Coronavirus: US laptops and home devices are exposed to cyberattacks as millions stay home
- As millions of Americans have been ordered to work from home to contain the spread of the virus, data is now being transmitted outside secure business networks
- Information security professionals have sounded the alarm about digital attacks from US adversaries such as Russia and China
From stealing data to disseminating misinformation, hackers are taking advantage of the US at an especially vulnerable time during the war against the deadly outbreak.
Millions of Americans have been ordered to work from home to contain the spread of the virus and thus an unprecedented amount of data is now being transmitted outside secure business networks, making it a treasure trove for hackers.
These unsecured home portals also provide opportunities for hackers to spread misinformation.
“The conditions are really heightened right now to enable bad actors to have a higher probability of success in gaining access via cyberattacks,” said Mike Rogers, a retired admiral and former director of the US National Security Agency.
The data security of video conferencing app Zoom, which saw its daily users soaring to exceed 200 million in March, has become a subject of concern. Its Windows client, security experts say, is at risk from a flaw in the chat feature that could allow hackers to steal the logins of people who click on a link. Another bug could allow attackers to access to Mac users’ webcams.
“You are seeing nation states who are using Covid-19 as a vehicle to remotely access systems,” said Rogers, without giving specific examples. “It’s the same characters using the same kind of methodologies in many ways that you’ve observed before.”
Unknown attackers were recently reported targeting the US Department of Health and Human Services (HHS) computer networks, aiming to overwhelm the system.
Commenting on the recent HHS incident in an interview with the Associated Press, Attorney General William Barr said that “when you’re dealing with something like a denial of service attack on HHS during a pandemic, that’s a very grave action for another country to take”.
“So, if it is another country doing this, I’m sure the ramifications will be severe.”
Marriott, which runs the Ritz-Carlton, Sheraton and Westin chains, announced just 16 months ago it was victim to a cyberattack in which hackers obtained information on as many as 383 million guests. The US Federal Bureau of Investigation suspected the hackers were working on behalf of the Chinese Ministry of State Security, the closest equivalent to the CIA.
It wasn’t clear who was behind the attack the hotel manager announced Tuesday, but the company said the incident was under investigation.
Misleading text messages were sent to cellphones across the country last month claiming that President Donald Trump was going to announce a national quarantine.
Both the FBI and the Cybersecurity and Infrastructure Security Agency have warned Americans to watch out for phishing emails while working from home.
“This is the time to double down on technical measures such as encryption to the extent that’s possible,” said George Little, head of the Washington office specialised in cybersecurity at crisis-management firm Brunswick Group. “Push additional security capability out to your remote workforce because their laptops, their remote access devices are now your company’s front line.”
Email fraudsters have tried to get executives to move money to fund vendors, operations, and virus-related-response activities, according to a McKinsey report published in March.
While many corporate security chiefs and other executives have drawn on their experiences with past crises to respond to the early stages of the Covid-19 outbreak, the pandemic’s vast scale and unpredictable duration are highly unusual, lead author Jim Boehm said.
“The current global chaos is just a really ripe opportunity for sophisticated and nation-state actors to take advantage of,” said Yasmin Brooks, a former cyber official in Britain.
We should be thinking about the broader economic or political targets that “could be compromised now even if the impact is invisible for some time,” said Brooks.
The main concern about including Huawei equipment in American 5G infrastructure is that its kit might contain “back doors”, security holes that could create pathways for Chinese spies or hackers.
Such fear is more prominent as the pandemic “is magnifying the digital age we are already in by several times,” said Little at Brunswick Group.
Sign up now and get a 10% discount (original price US$400) off the China AI Report 2020 by SCMP Research. Learn about the AI ambitions of Alibaba, Baidu & JD.com through our in-depth case studies, and explore new applications of AI across industries. The report also includes exclusive access to webinars to interact with C-level executives from leading China AI companies (via live Q&A sessions). Offer valid until 31 May 2020.