Cybersecurity

Foreign cyber criminals take aim at Americans working from home

Federal officials and experts are warning that foreign cyber criminals are targeting U.S. businesses and Americans who are working from home on less-secure networks during the COVID-19 pandemic.

Millions of Americans have shifted to working at home indefinitely to help halt the spread of COVID-19, placing them outside of more secure office networks and away from company IT professionals. 

According to a senior intelligence official, foreign cyber criminals are taking notice. 

"We see extensive criminal use of ransomware, some of which are clearly Russian criminals, there is a lot of that there," the official told reporters Wednesday on targeting of American companies and employees. "We do carefully pursue where we see nation state usage, that is certainly an area of intel development as well."

Ransomware attacks, which have spiked during the pandemic, involve a hacker gaining access to a network, encrypting it, and demanding payment to allow the user access again.

The official's comments were made in response to questions around a report published last month by Symantec, a division of cybersecurity group Broadcom. 

Symantec's Critical Attack Discovery and Intelligence Team found that a Russian cyber criminal group known as "Evil Corp" was targeting Fortune 500 companies, in at least one case potentially accessing networks of U.S. newspapers by targeting company employees. 

Evil Corp was previously sanctioned by the Treasury Department in December for allegedly stealing more than $100 million from banks and financial institutions in over 40 countries. 

Marc Rogers, the executive director of cybersecurity at software group Okta, told The Hill he was not surprised that foreign-based cyber criminals were targeting Americans during the pandemic, describing the current situation as a "golden opportunity."

"This is an unprecedented opportunity for them, there has never been a worldwide event of this scale during the digital era," Rogers told The Hill on Thursday. 

Rogers is one of the leaders of the nonprofit CTI League, which is made up of between 1,900 and 2,000 volunteers in dozens of countries from fields including information security, law enforcement and telecommunications. The goal of the group, set up earlier this year, is to thwart malicious cyber activity aimed at a range of critical sectors during the pandemic.

Rogers said the group had seen a mix of both nation states and "amateur" hackers targeting teleworkers.

"We are seeing them both take advantage of the chaos and the fact that people are isolated, but we are also seeing them take advantage of the noise," Rogers said of nation state efforts. 

While he would not name which countries were behind the targeting, he described them as "the regular names" usually involved in malicious cyber activity.

"I don't think I've seen a well-known nation state that is not partaking in this," Rogers said.

Russia, China, North Korea and Iran, all of which have tense geopolitical relations with the U.S., are widely considered by officials and cybersecurity experts to pose the greatest danger in cyberspace.

Tom Kellermann, a former member of a presidential cybersecurity commission during the Obama administration, told The Hill that traditional "Cold War adversaries" were currently targeting American companies and their employees. 

"I would say American cyberspace right now looks a lot more like Iraq or Syria, it's a free-fire zone, a multiplicity of actors, and it's getting worse," Kellermann, who currently serves as the head of cybersecurity strategy at cyber group VMware Carbon Black, said. 

Cyberattacks have spiked during the COVID-19 pandemic across every sector, with hospitals, research groups and banks common targets. 

Kellermann said his company had tracked a 900 percent increase in ransomware attacks this year as coronavirus spread around the country, an issue compounded by overstressed internet infrastructure as Americans worked from home and went online more than ever before. 

"America is under siege, our Cold War adversaries are fully appreciative of the weak security posture America is in due to telework, and the disorganized nature in which we choose to respond," Kellermann said. 

Federal agencies are taking notice of the vulnerabilities faced by Americans working from home. 

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), one of the top federal groups involved in responding to malicious cyber activity, released guidance on Wednesday to help these employees and their companies take steps to defend themselves.

Recommendations included prioritizing cybersecurity training and implementing security safeguards to ensure individuals outside the company cannot gain access to a network. 

CISA Director Christopher Krebs said in a statement that it was "critical" that Americans be aware of the cyber vulnerabilities they face.

"As many organizations over the past few months have switched to maximum telework capabilities, employees are connecting from more devices and through different networks, potentially opening an organization up to greater risk," Krebs said. "Now more than ever, it's critical that employees view themselves as a first line of defense and that organizations empower them to be a part of its cybersecurity risk management plans."

The National Security Agency (NSA) issued a separate advisory warning of vulnerabilities to virtual private networks (VPNs), which many Americans are using to access sensitive company networks from home. 

The agency listed ways to protect VPNs, which are critical to enabling telework, specifically encouraging organizations to implement strong cryptography and patch management on these systems.

"VPNs are essential for enabling remote access and securely connecting remote sites, but without proper configuration, patch management, and hardening, VPNs are vulnerable to attack," the NSA wrote in the advisory

Rep. Jim Langevin (D-R.I.), chairman of the House Armed Services Committee's cyber-focused subcommittee on intelligence and emerging threats and capabilities, told The Hill in a statement that it was essential that Congress take action to protect Americans working from home.

"With more people working from home, the attack surface has become much larger than it was several months ago," Langevin said. "The COVID-19 outbreak has placed an emphasis on the need for a forward-leaning national cybersecurity strategy."

Langevin emphasized the need for a national cyber director to take charge at the federal level. This is a key recommendation of the Cyberspace Solarium Commission, a group formed by Congress to give recommendations to defend the U.S. in cyberspace, which Langevin serves on.

More than anything, Rogers highlighted the need for Americans themselves to be aware of the risks they face, not to rely on the "umbrella" of company protection when working outside the controlled office space, such as being more suspicious of coronavirus-themed emails. 

"If we limit our activities and act with extra skepticism during this period, we can reduce the number of incidents that happen," Rogers said.

Outbrain