Watch: 'There's Nothing That Attackers Love More Than Chaos' – Working From Home Securely While in Lockdown
May 19 2020
Since the pandemic hit the U.S. hard in March, there has been a 6,000% increase in spam campaigns, with a particular focus around the keywords "COVID-19" and "coronavirus."
That's according to Wendi Whitmore, the vice president for IBM's X-Force Threat Intelligence, who spoke to dot.LA as part of a virtual panel on Tuesday.
It's been two months now — depending where you live — of working from home. As many businesses now contend with the reality of having their workforce at home for the foreseeable future, or even for the rest of their working lives (see: Twitter), cybersecurity has become a larger challenge, experts told dot.LA Tuesday.
<p>
Employees are using their own home internet networks for their jobs as well as for their own personal use, which poses some new dangers and increases the opportunities for attacks by malicious actors. Meanwhile, law enforcement officials and security experts have reported an increase in online attacks and scams, especially those targeting users' concerns and curiosity about COVID-19.
</p><p>
One key takeaway from today's session on securely working from home: In life as well as cybersecurity, if it's too good to be true, it probably is.</p><p class="shortcode-media shortcode-media-youtube">
<span style="display:block;position:relative;padding-top:56.25%;" class="rm-shortcode" data-rm-shortcode-id="847c7c0263952375847d3a20e7ec6af9"><iframe type="lazy-iframe" data-runner-src="https://www.youtube.com/embed/XE_b2QvKn8Q?rel=0" width="100%" height="auto" frameborder="0" scrolling="no" style="position:absolute;top:0;left:0;width:100%;height:100%;"></iframe></span>
<small class="image-media media-caption" placeholder="Add Photo Caption...">Strategy Session: Cybersecurity When Working From Home</small>
<small class="image-media media-photo-credit" placeholder="Add Photo Credit...">
<a href="https://www.youtube.com/watch?v=XE_b2QvKn8Q&feature=youtu.be" target="_blank">www.youtube.com</a>
</small>
</p><p>The ongoing pandemic and social isolation has made people more likely to be online, checking the news, COVID-19 statistics, social media and email obsessively to, for example, figure out when businesses might be opening, whether they've received their federal stimulus funds or when this all ends. They're adjusting to a new normal and trying to multitask while working from home.<br/></p><p>
"And so, all of these things combined to create a little bit of a chaotic environment, and there's nothing that attackers love more than chaos," said Whitmore. "They can take advantage of it and leverage it, and that's exactly what we're seeing."
</p><p>
Since March 11, Whitmore said her team has seen a 6,000% increase in spam campaigns, and in particular those related to COVID-19 and the coronavirus.
</p><p>
The pandemic has been one of the first times in recent memory where a natural disaster has impacted all people globally, with local governments on up to the U.S. Supreme Court and the military, working from home. And yet, for some companies and other entities, critical staff or those providing an essential service have had members of their team working from offices or out in the community.
</p><p>
That sort of mixed work environment only adds to the complexity of the security needs for an organization, said Joshua Belk, a certified ethical hacker and the executive director of the L.A. Cyber Lab, a nonprofit that provides threat information to L.A. business community.</p><p>It's not just the corporate workforce being targeted. </p><p>The emergency efforts by localities to address community needs during the pandemic have also been the target of scammers looking for new victims. The L.A. Cyber Lab has been working with the city of Los Angeles and other cities around the Los Angeles area to help them maintain services to citizens in the community by making sure their infrastructure is online and properly guarded through good cybersecurity, Belk said.</p><p>
These experts say that the attack methods haven't really changed, it's just that attackers are pivoting their methods to use a lure that's much more emotional for those who are targeted.
</p><p>
"They're taking advantage of the fear and uncertainty around COVID-19, that's captured the attention of the entire world," said Satnam Narang, a staff research engineer on Tenable's Security Response team. "It's presented them with a unique opportunity because it's consistently in the news every day, people are worried. So, they might be more inclined to open up an email from say the World Health Organization or the CDC, or depending on where you are regionally, for example, I think the Ministry of Health in China, for example, you know you've seen some emails purporting to be from them (but) obviously they're malicious in nature."
</p><p>
In Canada, scammers went door to door offering test kits for COVID-19, while other attacks include unsolicited text messages or calls that tell people they've tested positive for COVID-19 or a loved one is going to the hospital and they got arrested on the way and need to get bailed out. Some scams have included phone calls where a scammer claims they can get you a reservation for a vaccine if you provide a credit card and social security number.
</p><p>
That "is a big no, no," Narang said. "You never want to provide your social (security number) to anybody."
</p><p>
With U.S. unemployment claims last week rocketing to 36 million over the two-month period, unemployment applications, the Payroll Protection Plan and other business stimulus has also been targeted by attackers who see an opportunity for easy money through online fraud.
<a href="https://www.businessinsider.com/nigerian-crime-ring-steals-millions-us-unemployment-sites-coronavirus-fraud-2020-5" target="_blank">Even a Nigerian crime ring has gotten into the action</a>, stealing millions from U.S. unemployment programs. With information easily obtained through a phishing attack or scam, attackers can easily steal your identity and make their own application for benefits in a person's name or their company's name.
</p><p>
A lot of people may have already fallen victim to such attacks but due to delays in receiving funds, may not realize the truth until later this summer, Belk said, when reporting will certainly go up.
</p><p>
Meanwhile, social media giveaways have increased to try to help people in need, and bad actors have found yet another avenue of opportunity, targeting those peer-to-peer payment apps like Apple Pay, Cash App, Venmo and PayPal.
</p><p>
Narang has been studying Cash App, specifically, which has also found generous influencers to help with increased giveaways during this pandemic. Scammers would tell victims to send an amount of money, perhaps $10 or a couple hundred dollars, as an alleged processing fee before the person would receive a larger amount. However, once the amount was sent to the scammer, that person would block them and their larger payout would never arrive. The scammers have also created accounts to impersonate influencers who then solicit those initial processing fees, easily reaping money from a large number of unsuspecting targets, Narang said.
</p><p>
"If it sounds too good to be true, it probably is," Narang said. "You should think that you would never have to pay money upfront to win a giveaway if you're being offered money, like by Cash App or one of these influencers."
</p><p>
He also noted that you should never get an incoming request for money.
</p><p>
Despite
<a href="https://www.latimes.com/california/story/2020-03-27/coronavirus-crime-lapd-reports-drop-march" target="_blank">overall crime amid the shutdown and physical isolation being down</a>, criminal activity in the virtual world has seemed to follow the ebb and flows of the virus, IBM found.
</p><p>
As the virus traveled -- in January and February hitting China and Asia hard, in March hitting Europe hard, and March to April hitting North America hard -- malicious activity and spam campaigns from those particular regions also decreased, Whitmore said.
</p><p>
Those traditional attack groups, from cyber criminals to nation-state actors, are "all back in full force, right after taking a bit of a hiatus for a few weeks, depending on what region they were in," she said.
</p><p>
Whitmore said she's seeing not just spam campaigns but also an increase in attacks now coming from cybercriminal groups and those often more sophisticated nation-state actors that are leveraging COVID-19 to entice users to engage.
</p><p>
That includes
<a href="https://www.nytimes.com/2020/05/10/us/politics/coronavirus-china-cyber-hacking.html" target="_blank">recent reports about countries trying to use their electronic attackers to steal vaccine information and patent information</a> in the race to battle the virus and make money off of it too. While other nation-state hackers are trying to exploit the pandemic to target critical infrastructure like the energy, finance, water and power sectors. Such sectors are especially vulnerable to remote access attacks.
</p><p>
Ransomware is another ongoing concern, as it lures the victim to a sketchy link, which enables a hacker to lock you out of your system until and unless you pay them a fee. In the realm of healthcare facilities and hospitals, treating patients, such targeting on an already overloaded system, can be particularly detrimental.
</p><p>
In a scam in March, the malicious actors purported to provide a downloadable version of the Johns Hopkins University's coronavirus tracking map that could live on your computer.
<a href="https://releases.jhu.edu/2020/03/17/johns-hopkins-university-statement-on-malware-disguised-as-covid-19-map/" target="_blank">It was malware</a>.
</p><p>
Tenable's team had also discovered a cybersecurity vulnerability that allowed a bad actor to potentially pretend to be the shopping app, Instacart, and message any user with a link that could then install malware or be used to phish for their online credentials. Narang said that
<a href="https://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-research" target="_blank">Tenable immediately informed Instacart and the company quickly patched it on their site.</a>
</p><p>
"The takeaway for everyone is, if it's not something you signed up for. And it's unsolicited, then you've got to watch out," Belk said.
</p><p>
<em>For more details from the panel and tips on how to protect yourself while working from home, check out <a href="https://www.youtube.com/watch?v=XE_b2QvKn8Q&feature=youtu.be" target="_blank">dot.LA's virtual panel</a>.</em>
</p>
<img lazy-loadable="true" src="https://dot.la/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMzI3ODQzNy9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTY1NTE1NzE2Mn0.NMzjMRyrFhPxNx21ABLXNkguzujzP5hmHViT690aNP0/image.jpg?width=980" id="32ce9" class="rm-shortcode" data-rm-shortcode-id="6eb13c0ccc955d2864a34206354976d1" data-rm-shortcode-name="rebelmouse-image" />
Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence
Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence
<p>Wendi Whitmore is a technical leader with almost 20 years of experience in incident response and data breach investigations. At IBM, Wendi was instrumental in creating IBM X-Force IRIS which includes the global X-Force Incident Response, Proactive Services, and Threat Intelligence practices. In her role, she leverages people, infrastructure, data and technology to drive the capabilities of detection and defense against targeted threats for global client organizations. Before joining IBM, Wendi held executive level positions at CrowdStrike and Mandiant, where she was responsible for professional services offerings. Wendi began her career as a Special Agent conducting computer crime investigations with the Air Force Office of Special Investigations.</p><img lazy-loadable="true" src="https://dot.la/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMzI3ODQ0MC9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTYzMjM3MjA5M30.zt08gRTSbw8yi8WUBOFG0WvDiUI73vvLw2RMZdpCsYA/image.jpg?width=980" id="5ce80" class="rm-shortcode" data-rm-shortcode-id="2d6d6c45abac7cac50dc73ced36ead13" data-rm-shortcode-name="rebelmouse-image" />
Joshua Belk, CEH, Executive Director of the LA Cyber Lab
Joshua Belk, CEH, Executive Director of the LA Cyber Lab
<p>Joshua Belk is currently the Executive Director of the Los Angeles Cyber Lab, a non-profit providing threat information to LA Business community. Joshua is a former CSO for the FBI, has held various information security leadership roles with Fortune 200 companies and recently returned from a year long deployment with the Joint Special Operations Command, as reserve US Naval officer. With over 20 years in the security industry, Joshua brings a unique public-private sector experience to any conversation.</p><img lazy-loadable="true" src="https://dot.la/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yMzI4MzU0NS9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTYyMzMzOTE3NH0.BzS7CVNaQ57-dOzHXs4BLCVg8jZ7umscx4amV6qXN-g/image.png?width=980" id="2d20e" class="rm-shortcode" data-rm-shortcode-id="d376aa15a8bae2fb357399a342092555" data-rm-shortcode-name="rebelmouse-image" />
Satnam Narang, Staff Research Engineer, Tenable
Satnam Narang, Staff Research Engineer, Tenable
<p>Satnam Narang serves as a Staff Research Engineer on Tenable's Security Response team, where he is responsible for providing technical analysis and remediation recommendations for critical vulnerabilities. Satnam is also a longtime expert on social media scams, conducting research into novel financial scams on <a href="https://www.tenable.com/blog/instagram-porn-bots-evolve-methods-for-peddling-adult-dating-spam" target="_blank">Instagram</a>, <a href="https://www.tenable.com/blog/tiktok-scams-how-popular-apps-and-services-become-new-havens-for-scammers" target="_blank">TikTok</a>, <a href="https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app" target="_blank">Cash App</a> and more. Before joining Tenable, Satnam worked as Senior Security Response Manager at Symantec and Threat Analyst at M86 Security. He also contributed to the Anti-Phishing Working Group, helped develop a Social Networking Guide for the National Cyber Security Alliance, uncovered a huge spam botnet on Twitter and was the first to report on spam bots on Tinder. He has appeared on NBC Nightly News, Entertainment Tonight, Bloomberg West, and the Why Oh Why podcast.</p>From Your Site Articles
- Event: How to Practice Cybersecurity at Home - dot.LA ›
- Palantir Tech on Protecting Personal Data During the Coronavirus ... ›
- USC Gets Funds to Create a Contract Tracing App for Students - dot ... ›
- Open Raven Data Security Firm Raises $4.1 Million - dot.LA ›
- Column: Adjusting to the New Normal When Office Life Resumes - dot.LA ›
- Column: Adjusting to the New Normal When Office Life Resumes ›
Related Articles Around the Web
Read more
Show less