BY BRIAN FINCH
© Getty Images
Hackers rarely let a good crisis go unexploited, and the coronavirus has proven to be no exception. Multiple law enforcement alerts have detailed the dramatic spike in the use of COVID-19 themes by cyber criminals as a way to lure unsuspecting users into downloading malware.
Such scams are garnering a lot of attention, and executives across America are warning their technology teams to be on alert for them. But it is critical to remember those attacks may just be the first wave of pandemic-related cyberattacks.
Propelled by the need to “socially distance” as way to minimize the spread of the COVID-19 virus, the American economy is in the midst of a hurried shift to telecommuting. That unplanned surge is straining corporate network systems, offering nation-state hackers an undreamed-of opportunity to unleash a second wave of more comprehensive attacks on American businesses.
Foreign hackers for years have been laying the groundwork for just this moment. China for instance has been preparing by engaging in a decade-plus campaign to saturate American corporate systems with networking gear manufactured by military-backed companies. That gear, which is pre-loaded with backdoors, has given their hackers potential access to many critical corporate networks inside the United States.
Iranian cyber warriors, meanwhile, have been stealing passwords to and possibly setting up backdoors in the “Virtual Private Network” servers that countless American businesses rely upon to allow secured out-of-office access to their systems. Armed with those covert VPN entry tools, Tehran now has the ability to log in to compromised systems and — at their leisure — fiddle with them as its hackers see fit.
Those successful exploits have generally remained dormant, as they are most likely to succeed when IT professionals are overwhelmed with other tasks. The COVID-19 driven shift to telepresence, which is requiring herculean efforts on the part of IT and cybersecurity professionals to be sustained, presents just that opportunity.
Some American companies have had workers remotely connecting for a few weeks, but with the recent lockdown on large gatherings, the number of businesses having to accommodate remote working has ballooned.
Corporate America’s challenge in shifting workers to remote platforms has been made all the more difficult by the simultaneous movement of other sectors, like the American education system and even the federal government to telepresence.
That tectonic shift to remote internet usage has left corporate American scrambling to meet internal demands, and their hasty efforts to expand networks have been primarily focused on preventing them from collapsing under the exponential increase in user demand.
That focus on generating stable networks, while understandable, has also led most IT professionals to pay scant attention to the aforementioned hacking threats slowly being husbanded by foreign nations.
Countering those threats should in fact be addressed with utmost urgency, as they represent serious weaknesses in America’s key networks at a time when they need to be more secure than ever.
Consider that the carefully collected VPN exploits have put hackers in a prime position to slip into corporate networks, sliding past technicians distracted by keeping the avalanche of new users simultaneously logged in.
Meanwhile companies are being forced to leave in place compromised routers and switches from even the most suspect of manufacturers, as removing them would lead to a degradation of network capacity at the exact moment when it is valued most. The continued presence of that compromised infrastructure — which, ironically, the President just signed a law allotting $1 billion to remove — gives Chinese hackers a very tempting vector by which they can penetrate American networks.
What is unknown about this second wave COVID-19 hacking is whether it will be conducted with an eye towards reaping rich economic rewards or causing even more pain to the American economy.
It could go either way, frankly: The various exploits could be used simply to suck up unparalleled amounts of sensitive corporate data that would be otherwise be nigh impossible to extract.
At the other extreme, the Iranian hackers who have been compromising VPN servers are also known purveyors of data-destroying “wiper” malware. The deployment of such destructive weaponry against the U.S. is probably a step too far right now even for a wounded Tehran, but American companies still need to be on alert for just that kind of threat.
It is thus incumbent upon corporate executives to ask their information teams to worry not just about stable user experiences or email scams, but also hackers trying to sneak into their networks. Doing so may be difficult given the temptation to focus solely on the need to keep Americans workers reliably connected, but such vigilance is a must. The failure to do so could easily lead to unnecessarily self-inflicted injury in the midst of an emergency the likes of which America has never before seen.
Brian Finch is a cybersecurity attorney with Pillsbury law firm based in Washington D.C.