Watch: 'There's Nothing That Attackers Love More Than Chaos' – Working From Home Securely While in Lockdown
Tami Abdollah is dot.LA's senior technology reporter. She was previously a national security and cybersecurity reporter for The Associated Press in Washington, D.C. She's been a reporter for the AP in Los Angeles, the Los Angeles Times and for L.A.'s NPR affiliate KPCC. Abdollah spent nearly a year in Iraq as a U.S. government contractor. A native Angeleno, she's traveled the world on $5 a day, taught trad climbing safety classes and is an avid mountaineer. Follow her on Twitter.
Since the pandemic hit the U.S. hard in March, there has been a 6,000% increase in spam campaigns, with a particular focus around the keywords "COVID-19" and "coronavirus."
That's according to Wendi Whitmore, the vice president for IBM's X-Force Threat Intelligence, who spoke to dot.LA as part of a virtual panel on Tuesday.
It's been two months now — depending where you live — of working from home. As many businesses now contend with the reality of having their workforce at home for the foreseeable future, or even for the rest of their working lives (see: Twitter), cybersecurity has become a larger challenge, experts told dot.LA Tuesday.
Employees are using their own home internet networks for their jobs as well as for their own personal use, which poses some new dangers and increases the opportunities for attacks by malicious actors. Meanwhile, law enforcement officials and security experts have reported an increase in online attacks and scams, especially those targeting users' concerns and curiosity about COVID-19.
One key takeaway from today's session on securely working from home: In life as well as cybersecurity, if it's too good to be true, it probably is.
Strategy Session: Cybersecurity When Working From Home www.youtube.com
The ongoing pandemic and social isolation has made people more likely to be online, checking the news, COVID-19 statistics, social media and email obsessively to, for example, figure out when businesses might be opening, whether they've received their federal stimulus funds or when this all ends. They're adjusting to a new normal and trying to multitask while working from home.
"And so, all of these things combined to create a little bit of a chaotic environment, and there's nothing that attackers love more than chaos," said Whitmore. "They can take advantage of it and leverage it, and that's exactly what we're seeing."
Since March 11, Whitmore said her team has seen a 6,000% increase in spam campaigns, and in particular those related to COVID-19 and the coronavirus.
The pandemic has been one of the first times in recent memory where a natural disaster has impacted all people globally, with local governments on up to the U.S. Supreme Court and the military, working from home. And yet, for some companies and other entities, critical staff or those providing an essential service have had members of their team working from offices or out in the community.
That sort of mixed work environment only adds to the complexity of the security needs for an organization, said Joshua Belk, a certified ethical hacker and the executive director of the L.A. Cyber Lab, a nonprofit that provides threat information to L.A. business community.
It's not just the corporate workforce being targeted.
The emergency efforts by localities to address community needs during the pandemic have also been the target of scammers looking for new victims. The L.A. Cyber Lab has been working with the city of Los Angeles and other cities around the Los Angeles area to help them maintain services to citizens in the community by making sure their infrastructure is online and properly guarded through good cybersecurity, Belk said.
These experts say that the attack methods haven't really changed, it's just that attackers are pivoting their methods to use a lure that's much more emotional for those who are targeted.
"They're taking advantage of the fear and uncertainty around COVID-19, that's captured the attention of the entire world," said Satnam Narang, a staff research engineer on Tenable's Security Response team. "It's presented them with a unique opportunity because it's consistently in the news every day, people are worried. So, they might be more inclined to open up an email from say the World Health Organization or the CDC, or depending on where you are regionally, for example, I think the Ministry of Health in China, for example, you know you've seen some emails purporting to be from them (but) obviously they're malicious in nature."
In Canada, scammers went door to door offering test kits for COVID-19, while other attacks include unsolicited text messages or calls that tell people they've tested positive for COVID-19 or a loved one is going to the hospital and they got arrested on the way and need to get bailed out. Some scams have included phone calls where a scammer claims they can get you a reservation for a vaccine if you provide a credit card and social security number.
That "is a big no, no," Narang said. "You never want to provide your social (security number) to anybody."
With U.S. unemployment claims last week rocketing to 36 million over the two-month period, unemployment applications, the Payroll Protection Plan and other business stimulus has also been targeted by attackers who see an opportunity for easy money through online fraud. Even a Nigerian crime ring has gotten into the action, stealing millions from U.S. unemployment programs. With information easily obtained through a phishing attack or scam, attackers can easily steal your identity and make their own application for benefits in a person's name or their company's name.
A lot of people may have already fallen victim to such attacks but due to delays in receiving funds, may not realize the truth until later this summer, Belk said, when reporting will certainly go up.
Meanwhile, social media giveaways have increased to try to help people in need, and bad actors have found yet another avenue of opportunity, targeting those peer-to-peer payment apps like Apple Pay, Cash App, Venmo and PayPal.
Narang has been studying Cash App, specifically, which has also found generous influencers to help with increased giveaways during this pandemic. Scammers would tell victims to send an amount of money, perhaps $10 or a couple hundred dollars, as an alleged processing fee before the person would receive a larger amount. However, once the amount was sent to the scammer, that person would block them and their larger payout would never arrive. The scammers have also created accounts to impersonate influencers who then solicit those initial processing fees, easily reaping money from a large number of unsuspecting targets, Narang said.
"If it sounds too good to be true, it probably is," Narang said. "You should think that you would never have to pay money upfront to win a giveaway if you're being offered money, like by Cash App or one of these influencers."
He also noted that you should never get an incoming request for money.
Despite overall crime amid the shutdown and physical isolation being down, criminal activity in the virtual world has seemed to follow the ebb and flows of the virus, IBM found.
As the virus traveled -- in January and February hitting China and Asia hard, in March hitting Europe hard, and March to April hitting North America hard -- malicious activity and spam campaigns from those particular regions also decreased, Whitmore said.
Those traditional attack groups, from cyber criminals to nation-state actors, are "all back in full force, right after taking a bit of a hiatus for a few weeks, depending on what region they were in," she said.
Whitmore said she's seeing not just spam campaigns but also an increase in attacks now coming from cybercriminal groups and those often more sophisticated nation-state actors that are leveraging COVID-19 to entice users to engage.
That includes recent reports about countries trying to use their electronic attackers to steal vaccine information and patent information in the race to battle the virus and make money off of it too. While other nation-state hackers are trying to exploit the pandemic to target critical infrastructure like the energy, finance, water and power sectors. Such sectors are especially vulnerable to remote access attacks.
Ransomware is another ongoing concern, as it lures the victim to a sketchy link, which enables a hacker to lock you out of your system until and unless you pay them a fee. In the realm of healthcare facilities and hospitals, treating patients, such targeting on an already overloaded system, can be particularly detrimental.
In a scam in March, the malicious actors purported to provide a downloadable version of the Johns Hopkins University's coronavirus tracking map that could live on your computer. It was malware.
Tenable's team had also discovered a cybersecurity vulnerability that allowed a bad actor to potentially pretend to be the shopping app, Instacart, and message any user with a link that could then install malware or be used to phish for their online credentials. Narang said that Tenable immediately informed Instacart and the company quickly patched it on their site.
"The takeaway for everyone is, if it's not something you signed up for. And it's unsolicited, then you've got to watch out," Belk said.
For more details from the panel and tips on how to protect yourself while working from home, check out dot.LA's virtual panel.
Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence
Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence
Wendi Whitmore is a technical leader with almost 20 years of experience in incident response and data breach investigations. At IBM, Wendi was instrumental in creating IBM X-Force IRIS which includes the global X-Force Incident Response, Proactive Services, and Threat Intelligence practices. In her role, she leverages people, infrastructure, data and technology to drive the capabilities of detection and defense against targeted threats for global client organizations. Before joining IBM, Wendi held executive level positions at CrowdStrike and Mandiant, where she was responsible for professional services offerings. Wendi began her career as a Special Agent conducting computer crime investigations with the Air Force Office of Special Investigations.
Joshua Belk, CEH, Executive Director of the LA Cyber Lab
Joshua Belk, CEH, Executive Director of the LA Cyber Lab
Joshua Belk is currently the Executive Director of the Los Angeles Cyber Lab, a non-profit providing threat information to LA Business community. Joshua is a former CSO for the FBI, has held various information security leadership roles with Fortune 200 companies and recently returned from a year long deployment with the Joint Special Operations Command, as reserve US Naval officer. With over 20 years in the security industry, Joshua brings a unique public-private sector experience to any conversation.
Satnam Narang, Staff Research Engineer, Tenable
Satnam Narang, Staff Research Engineer, Tenable
Satnam Narang serves as a Staff Research Engineer on Tenable's Security Response team, where he is responsible for providing technical analysis and remediation recommendations for critical vulnerabilities. Satnam is also a longtime expert on social media scams, conducting research into novel financial scams on Instagram, TikTok, Cash App and more. Before joining Tenable, Satnam worked as Senior Security Response Manager at Symantec and Threat Analyst at M86 Security. He also contributed to the Anti-Phishing Working Group, helped develop a Social Networking Guide for the National Cyber Security Alliance, uncovered a huge spam botnet on Twitter and was the first to report on spam bots on Tinder. He has appeared on NBC Nightly News, Entertainment Tonight, Bloomberg West, and the Why Oh Why podcast.
- Event: How to Practice Cybersecurity at Home - dot.LA ›
- Palantir Tech on Protecting Personal Data During the Coronavirus ... ›
- USC Gets Funds to Create a Contract Tracing App for Students - dot ... ›
- Open Raven Data Security Firm Raises $4.1 Million - dot.LA ›
Subscribe to our newsletter to catch every headline.
Coronavirus Updates: Disney Pitches Florida Re-Open; Valence's Push for Interns; Snap, LAUSD and Celebs Partner on Reading
Here are the latest headlines regarding how the novel coronavirus is impacting the Los Angeles startup and tech communities. Sign up for our newsletter and follow dot.LA on Twitter for the latest updates.
- With internships cancelled, Valence tries to fill the void for young black professionals
- Florida is poised to open Disney World and SeaWorld. Will California be far behind?
- Snap and LAUSD promotes reading during COVID, with an assist from celebs like Alicia Keys
With internships cancelled, Valence tries to fill the void for young black professionals<img lazy-loadable="true" src="https://dot.la/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMzMyNTkwMi9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTYwNTczNTE4M30.YVDJESMmCRibfFoEY82y4HiQci38rzJH1RKsJGlw_aE/image.png?width=980" id="7f574" class="rm-shortcode" data-rm-shortcode-id="f541a00e8d17de6d806235c23444c2f4" data-rm-shortcode-name="rebelmouse-image" /><p>Across the country aspiring young students have had their summer internships cancelled because of the pandemic, crushing dreams and muddying professional paths. It's been especially hard for communities of color, where some are the first in the family to go to college or where internships provide an entrance into a professional world.</p><p>Valence Enterprises Inc., a Santa Monica-based company that's developed a sort of LinkedIn for black professionals, is trying to offset the pain calling on their network of leaders and professionals to provide career advice. Their network of 7,000 individuals can talk on everything from Hollywood to venture capital to marketing. Indeed, the legion of young professionals seeking it will need that hand as they enter a world forever changed by the pandemic.</p><p>Many are already facing devastating family loss - as the coronavirus kills African Americans at three times that of white families. And job loss is concentrated in low-wage sectors where Black and Latino workers are seeing high unemployment. </p><p>The very wealth gap that Valence seeks to lessen is only <a href="https://www.weforum.org/agenda/2020/05/pandemics-poor-rich-economics-coronavirus-covid19/" target="_blank">expected to widen after the pandemic</a>. </p><p>Dubbing their efforts the "Boost Challenge," Valence is asking their network of more than 7,000 professionals to provide 30 minute one-on-one coaching sessions. "This is a chance to be coached by some really inspiring people that you otherwise wouldn't have direct access to," said Emily Slade, co-founder of Valence.</p><p>So far, they have gotten a buy in from the former chief marketing officer of Beats By Dre, and founder of Opus, Omar Johnson, to offer branding advice; Olympic medalist Michael Johnson will give partnership and sponsorship advice; and Boris Kodjoe, who founded the Full Circle Festival and is an actor and model, will offer his thoughts on the entertainment industry. Other participants include the chief marketing officer of Snap, Kenny Michell; Maisha C. Leek, a partner at Human Ventures; Derek Ali, a Grammy Award-winning mixing engineer; and Caroline Wang, chief culture, diversity and inclusion officer at Target Corp.</p><p>"As a tech platform and professional network focused on connecting the Black community with mentorship, job opportunities and capital,<a href="http://www.valence.community/" target="_blank"> Valence</a> is in a unique position to provide some support," said Kobie Fuller, the co-founder and a general partner at Upfront Venture. Valence has previously partnered with historically black colleges and universities, where students are reeling from the impacts of the pandemic.</p><p>An online survey by HBCUvc found among students at historically black colleges 62% lost their job due to COVID-19. The sample survey of 137 students by the nonprofit aimed at increasing opportunity in venture capital and technology also showed that among those 75% held a job while at school. </p>
Florida is poised to open Disney World and SeaWorld. Will California be far behind?<img lazy-loadable="true" src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMzI4ODI2OC9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTYyMDkzNDcyNH0.-nX2hvzltOpH8ieuOf_ohBoNJM-JbXhshLlK4D1FW8M/img.jpg?width=980" id="d0ee6" class="rm-shortcode" data-rm-shortcode-id="79ab04e2418b271f2628e2786013b354" data-rm-shortcode-name="rebelmouse-image" /><p>Walt Disney World wants to reopen in weeks after the Orlando amusement park was shuttered as the pandemic spread, and the company's multi-tiered proposal might be a blueprint to how the Magic Kingdom will open the front gates of its Anaheim park. Other Florida parks are also unveiling proposals to do the same, which must be approved by Gov. Ron DeSantis. </p><p>Disney plans a tiered reopening, with Disney World and Animal Kingdom opening on July 11, then Epcot and Hollywood Studios on July 15.SeaWorld wants to open on June 11. And Universal Orlando presented its plan to reopen on June 5. That plan also has been approved by the Orlando task force, which sent its recommendation to the governor. "We are developing a series of 'know before you go' communication vehicles and our objective is to reinforce our health and safety messages to guests before they arrive on our property so they are aware and prepared for the new environment," Disney's senior vice president of operations, Jim McPhee, <a href="https://www.latimes.com/business/story/2020-05-27/walt-disney-world-park-reopening" target="_blank">told the task force.</a></p><p>Will the same re-opening plan soon be unveiled for California's version of the theme parks? <a href="https://www.latimes.com/california/story/2020-05-27/silicon-valley-health-officer-slams-faster-pace-of-california-coronavirus-reopening" target="_blank">The Los Angeles Times reported</a> that a key architect of the nation's first coronavirus shelter-in-place order is criticizing the state's <a href="https://www.latimes.com/california/story/2020-05-26/los-angeles-county-reopens-with-new-state-guidelines-while-city-allows-in-store-shopping" target="_blank">increasingly fast pace</a> of lifting stay-at-home restrictions. Dr. Sara Cody, health officer for Santa Clara County — home to Silicon Valley and Northern California's most populous county — said she was concerned by the decision to allow gatherings of up to 100 people for <a href="https://covid19.ca.gov/pdf/guidance-places-of-worship.pdf" target="_blank">religious</a>, political and cultural reasons.</p>
Snap and LAUSD promotes reading during COVID, with an assist from celebs like Alicia Keys<img lazy-loadable="true" src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMjY1NzUwMC9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTU5OTAxNDQ3N30.Ff-fzCnRnQLbhIXn1cyzX0YwGUwp8YwNWrif-9njEE4/img.jpg?width=980" id="34bce" class="rm-shortcode" data-rm-shortcode-id="8bec468dda80a988ea00bd5388f3aa67" data-rm-shortcode-name="rebelmouse-image" />c1.staticflickr.com<p>Snapchat and L.A. Unified School District are partnering to keep high school students reading books while the coronavirus pandemic keeps them from the classroom. On Wednesday, Snap launched a new original series titled <em>The A-List Book Club </em>on its Discover platform, which houses Snap-curated content for its young-skewing audience. The new series will showcase celebrities discussing a favorite book and what it means to them. </p><p>Participating celebrities, who will shoot the footage themselves, include Russell Westbrook, Alicia Keys, and Kendall Jenner. At the end of each episode, LAUSD students can swipe up to be directed to L.A. Unified's website, where they can enter their student credentials to receive a free digital copy of the book. Book donations are supported by L.A. Students Most In Need, a charity created to support students during this challenging time. </p><p>The series will also air on LAUSD's YouTube channel, as well as on Snapchat nationwide, but without the swipe up option. "Education creates opportunity, and we are excited to support public education and help create new ways to engage students in learning outside the structure of a classroom," said Evan Spiegel, Snap's co-founder and CEO. "We are inspired by working together with Los Angeles Unified to create resources for students to help them build the foundation for future success."</p>
Americans locked out of the workplace have been remaking their home offices by adding desks, plants and wall hangings. Some of it so that they look a little more slick on Zoom calls.
The new interest in a beautiful home office has been a boon to furniture services like Fernish, which sells itself as an affordable option to upscaling your home. The rental service recently closed on a $15 million Series A led by Kosla Ventures, alongside other top investors including Scott Cook (founder of Intuit), Eytan Elbaz (founder of Scopely), and Jeff Wilke (Amazon's CEO of Worldwide Consumer), and Spencer Rascoff (founder of Zillow and dot.LA).
- Guest Column: Fernish Co-Founder Says He's Taking Every ... ›
- How Fernish Is Handling COVID-19 - dot.LA ›
HBO Max, the new streaming service from AT&T's WarnerMedia, launches Wednesday. Advertised as the place "where HBO meets so much more", HBO Max will debut with over 10,000 hours of content from a range of brands including HBO, Warner Bros., Cartoon Network and Turner, with characters as diverse as Elmo and Tony Soprano. This marks a culminating milestone in AT&T's massive integration that began in 2016 when it agreed to acquire Time Warner for $85.4 billion.
HBO Max users will be able to browse by "hub"
- The End of Hollywood As We Know It? - dot.LA ›
- John Stankey Takes Control of AT&T Ahead of HBO Max Launch ... ›