Symantec Security Summary #5

As the competing political parties get ready for the November elections, they’ll need to figure out the security implications of running for office in the era of social distancing. Apart from pandemic-related news, the upcoming 2020 presidential election remains the other big story that’s raising significant security-related concerns. As the political campaigns shift their operations online - a result of coronavirus stay-at-home orders - they are preparing for a barrage of cyber attacks, disinformation, and pranks all designed to undermine the election process. While increased online activity provides more opportunity for hacking, there are also more would-be perpetrators sidelined from the workforce who see election interference as a fun distraction.

Clearly, the coronavirus also complicates the question of election security. Anyone working in a campaign must assume they are targets. But with voter contact shifting to digital and phones, reports suggest that the campaigns aren't fully using a security protocol that prevents hackers from sending emails pretending to be from their campaign website domains.    

That extends to using popular videoconferencing services. Zoom, a videoconferencing service that was relatively obscure pre-pandemic, is now the go-to option for many organizations using it to hold conference calls. And given its meteoric rise, there is no surprise that Zoom is now a popular target for cyber security malfeasance. In April alone, the service and its burgeoning community of users have been subjected to an array of security and privacy events, including online harassment, spying, and unapproved data sharing with Facebook. So it’s hardly a surprise that the FBI issued a warning advising Zoom users to keep their meetings private and use participant-screening features. That’s probably sage advice for the major political parties as the campaigns learn lessons – sometimes the hard way – about digital town halls.

* * * 

Pandemic funding. Amidst the industry bailouts, small business loans, and unemployment expansion designed to deliver stimulus and economic relief during the COVID-19-induced tsunami, leading tech industry groups are lobbying Congress for their own funding. The Internet Association, CompTIA, the Cybersecurity Coalition, the Alliance for Digital Innovation, the Center for Procurement Advocacy, and the Information Technology Industry Council sent a letter to congressional leaders making the case that the next Coronavirus stimulus package should include funding for IT modernization and cyber security. They argue that additional IT investment is required to ensure the nation can effectively respond to the crisis. The initial $2 trillion stimulus package included $200 million allocated to boost telehealth services and for the Department of Homeland Security’s cyber security agency.

* * *

Even before the coronavirus outbreak, hospitals and health-care providers remained among the top targets of ransomware attackers. But as the public health crisis rages, cyber attacks and digital scams targeting healthcare infrastructure here and abroad are surging. In a couple of the more high-profile cases, hackers shut down the computer systems of a healthcare business in Illinois until they paid up $300,000 in ransomware. Meanwhile, computer systems at two regional hospitals in the Czech Republic also came under attack.

This is a depressingly familiar narrative. Hospitals are particularly vulnerable to ransomware. Not only can’t they afford downtime but they are often ill-prepared to handle cyber security attacks. It’s also why they’re a favorite target of ransomware attackers. Indeed, after the latest attacks, the Department of Homeland Security and Interpol warned hospitals around the globe to be on guard against a significant increase.

* * *

No “digital cease fire” in the offing: Researchers investigating potential treatments for the coronavirus may become targets of cyber attacks, warned the FBI. Speaking recently at a panel hosted by the Aspen Institute, the agency’s Deputy Assistant Director Tonya Ugoretz said that nation-backed hackers are trying to steal information from companies that are researching coronavirus treatments. “We have certainly seen reconnaissance activity and some intrusions into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research,” she said. Without getting more specific, she said that state-backed hackers had often targeted the biopharmaceutical industry but added that “it’s certainly heightened during this crisis.” You may recall that United Nations Secretary General António Guterres called in March for a stop to all conflicts during the pandemic. His under-secretary followed up a few weeks later with an op-ed appealing for an immediate digital cease-fire.

Not only is the message not getting through but the attacks against the Czech Republic’s health sector sparked particular concerns because of the link to the COVID-19 pandemic. Any cyber attack that claimed the lives of coronavirus patients would likely prompt serious retaliation and could draw countries into a military conflict. It remains unclear who was behind the latest round of attacks in the Czech Republic – the country’s airport was also victimized by a cyber attack – but the incidents stoked fears that a nation-state may be involved. Without naming names, the country's cyber security watchdog warned of a wave of expected cyber attacks on the country's critical infrastructure. The incidents meanwhile drew a warning from US Secretary of State Mike Pompeo that “anybody engaged in such activity should expect consequences."

* * *

In reaction to the COVID-19 outbreak, the business world has let its employees work from home to reduce their potential exposure to contagion. But that shift led U.S. security experts to warn about the growing threat of cyber attacks that target Americans working from home where there aren’t sufficient safeguards in place on par with secure office environments. Their concerns have proved well-founded with researchers reporting a surge in the number of infected enterprises around the world due to organizations unknowingly sending their employees to work from home (WFH) with already infected computers during the COVID-19 pandemic. Researchers from Arctic Security and Team Cymru now report the number of compromised organizations in Europe and the U.S. more than doubling between January and March 2020.