a model number and I’ll give you the website where all of its passwords, as programmed at the factory, can be found.
All of the sudden we millions of remote workers represent newfound targets for online criminals. They’re preying again and still on our fears, on our ignorance. The so-called virtual private networks, or VPNs, that allow us to access work files from home are particularly inviting to hackers. A VPN can be made to be secure, sure. Yet, guess who at the office is typically responsible for maintaining software patches and security updates for VPNs. Indeed. It’s the same skeletal crew that’s dealing with, maybe, hundreds of first-time, remote workers trying to navigate the network on their home infrastructure that was never meant to host this type of traffic. A number of security firms are reporting hundreds of websites and hacker groups that are in force, and continuously evading the law, all plying on our COVID-19 fears and our new home-work network security. In my opinion, that’s only the start of this angle of the problem. Soon, I believe, we’ll start seeing evidence of corporate loss that’s sprung from the ill-fitting new traffic on the ill-suited, lightly secured home networks.
If you were present and aware during Katrina, in 2005, one of the more glaring images you may recall was the rampant looting. No matter a virus, hurricane, or power outage, the criminal element ramps up during our worst moments. Be all the more on guard, if that’s possible.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
Commented
Sorry, there are no recent results for popular commented articles.