Ride the Lightning

Foreign Cybercriminals Targeting Americans Working at Home

July 8, 2020

The Hill published a story on July 5 highlighting the warnings of federal officials and cybersecurity experts that foreign cybercriminals are targeting U.S. businesses and Americans working from home on less-secure networks during the COVID-19 pandemic.

According to a senior intelligence official, "We see extensive criminal use of ransomware, some of which are clearly Russian criminals, there is a lot of that there. We do carefully pursue where we see nation state usage, that is certainly an area of intel development as well."

Last month, Symantec's Critical Attack Discovery and Intelligence Team found that a Russian cybercriminal group known as "Evil Corp" was targeting Fortune 500 companies, in at least one case potentially accessing networks of U.S. newspapers by targeting company employees.

Evil Corp was previously sanctioned by the Treasury Department in December for allegedly stealing more than $100 million from banks and financial institutions in over 40 countries.

Russia, China, North Korea and Iran are widely considered by officials and cybersecurity experts to present the greatest cybersecurity danger.

Tom Kellermann, a former member of a presidential cybersecurity commission during the Obama administration, told The Hill that traditional "Cold War adversaries" were currently targeting American companies and their employees.

Kellermann, who currently serves as the head of cybersecurity strategy at cyber group VMware Carbon Black, said his company had tracked a 900 percent increase in ransomware attacks this year (emphasis added) as coronavirus spread around the country, an issue compounded by overstressed internet infrastructure as Americans worked from home and went online more than ever before.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), one of the top federal groups involved in responding to malicious cyber activity, released guidance on July 1 to employees and their companies take steps to defend themselves.

Recommendations included prioritizing cybersecurity training and implementing security safeguards to ensure individuals outside the company cannot gain access to a network.

The National Security Agency (NSA) issued a separate advisory warning of vulnerabilities in virtual private networks (VPNs), which many Americans are using to access sensitive company networks from home.

The agency listed ways to protect VPNs, which are critical to enabling telework, specifically encouraging organizations to implement strong cryptography and patch management on these systems.

Rep. Jim Langevin (D-R.I.), chairman of the House Armed Services Committee's cyber-focused subcommittee on intelligence and emerging threats and capabilities, said "With more people working from home, the attack surface has become much larger than it was several months ago."

Anyone who works in cybersecurity will tell you just how true that last statement is – and the flood of cyber incidents continue unabated.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson