While the coronavirus crisis has caused the Pentagon to transition to allowing eligible employees to work from home, the department said on Monday that it has seen a surge in “spear-phishing” scams directed at its employees.
Spear-phishing is email scams aimed to get potential victims to open links in emails that put their computers, which could contain sensitive information, at risk of hacking. Air Force Lt. Gen. B.J. Shwedo, the chief information officer for the Joint Staff, added at the press briefing that the scammers are aiming to get usernames and passwords, or insert malicious software by posing as trustworthy entities.
Shwedo declined to name any top officials who had been targeted, saying that it “would give the bad guys insight on who we’re tracking.”
“We are getting better and better at getting their TTP [tactics, techniques and procedures] and finding out where these threat vectors are coming from,” Shwedo added.
Department of Defense Chief Information Officer Dana Deasy described the spike in the number of spear-phishing attacks as a “shotgun blast.”
The Defense Department has frequently singled out China and Russia in the past as the source of previous cyberattacks, but Deasy also declined to say who was responsible for the attacks.
Deasy added that one factor keeping the Defense Departments workforce secure “is the fact that we don’t publish where we get the attack vectors from, because that would just give insight to the adversary to know how to vector and pivot and change their tactics and techniques.”
The DoD is letting hundreds of thousands of its personnel work from home across all branches of the U.S. military around the world to limit the spread of the coronavirus, which has infected nearly 600,000 people in the United States.
“The way we work has changed dramatically within the last month,” Deasy said, adding the effort aims to achieve “maximum telework capability.”
Deasy also said that a “COVID-19 readiness task force” has been set up to oversee the change. Laptops, tablets and network security equipment has been distributed to about 2,000 teleworking DoD personnel, Deasy added.
The task force was able to efficiently increase its capacity to set up two military field hospitals in New Orleans, according to Deasy. The site needed a one-gigabyte capacity that would have normally taken months of planning, but the job was completed in one day, he said.
“The Army alone has roughly 800,000 telework-enabled members on the DoD networks and the overall demands are increasing daily,” Shwedo said.
“The Navy, for instance, which just had 100,000 remote workers on its network before the pandemic, currently has 250,000 workers, and planned improvements in the next two or three weeks will bring the total [in the Navy] to 500,000 remote users,” he said.