In military operations, the phrase “fog of war” refers to the uncertainty faced by commanders during a military engagement. Similarly, the chaotic and disjointed response to the Wuhan Coronavirus (COVID-19) is a societal “fog of war.”
Much has, is, and will be written about the preparation, response and outcome of the COVID-19 virus. What concerns us most are the second-order effects that our society is undergoing, and the dangers these present. How governments, schools, and businesses respond to COVID-19 will have significant and wide-ranging social and economic consequences.
These entities are sending students and workers home and shifting learning and work to untested online platforms that have largely been cobbled together in a few days’ time. This unprecedented move to an online environment provides malicious actors with a greater attack surface from which to wreak havoc on the United States. Our governmental systems, public records and critical infrastructure all are now at much greater risk.
According to Cyber Insurance startup Coalition Inc., 59% of all cyber attacks against public and private entities are either ransomware (24%) or business email compromise (35%), however the emerging cyber activities related to COVID-19 are likely to be a hybrid of both.
Malicious actors leverage our human psychological behaviors against us. In times of uncertainty, we wish to share “updated and special” information with our friends and family, so we seek, click and share this information. This is a natural positive interaction, but it is also a method by which computer viruses are shared just as physical contact spreads COVID-19.
In short, it is easier for cyber criminals to get you to spread malware than it is for them to hack into individual computers – and it is only going to get worse. Dark web forums, where hackers congregate, now are having sales on malware code used to infect and take control of other computers. According to the Internet researchers at Check Point, COVID-19-related domain name registrations have exploded in the past three weeks. The researchers classified nearly 20% of the new websites (2,200 of them) as “suspicious,” while 93 of them contained identifiable malware.
Countering these cyber criminals will require increased vigilance in our information and cyber awareness postures. Much like changing the compulsive behaviors that spread COVID-19, individuals and entities must take steps that are not popular or convenient.
First, while working remotely, be sure to follow the policies and procedures established by your network administrators. Don’t try to go around them because they are inconvenient.
Secondly, the most common type of attack is credential phishing through email. This occurs when someone gets an email that look legitimate, but is sent by a hacker seeking to gain access. Oftentimes these emails seem to be sent by someone you know who has forgotten the password to the shared drive. If you get this sort of email, make sure it is actually sent by the person purporting to send the email. The best defense against this is that network administrators should require two-factor authentication, especially for VPN and email logins.
In the past few days we have seen examples of what we’re talking about: Last Friday at a DC coffee shop, several senior government employees, who should know better, were seen working on their government laptops after having connected to the free public Wi-Fi. Over the weekend, the US Department of Health and Human Services (HHS) suffered a cyber attack aimed at slowing down the COVID-19 response and coordination. These incidents are the tip of the iceberg of what we’re about to face.
The United States is the country best prepared for a pandemic, according to the Johns Hopkins University’s 2019 Global Health Security Index. We will get through this. While rightly focused on our personal hygiene, we each need to also observe digital hygiene. Follow the instructions of your systems administrator. Do not use unknown or public Wi-Fi.
Michael Krull is President & CEO of CRA, Inc., and an adjunct professor teaching politics and public policy at Georgetown University. He also participates as a lecturer for the Georgetown Global Education Institute, which brings senior government leaders from the Pacific Rim to the United States for short-term study tours.
Jeremy Turner is a cyber security researcher, dedicated and addicted to finding and solving new challenges in the cyber security world. His experience spans public, private, defense and intelligence organizations, both in the US and with many partners abroad. Currently, he is working to solve cyber risk by building advanced analytic tradecraft at San Francisco-based Coalition Inc.
All opinion articles are the opinion of the author and not necessarily of American Military News. If you are interested in submitting an Op-Ed, please email [email protected].