Opportunistic agility is running rampant among hackers and scammers.
- McAfee's user base has been seeing an average of 375 new threats per minute during the pandemic.
- Once everyone got situated in their home offices and their company's security teams started taking the appropriate measures, how did the attackers adjust?
- Ransomware on cloud servers, hijack attempts on IoT gadgets and business email compromise (BEC) attacks increased in volume as well as sophistication over the course of Q3 2020.
From a meta-historical perspective, crime waves have a tendency to rear their heads at times of societal chaos, and the sudden arrival of the coronavirus pandemic brought chaotic conditions that were particularly ripe for cybercrime.
In most companies, cybersecurity was a little-noticed casualty in the rush to transform digitally, support remote working, and keep customer-facing apps and services running as the new normal set in. Understandably, organizations prioritized keeping the lights on. Millions of people moved online, including individuals without much experience of working or shopping through the internet, and with equally poor cybersecurity awareness.
There's no debate about whether hacking and other malicious cyberattacks have increased. McAfee alone reports that malware grew 1,902 percent over the past four quarters, and the company's user base has been seeing an average of 375 new threats per minute during the pandemic. It's clear that cybercrime is flourishing in these conditions.
But beyond the many reports that cybercrime has surged, there's been proportionately little talk about how it's changed. Once everyone got situated in their home offices and their company's security teams started taking the appropriate measures, how did the attackers adjust?
Here are four ways that cybercrime has visibly adapted to the changing conditions of 2020.
Deploying pandemic-related attack strategies
One of the notable ways that attacks were especially effective at the start of the pandemic was the manner in which they directly took advantage of the confusion caused by the situation. COVID-19 related phishing emails raised phishing attacks overall by 68 percent. There was also a marked uptick in business email compromise (BEC) attacks, where the criminal masquerades as a legitimate company and attempts to convince the victim that the coronavirus chaos forced them to change their banking details.
Cybercriminals have adjusted their targeting and tactics to follow the spread of COVID-19, with the spike beginning in Asia before shifting to Europe and the U.S. Now, as people are returning to work, phishing emails and malware have switched gears. Instead of claiming to educate you about the virus, they are disguised as guides to helping workers return safely to the office.
"What's clear is that hackers are hoping to capitalize on public fear," says Dr. Alex Tarter, Chief Cyber Consultant and CTO at Thales. "As a global population we have proactively sought out as much information as we can find to help inform our day-to-day lives, but also make us feel safe. Many of instances of cybercrime in the wake of COVID-19 have been designed with this fear in mind."
In this vein, malware, mobile malware and fileless malware have skyrocketed, using pandemic-related topics to play on people's fears and lure them to malicious URLs. Tarter estimates that half of all COVID-19-related domain names created since December 2019 were set up with the purpose of injecting malware, with many of these domains spoofing content from genuine websites in order to mask their intent.
Aiming at broader targets
Another distinct trend is the shift to a broader attack surface. As work moved out of "on-premises" network environments, bad actors have followed us onto the cloud, so cloud-related breaches have increased. Protecting your server isn't sufficient; you need to connect all the dots and cover every connected device, because your cloud-connected printer is the backdoor to your entire organization.
Cybercriminals have long since woken up to the fact that IoT devices are often the weakest links in any system. IoT-focused attacks have grown in number and in impact, with a 46 percent rise in the number of attacks on smart homes, smart enterprises, and control systems that are connected to critical infrastructure.
Taking advantage of urgency and pressure
Cybercriminals are taking advantage of the pressure that organizations are under to remain operational by expanding ransomware attacks, which doubled from 200,000 in Q1 2020 to 400,000 in Q2. Health centers are a popular target, because hackers know that they are overwhelmed with critical patients and can't afford the time it will take to resolve the attack, so they are more likely to give in and pay the ransom than struggle to combat and cure it.
A few weeks ago in Germany, a patient was unable to receive care when a ransomware attack on Düsseldorf University Hospital disrupted the emergency care unit, forcing them to transfer her to another hospital to receive critical care. The patient died during the journey, a cybercrime first.
Credit: Trend Micro
New ransomware families are emerging, using more sophisticated, phased attack strategies that are more difficult to rectify. Trend Micro has identified a 36 percent jump in new ransomware families, compared with the same period in 2019. Hackers know that IT and security teams are operating remotely, without access to their usual tools and processes and often without experience in dealing with an attack remotely, which handicaps their ability to resolve it quickly.
Exploiting remote work vulnerabilities
Hackers have been quick to respond to the sudden rush to remote working. In the urgency of the moment, many companies implemented trusted VPN services for employees working from home, or set up a remote desktop, without configuring them properly, thereby opening the doors to hackers. In March, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted businesses to elevated risks of VPN abuse.
A number of cloud tools are poorly protected. Zoom, for example, has become a lifeline for businesses and schools, but it has serious security vulnerabilities. It's no coincidence that individuals and educational organizations have been the targets of so many cyber attacks during the pandemic; they are (rightly) perceived as the most vulnerable.
Shadow IT use rose when employees sent home from the office had no choice but to use their personal laptops for sensitive work-related tasks, but these devices are rarely protected as well as an office computer.
Phishing attacks rose in part because many employees switched to work remotely almost overnight, without any training to independently recognize phishing scams. The average employee isn't equipped to deal with them, and at home there's no security team on hand to immediately respond to questions and defuse the threat.
Cybercrime adapted quickly to COVID-19 chaos
The coronavirus pandemic increased chaos in the world, and that presented a golden opportunity to malicious actors and hackers of all types. COVID-19 saw cybercrime shift to cynically exploit fears about the pandemic, take advantage of hasty shifts to remote working, attack overstretched critical infrastructure like health industries, and aim at broader targets across organizations. IT teams can't afford to fall behind as the ongoing struggle with cybercrime enters a new phase.
Protect yourself and your personal information at all times on the internet.
- The internet is filled with scammers looking to steal your private information.
- The Better Business Bureau has shared important information on the scams that are currently trending and ways that internet users can avoid them.
- Every internet user should also consider investing in a VPN like Private Internet Access for added safety and security.
If we've said it once, we've said it a thousand times: the internet is not a safe place. As an educational tool and social connector it is amazing, but for all the cute animals and funny memes, there are also scams lurking around every corner. If you're on the grid, you should know how to protect yourself and your information. One way to do that is with a VPN.
VPNs (virtual private networks) like Private Internet Access allow users to mask their IP address and navigate the internet anonymously. When you use a VPN, websites are blocked from tracking your browsing habits, monitoring activity, or even seeing where you are connecting to the internet from. Private Internet Access also comes with an encryption service that defends against monitoring and a firewall that blocks dangerous connections. If you're in a situation where your internet provider or region has certain websites blocked, a VPN can break through those barriers and welcome you to censorship-free browsing.
You should also be able to spot threats on your own. To help, here are a few scams that are currently trending online.
Kobe Bryant memorabilia
Photo: Michael Wa on Flickr / CC BY-NC-SA 2.0
Following his untimely death in a helicopter accident in California on January 26, 2020, the Better Business Bureau issued a warning for fans of NBA icon Kobe Bryant to not "let their mourning cloud their judgment." The BBB wrote that high-profile celebrity deaths often result in phishing scams, sales of fake memorabilia, and the use of clickbait to exploit people and steal their information. The bureau suggests checking the sender's email address before clicking on anything and hovering over all links first to see where they lead. When possible, internet users should do some homework before buying items and sharing account details.
Particularly around the holidays but also all year round, cute animals are an easy way for scammers to trick people into making themselves vulnerable. The BBB has seen a 37% increase in consumer complaints about puppy scams since 2017, with 16,000 complaints coming in the last three years. The organization says that the figure is likely to be much higher but, according to the Federal Trade Commission, only 10% of victims report crimes. An estimated 60% of those who reported scams never received the pets they purchased.
2020 is the year of the census, a nationwide headcount that happens once every 10 years. While people should definitely be wary of scammers knocking on their front doors, the BBB says that those same precautions need to be exercised online. Be suspicious of anonymous/generic emails, never share your social security number or agree to transfer money, and make sure that if you are directed to a website that it has the official census.gov web address.
Gym memberships and weight-loss supplements
A new year means that a lot of people are considering ways to be healthier or more active. Scammers are aware of this and will use gym memberships, supplements, and other fake offers to capitalize on the trend. The Better Business Bureau's tips for avoiding scams are to research companies before signing up, to thoroughly read the terms of agreement and all the fine print, and to not hesitate to call your credit card company if you suspect you have been the victim of a free-trial scam.
When you buy something through a link in this article Big Think may earn a small affiliate commission. Thank you for supporting our team's work.
A new report from Bloomberg describes how Chinese subcontractors secretly inserted microchips into servers that wound up in data centers used by nearly 30 American companies.
- A 2015 security test of a server sold by an American company found that someone in the supply chain had successfully embedded a tiny microchip on a motherboard.
- The company that manufactured the compromised motherboard provides servers to hundreds of international clients, including NASA and the Department of Homeland Security.
- U.S. officials linked the hardware attack to a People's Liberation Army unit, though it's unclear what, if anything, hackers have done or to what they have access.
The Chinese military was able to implant tiny malicious microchips on servers that made their way into data centers used by nearly 30 American companies, including Amazon and Apple, according to a new report from Bloomberg.
It's a wide-reaching and potentially ongoing attack that likely gave Chinese actors unprecedented access to sensitive data belonging to American companies, consumers, government agencies and one major bank.
The Bloomberg report describes how, in 2015, Amazon Web Services had approached a startup called Elemental Technologies to help with the expansion of its streaming video service, Amazon Prime Video. During a security test of the servers Elemental Technology sold as part of its video-compression product line, testers discovered a rice-grain-sized microchip implanted inconspicuously on one of the server's motherboards. The microchip wasn't part of the original hardware design, so its existence could only mean one thing: Someone at some point in the supply chain had surreptitiously embedded the chip.
Americans officials, some of whom had already heard whispers of China's plans to sabotage motherboards headed for the U.S., opened a top-secret and ongoing probe.
Hardware vs. software attacks
The size of the implanted microchip.
It's hard to overstate how ideal it is, from the perspective of a hacker, to successfully conduct a hardware attack, which differs from a software attack in that it alters the physical components of a computer and not just its code. Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc., put it like this to Bloomberg:
"Having a well-done, nation-state-level hardware implant surface would be like witnessing a unicorn jumping over a rainbow," he said. "Hardware is just so far off the radar, it's almost treated like black magic."
Even though the hidden microchips are tiny and hold small amounts of code, they pose outsized danger because hackers working from other computers can talk to the microchips and use them to gain access to networks and manipulate a server's operating instructions, all without alerting security systems. But one downside to hardware attacks is that they leave behind a paper trail.
Tracing the attack
The servers sold by Elemental Technologies were assembled by Super Micro Inc., or Supermicro, the world's leading supplier of server motherboards whose customers include NASA and the Department of Homeland Security. Supermicro is based in California but most of its motherboards are manufactured by contractors in China.
American officials traced the supply chain of the compromised motherboards and identified four Chinese subcontractors that had been building Supermicro motherboards for two years. After monitoring the subcontractors, the officials found that the microchips had been ordered, by bribe or threats, to be implanted on the motherboards by a specialized People's Liberation Army unit.
"We've been tracking these guys for longer than we'd like to admit," one official told Bloomberg.
American companies deny knowledge of the attack
Amazon, Apple and Supermicro have all denied knowledge of the attack or of the investigation.
"It's untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental," Amazon wrote. Apple said that it's "never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server." And, perhaps unsurprisingly, the Chinese government didn't acknowledge the attack, stating that "Supply chain safety in cyberspace is an issue of common concern, and China is also a victim."
Despite the denials, 17 U.S. intelligence officials and company insiders, all of whom remain anonymous, confirmed the attacks to Bloomberg. Read the full report here.
Getting your vote to where it matters can be harder and more corrupt than it should be. Could blockchain technology build a better system and rebuild people's trust?
Anyone who's walked into a voting booth and scratched their preference onto a piece of paper knows the same thing: the voting process suffers from a dire lack of technology. We put a man on the moon in 1969--why are we still voting on paper? Going digital isn't just a matter of convenience, but one of accountability—citizens the world over are increasingly losing trust in the democratic system, from miscounted votes, to denying eligible people the right to vote at all. So just how much can we digitize the act of voting? Perhaps blockchain—a public ledger technology where information is irreversibly recorded—can build a better system. Here, Internet pioneer Brian Behlendorf considers two aspects where blockchain can help, and one where it absolutely can't. Better tech can end voter discrimination at polling stations, and falsely reported totals at the state and national levels, but will we ever be able to vote on our mobile devices from the comfort of a blanket fort? Behlendorf delivers the bad news. Brian Behlendorf is the executive director of Hyperledger; for more info, visit hyperledger.org.
KGB-era "active measures" are still being used by Russian intelligence agencies today, according to experts.
As questions swirl about Russia’s role in the 2016 Presidential elections, the old KGB strategy of “active measures” is getting a closer look. “Active measures” were subversive techniques and policies aimed at influencing people and events in foreign countries to suit Russia’s objectives. Claims of internet-driven hacking and misinformation campaigns by Russia against the U.S. fit well within this Cold War approach.
As described by retired KGB General Oleg Kalugin in 1987, the purpose of “active measures” was “to drive wedges in the Western community alliances of all sorts, particularly NATO, to sow discord among allies, to weaken the United States in the eyes of the people in Europe, Asia, Africa, Latin America, and thus to prepare ground in case the war really occurs. To make America more vulnerable to the anger and distrust of other peoples.”
According to former NSA analyst and security expert John Schindler, these measures are still in use today by Russia, a country led by the former KGB officer Vladimir Putin.
The practice of disinformation is a key example of such “measures”. It could involve stories planted in foreign outlets - essentially “fake news” that would present “an alluring amalgam of fact and fantasy—much of it unverifiable—designed to confuse readers and shift political discussions,” explains Schindler.
Other tactics that are part of what Schindler considers Russia “espionage worldview” include provocations which also work to murky the waters and disorient the enemy to such an extent that they would be defeated before even knowing what happened. Provocations could include planting agitators or even flipping activists to serve your ends.
Conspiracy which involves recruiting agents and running covert operations is another tactic mentioned by Schindler. “Kompromat” which entails using compromising materials is also time-honored KGB staple, used to recruit new spies or agents by blackmailing.
Moscow, RUSSIAN FEDERATION: This undated file picture shows Soviet policemen standing guard in front of the KGB building in Moscow, with a portrait of Vladimir Lenin on it. (Photo credit: ALEXANDER NEMENOV/AFP/Getty Images)
Eugene Rumer of the Carnegie Endowment for International Peace laid out the background on why Russia would want to use “active measures” before a recent hearing of the bipartisan Senate Intelligence Committee investigating Russian interference. For starters, he and the five other testifying witnesses all agreed that Russia was behind a campaign of misinformation in 2016 whose goal was to disrupt the U.S. Presidential elections in 2016.
Rumer said that as every country’s foreign policy is shaped by its history and geography as well as politics, the dissolution of the Soviet Union left Russian national security establishment insecure. They were forced to accept the Soviet empire’s demise in 1991 and had to retreat from the world stage during the 1990s. The 90s, in fact, turned out to be a difficult decade, blamed largely on the influence of the U.S. and other foreign meddlers in Russian politics and economy.
But Russia’s policy in this millennium has been of pushing back on its boundaries, warring with Georgia, annexing Crimea and fighting an “undeclared war” in Ukraine. From the Russian standpoint, their actions are aimed at restoring the balance of power, pushing back against the expansion of NATO at its borders and correcting the injustice of what happened in 1991. It’s Russia’s comeback.
About 100 000 demonstrators march on the Kremlin in Moscow on January 20, 1991. (Photo credit: VITALY ARMAND/AFP/Getty Images)
Soviet Army tanks occupy the area near Spassky Gate (L), the entrance to the Kremlin and St. Basil's Cathedral in Moscow 19 August 1991 after a coup toppled Soviet President Mikhail Gorbachev. (Photo credit should read ANATOLY SAPRONYENKO/AFP/Getty Images)
While Russia’s military has made great improvements to modernize in the past decade, it would not fare well in a direct military confrontation with Western nations. So it pushes back in other ways - namely, using what Rumer called a “toolkit” of old KGB methods, which are cost-effective and generally less risky due to the confusion they cause.
What do we know about the Russian information warfare efforts during the 2016 U.S. Election? There is a consensus among the American intelligence agencies that the Russian government was behind the hacking of DNC emails that were later released via Wikileaks to politically damage Hillary Clinton. An additional goal was to help elect Donald Trump, a candidate preferred by Moscow. The attacks did not just start during the Trump vs Clinton general election, but were in full swing during the primaries as well, possibly aimed at other Republican candidates whose positions were not considered Russia-friendly, including Senator Marco Rubio.
Another tactic used by the Russians appears to be the employment of an army of Twitter bots that were spreading fake news. This information was shared by former FBI agent Clint Watts in his testimony before the Senate Committee on Intelligence. He discovered that the bots were pretending to be swing-voter Republicans from the Midwest.
"So that way whenever you're trying to socially engineer them and convince them that the information is true, it's much more simple because you see somebody and they look exactly like you, even down to the pictures,” explained Watts.
Cars drive past the headquarters of the FSB security service, the successor to the KGB in central Moscow on December 30, 2016. (Photo credit: VASILY MAXIMOV/AFP/Getty Images)
What’s more, Watts, who is now a senior fellow at the Foreign Policy Research Institute and has tracked these tactics for over three years, says the Russian efforts did not stop at the election and are still continuing to try to engage with and support the President’s tweets.
"If you went online today, you could see these accounts — either bots or actual personas somewhere — that are trying to connect with the administration. They might broadcast stories and then follow up with another tweet that tries to gain the president's attention, or they'll try and answer the tweets that the president puts out,” he told NPR.
As far as who specifically is guiding these activities by the Russians, Watts says it’s a “diffuse network” with a number of hackers controlled by “different parts of Russian intelligence and propagandists — all with general guidelines about what to pursue, but doing it at different times and paces and rhythms."
Watts also testified that in 2014 Russian bots supported a petition on the White House website calling to give Alaska back to Russia, from whom Alaska was purchased 150 years ago. That set off an investigation showing how Russia used bots and paid trolls to spread its propaganda.
According to Watts, there are 5 ways in which Russian active measures are designed to topple democracy:
1. Undermine citizen confidence in democratic governance
2. Foment and exacerbate divisive political fractures
3. Erode trust between citizens and elected officials and democratic institutions
4. Popularize Russian policy agendas within foreign populations
5. Create general distrust or confusion over information sources by blurring the lines between fact and fiction
President Vladimir Putin while working as a KGB officer ca. 1990
Another line of investigation by the Senate Intelligence Committee concerns the reported use of an army of internet trolls working from a Russian facility to send targeted fake news to specific regions of America.
Senator Mark Warner (D) said that their committee was investigating the information that the trolls were taking over computers called “botnets” which had the ability to generate regional news.
“It’s been reported to me, and we’ve got to find this out, whether they were able to affect specific areas in Wisconsin, Michigan, Pennsylvania, where you would not have been receiving off of whoever your vendor might have been, Trump versus Clinton, during the waning days of the election, but instead, ‘Clinton is sick’, or ‘Clinton is taking money from whoever for some source’ … fake news,” stated Warner.
What is the payoff Russia may be looking for by taking active measures during the 2016 U.S. election?
Eugene Rumer thinks the operation was a “major” and “unqualified” success for the Kremlin, causing unprecedented chaos within the U.S. and worsening its position worldwide.
"The payoff includes, but is not limited to a major political disruption in the United States, which has been distracted from many strategic pursuits; the standing of the United States and its leadership in the world have been damaged; it has become a common theme in the narrative of many leading commentators that from the pillar of stability of the international liberal order the United States has been transformed into its biggest source of instability; U.S. commitments to key allies in Europe and Asia have been questioned on both sides of the Atlantic and the Pacific. And last, but not least, the Kremlin has demonstrated what it can do to the world’s sole remaining global superpower,” told Rumer to the Senate Committee.
With such a wealth of goals possibly achieved, it’s no surprise, according to Rumer, that Russia will continue to employ “active measures” going forward. The question is - how does America adjust?