During the unprecedented COVID-19 global health crisis, individuals and companies are relying on technology now more than ever. After all, how else can you keep a business running during a time of lockdowns, widespread fear of going outside, and the ever-present threat of a “second wave” of the virus?
Many users have been surprised at how easy it is to work from home and keep in touch with colleagues and clients via applications like Zoom and Skype.
But many cybersecurity experts have been far less surprised at how these same companies have increasingly fallen victim to hacking, resulting in an ongoing conversation with government officials about what can be done to protect our digital economy.
While it feels great to “go to work" without pants on, companies have since found themselves caught with their pants down in a different way. The issue of cybersecurity has never been more urgent, as hackers from around the world are using fear of the novel coronavirus to increase their targeted attacks on American businesses.
In this article, we will look deeper into the type of cyber threats that are facing American businesses, specific measures cybersecurity leaders are proposing the federal government to adopt, and what proactive measures businesses can take to prevent falling victim to cybercrime.
What Types of Cyber Threats Are Increasing, and Who Are They Targeting?
Since the spread of COVID-19, the FBI has received four times as many reports of cybercrime. Many of these fraudsters have used the coronavirus as a means of spreading their malware and compromising user data.
After all, many of us have spent a lot of time on the web reading the news and searching for new information about this virus and ways we can protect ourselves and our community. Many would-be cybercriminals masquerade as legitimate health organizations to lure their target to click on their link, only to use this as a gateway to get more information and access to the user's computer.
Sadly, many of these companies being targeted are in the health care sector, with cybercriminals taking advantage of overwhelmed hospitals, pharmaceutical companies, and research centers to instigate data breaches and engage in ransomware.
As hospitals concentrate on combating COVID-19, they have had to lay off non-essential workers, offer reduced services to patients, accommodate work-from-home colleagues and do it all with far less revenue than they have before. This has created an environment ripe for cybercriminals willing to take advantage of a hectic situation.
But it’s not just hospitals being targeted. For example, Apple users have found their iPhones and iPads targeted, with hackers sending blank emails through the Mail app that caused devices to slow down or crash. This then gives access to the device to the hackers so they can steal data such as photos, contacts, and other confidential information.
Earlier this year the video conferencing platform Zoom received media attention with widespread cases of “Zoom-bombing” occurring when uninvited guests show up on the screen in the middle of virtual meetings. Some of these “zoom-bombers” are no more than immature pranksters, but how many more are quietly in the background, taking note of important information?
Who Are The Culprits of These Cyber Attacks?
State-sponsored hackers seem to be behind the current barrage of cyberattacks on health and government agencies. The motive is apparently to hamper response efforts, gather intelligence, and even spread disinformation.
Although it is difficult and controversial to say for certain which countries are behind the surge in cybercrime, we do know that 99% of brute force attacks originate in China.
Who Are The Current Leaders In Cybersecurity?
Gen. Paul Nakasone, head of the United States military’s Cyber Command, and Christopher Krebs, the top Homeland Security Department official at the Cybersecurity and Infrastructure Security Agency, are two of the most important names in government cybersecurity.
There are many other groups of professional cybersecurity leaders in the U.S., many of whom are greatly interested in lending a helping hand during the coronavirus cybercrime epidemic.
The COVID-19 CTI League formed as a volunteer group of 1,400 cybersecurity experts from 76 countries around the world. They claim they have taken down 2,833 cybercriminals from around the world, including 17 designed to impersonate government organizations such as the World Health Organization (WHO).
Aside from this group, there is also the Cyber Threat Intelligence League (CTI League), international membership of more than 1,400 vetted cybercrime gurus that are actively working with the US government.
What Is Being Proposed On The Federal Level To Combat Cybercrimes?
On April 20th, a bipartisan group of senators wrote to the heads of Cyber Command and Cybersecurity and Infrastructure Security Agency (a division of Homeland Security) urging these groups to increase the gathering and sharing of threat intelligence, so that proactive measures can be taken to keep the country safe from cybercrime.
Specifically, they are requesting these departments to increase coordination with the health care sector, the Department of Health and Human Services, the FBI, the Federal Trade Commission, and the National Guard to effectively protect from cyber threats.
The senators even advocated for “defending forward” to keep the American digital economy safer, a cybersecurity term for what is effectively a counterattack that dismantles hacker’s infrastructures. In recent years, there were legal limitations in place for when the U.S. could engage in a cyberattack, but these limitations were removed in 2018. This freedom to actively seek out and attack malicious foreign cyber operations will certainly be used as another defense mechanism for American businesses.
What Can Businesses Do To Help Close The Gaps In Cybersecurity?
It is clear that we all need to take a proactive approach towards protecting ourselves from cybercrime. As we have seen, it is much easier to protect oneself than to deal with the aftermath of an expensive and embarrassing data breach.
The good news is that most protective measures are actually quite simple ones.
One of the most common ways companies ensure their data remains safe is by utilizing a VPN, or a Virtual Private Network, on all WiFi routers. VPNs are beneficial for work-from-home colleagues because they are easy to install and they protect all the devices that connect through the WiFi.
Another highly effective practice to secure your company from potential cyber-attacks is to utilize a password manager. Complex passwords have time and time again proven to be one of the best protection against hacking. Password managers enable you to use very secure passwords for each of your logins, without the hassle of having to remember each one.
Conclusion
Cybercriminals will take advantage of any situation to get access to devices and valuable data.
It should be equally obvious that we must take responsibility to protect ourselves, by encouraging our government to take a more proactive stance towards cyberattacks and by making sure our businesses are secure from those everyday hackers that can wreak havoc.
Hopefully, we will all remain vigilant enough to protect our companies and our economy in an ever-evolving digital world.
About the Author: Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphasis on technology trends in cyberwarfare, cyberdefense, and cryptography.
