By Dayo Benson Editor Politics, Law & Human Rights New York
Cybercrime has spiked since Coronavirus scourge swept through cities. Social distancing has not deterred scammers. At times like these, unsuspecting people fall easy prey.
Threats of cybercrime are however preventable. These challenges are the focus of a virtual media briefing at the behest of New York Foreign Press Center, NYFPC. The video conference, provided an insight into current cyber landscape in the United States. Recent threats, including breaches and motivations of cyber adversaries are examined. Mr. Edward Stroz, Co-President of Aon Cyber Solutions, speaks to these issues.
Mr. Stroz is the founder and co-president of Stroz Friedberg, an Aon company. The firm is a global leader in investigations, intelligence, and risk management. He oversees the firm’s growth and clients developments while ensuring the maintenance of its distinctive culture. Before starting the company, Stroz was a special agent with the FBI. There, he formed FBI computer crimes squad in New York.
In this briefing , he also discusses how COVID-19 can attract bad actors. He equally put his finger on what healthcare industry is doing to deter hackers.
His views expressed in this briefing are personal. They do not represent those of the United States Government.
“So greetings, everyone, and good day if it’s afternoon where you are. It happens to be late morning where I am. And I think it’s too important not to start off by saying that I hope everyone and their families are well during these extraordinary days, which are worldwide.”, he says after responding to the moderator’s “nice introduction”. He continues,
“This session that I will focus on has to do with cyber risk in that I think there are almost parallel lessons between what we are seeing in the relationship to the COVID-19 problem and even some of the concepts related to how cybersecurity has to be managed by companies.”
He speaks on the current risk: “So I have three main areas that I’d like to start with. I’ll be brief in some opening comments. One is some trends that we are seeing in the communities that we service and with our clients; secondly, some of the specific attacks that we are encountering in the current environment; and then thirdly, some points about implications for security to improve and the kinds of things that companies and individuals can do to try deal with this enhanced risk.
“So specifically, what we are seeing in the way of trends – first of all, if you are wondering, are cyber attacks slowing down in this environment with COVID-19, they are not. In fact, they are increasing. And I was recently on a webinar hosted by one of our law firm clients that had said in their experience, they are seeing a five-fold – that would be five times – increase in the types of cyber crime that their clients are experiencing. Specifically, what you see quite a bit today are attacks on computer resource availability, specifically ransomware attacks, and these are – I think most of you are familiar with that term, but a ransomware attack is an attack with malware that will encrypt a computer that is infected with malware – that is, ransomware – and the only way to decrypt it so it can function again is to pay some type of a ransom to the adversary that installed the ransomware. And they usually want to be paid in the form of a cryptocurrency, usually bitcoin.
“Another trend that we’re seeing is that the vulnerabilities of our clients are also increasing, mostly because their staff cannot come into the office. So, in order for companies to function in this environment, if you’re in an area where people are not supposed to go to work or your company does not want people to come to the office, then the staff are at home using whatever resources they have at home to function. So if you were using your home Wi-Fi network, if that home Wi-Fi network is not as secure as it should be, you have new vulnerabilities. If somebody is using their personal computer, or their iPhone, or the devices and things, just to be functional, they may not be able to enjoy the security features that the employer and the company put in place when they were working from the office.
“And also, if you were working from home and if you were targeted by an adversary, the adversaries can usually learn quite a bit about your home, where you live, what kinds of things you’re doing, what features make up your lifestyle at home, and as we’ll see when we talk a little bit more, they may target you more effectively because of that. This is all about, I would say, new ways to trick people, because many of the cyber attacks today begin with a root cause of tricking somebody to either click on an attachment, or to click on a link, or in some way be fooled to do something because the person who is receiving the communication does not realize it is coming from an adversary.”
From general trend, he speaks to specific issues. These include cyber attack on health care organizations, false information on COVID-19, supply chain disruption as it affects PPE (Personal Protective Equipments), economic stimulus check tricks and attack on targeted organizations. “So those are some of the big sort of trends that we’re seeing. If we switch into the specific types, be a little bit more specific, what we’re seeing is that there’s a targeting of health care organizations. Now, this is especially impactful. It’s especially sad. But if you are in the business of providing health care services, whether you are in the private sector or even in government, adversaries are using this as an opportunity to try to exploit the dependency that people have on this. We’ll talk about some specific examples, but it’s been in the press that in the United States Health and Human Services, a federal agency, has been attacked in this way, as has the World Health Organization, the WHO. Again, malware and ransomware have been targeted to varying degrees of success to these organizations, and this has really ramped up in the context of people’s dependency and expectation to be going to these – to the websites of these organizations.
Stroz delves into more details “A second specific type of attack would be a financially motivated threat, where what we’re seeing on the dark web – this is the part of the internet that you can’t access through your normal browser – but on the dark web, where malware is developed and offered for sale, that malware with a price tag of anywhere between about $400 to $1,000 U.S. is being offered. “Much of the dialogue that we have seen on the dark web about this is in – not just in the English language but also in non-English languages such as Russian and Chinese. And they are offering malware such as specific, custom-made ransomware today that is designed to exploit people’s concerns about the COVID-19 infections. So the – when you receive an email that is coming from an adversary, it will often be crafted to look like it is helpful information or advice about COVID-19 and people will click on that, and by that simple action of clicking, they can be infected with malware. Most of that malware is aimed at Windows systems, but there is also some evidence that the exploits are making use of Java-scripting.
“Other areas specifically would have to do with the supply chain, disruptions of what has been called PPE, personal protective equipment. “So this is the kind of equipment that people, especially health professionals, wear when they are in hospitals and servicing patients so that they themselves don’t get infected: face shields, wraps for your body, gloves, face masks, things of that nature. And you will see because there is a demand for this that adversaries are offering through fraudulent emails and other websites, an opportunity, they say, to purchase or find these kinds of PPE for sale. And when you actually click on it or follow the link, you wind up receiving the malware that was hidden inside.
“We also will see – and I think we’ll see this more in the future – fraudulent lures for economic stimulus checks, because there are many people out there who are aware from reading the news and listening to the news that there are economic stimulus checks to help with this time, and adversaries are crafting their attacks so that they purport to be associated with a way to get information about these programs, when in actuality they are adversaries looking to install malware on your computer.
“And lastly, I would say we also see examples of some of the extremist groups trying to take advantage of the current situation in the world to sort of encourage their followers to use this time of disruption to try to go after and attack the organizations that they hate and to encourage their people to use this current situation to be able to be more effective in their adversarial actions.
Stroz however explains recommendations often made to clients which may make them less vulnerable: “With that, I just want to quickly talk about some of the actions that can be taken, and then I’ll be happy to after that open it up for questions.
“So what do you do in a situation like this? You’re aware of the attacks that can be launched, that they are being updated for taking advantage of the current concerns that people have. Well, for one thing, you can plan for the possibility that you will experience this. So most of our clients are companies, but we also have individuals who are clients, and we always tell them: Plan for an incident. A good plan that you can think of is better than the perfect plan that you never get around for.
“If you experience an attack this way and you are victimized say, for example, by ransomware, how would you recover? And there is no single, simple answer to this because it depends very much on the technologies you use, the resources you have, and the things you have put in place in advance and how you use them. But you can be guided through this, just as you can with any other type of an attack.
“We also recommend that now is a good time for companies to institute awareness training for their employees, to know what to look for and know what to do if you experience it. So when I talked about the kinds of emails that can carry malware and ransomware, we can help companies by telling them that they are more likely to experience something like this today; it is even more likely that a risky email will come in, in some way tricking you around the COVID-19 infections, and that you should be that much more skeptical about clicking on something rather than trusting it.
“We also tell companies and people to evaluate your critical suppliers. If your suppliers that you depend on are sophisticated in their cybersecurity, that will be better for you, because you depend on that supplier. On the other hand, if you don’t know about the cybersecurity, the degree of sort of sophistication they have and what they’ve done, their vulnerability – because they are a supplier to you – will introduce a vulnerability back to your organization.
“We also believe it’s important to monitor for threats. You heard me talk before about how we monitor the dark web for our clients. Clients who can monitor or have those services should be emphasizing the importance of doing that frequently and specifically at this time know that you may be more likely to be targeted and that you may see indications of being targeted on the dark web during these days, more so than even before COVID-19.
“And then lastly, I’d just say it’s a good time to use the fact that people are working from home, may have a little bit more time, and can take the effort to identify their security vulnerabilities and patch them. Every company has vulnerabilities. There’s nobody who is perfectly protected. But this can be an opportunity more important to look at those vulnerabilities and to be able to prioritize addressing them. Because if they get exploited, the fact that people are all working from home may hinder and make it more difficult for you to recover.”