Power

Experts warn: Pandemic is 'perfect time' for foreign hackers to strike

'Nation states play the long game -- they have their list of targets and wait for the right moment.'

Hacker looks for backdoors

Companies are increasingly vulnerable to cyber intrusions due to various disruptions caused by the coronavirus outbreak.

Photo: Eclipse Images via Getty Images

Cybersecurity experts fear that the chaos caused by coronavirus provides an opportunity that hackers will take advantage of — and there's already evidence that foreign adversaries, including Russia and China, are launching coronavirus-related cyberattacks.

Companies are increasingly vulnerable to cyber intrusions due to various disruptions caused by the coronavirus outbreak. Many are making sweeping changes to their networks, asking most or all employees to work from home, and may have to deal with critical IT workers getting sick or having to juggle work with taking care of kids. It all adds up to an opportunity that the most sophisticated hackers have been waiting for, said Nico Fischbach, global CTO of cybersecurity firm Forcepoint.


Get what matters in tech, in your inbox every morning. Sign up for Source Code.


"Nation states play the long game — they have their list of targets and wait for the right moment to get in their systems … This is the perfect time. There's so much noise and so much change," he said.

Those fears were amplified earlier this week after reports of an apparently unsuccessful attempt to compromise the Health and Human Services Department's computer systems. In a Monday press briefing, a reporter asked HHS Secretary Alex Azar if the attack originated from a foreign country like Iran or Russia. Azar said that HHS is investigating the source of the activity, but he didn't want to speculate. Attorney General William Barr told the Associated Press there would be swift and severe action if the attack is linked to a foreign government.

Ben Read, senior manager for cyber espionage analysis at FireEye, said there are already signs that some countries are taking advantage of coronavirus fears. FireEye has been involved in investigating some of the most high-profile nation-state attacks in recent years, including the 2014 attack against Sony that was linked to North Korea and the 2016 attack on the Democratic National Committee that was attributed to Russia.

Since late February, FireEye has observed two Chinese groups targeting entities in Vietnam, the Philippines, Taiwan and Mongolia with phishing attacks that use legitimate statements by political leaders and authentic statistics and advice for people worried about the disease. Malicious files included in the emails carry various payloads that can do things like log a user's keystrokes or provide a backdoor into a device, allowing the hackers to access it at a later time.

FireEye said it also intercepted a similar phishing email sent to Ukranian entities from an espionage group that supports Russian interests. The content of the email appeared to be copied from a legitimate document. Another phishing attack directed at a South Korean nongovernmental organization was linked to North Korean hackers. That email, sent in late February, included governmental health-related instructions and was titled "Coronavirus Correspondence."


Phishing email A phishing email recently intercepted by cybersecurity firm FireEye uses legitimate coronavirus-related information to lure victims. The link leads to a login page designed to steal a user's credentials — similar phishing emails have included malicious documents that infect a victim's computer with

Courtesy FireEye

It's impossible to know how successful these and other attacks have been so far, but Read suspects organizations are falling for it. "If something isn't working they would usually change things up, and we've seen these kinds of attempts increase, not decrease, so I assume it's working." He added that other factors, like the fact that "every company you've ever given your email address to is emailing you to tell you what they're doing" makes it more likely that people have their guard down when spotting phishing attempts. "People are very hungry for information right now," he said.

Some organizations might find out that they've been compromised only when an attack is carried out, Fischbach said. "It's very likely that we'll find out six to 12 months from now [that many organizations have been breached]," he said.


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


One bright note is that the attacks don't seem to be more technologically sophisticated than the ones companies typically deal with, Read said. Standard security procedures, anti-malware tools, and phishing email detection software will still prevent many of these attacks, he said. But additional user education is needed to help identify suspicious emails that carry legitimate coronavirus information. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency recently warned companies of such attacks, and advised them on how to improve their cybersecurity posture during the pandemic.

Although FireEye has identified coronavirus-related attacks from China, Russia and North Korea, it hasn't noticed any linked to Iran, Read said. That could be because Iranian phishing attempts haven't been detected, or because the virus has hobbled the country's hacking apparatus. "There are big questions in my mind that we don't have answers to. How do these outbreaks affect Iranian cyberespionage if the people behind the keyboards are getting sick?" he said. "We're still seeing Chinese activity, but you might see more of an impact in Iran because they have a pretty severe outbreak and fewer resources than the Chinese government."

Power

How the creators of Spligate built gaming’s newest unicorn

1047 Games is now valued at $1.5 billion after three rounds of funding since May.

1047 Games' Splitgate amassed 13 million downloads when its beta launched in July.

Image: 1047 Games

The creators of Splitgate had a problem. Their new free-to-play video game, a take on the legendary arena shooter Halo with a teleportation twist borrowed from Valve's Portal, was gaining steam during its open beta period in July. But it was happening too quickly.

Splitgate was growing so fast and unexpectedly that the entire game was starting to break, as the servers supporting the game began to, figuratively speaking, melt down. The game went from fewer than 1,000 people playing it at any given moment in time to suddenly having tens of thousands of concurrent players. Then it grew to hundreds of thousands of players, all trying to log in and play at once across PlayStation, Xbox and PC.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

While it's easy to get lost in the operational and technical side of a transaction, it's important to remember the third component of a payment. That is, the human behind the screen.

Over the last two years, many retailers have seen the benefit of investing in new, flexible payments. Ones that reflect the changing lifestyles of younger spenders, who are increasingly holding onto their cash — despite reports to the contrary. This means it's more important than ever for merchants to take note of the latest payment innovations so they can tap into the savings of the COVID-19 generation.

Keep Reading Show less
Antoine Nougue,Checkout.com

Antoine Nougue is Head of Europe at Checkout.com. He works with ambitious enterprise businesses to help them scale and grow their operations through payment processing services. He is responsible for leading the European sales, customer success, engineering & implementation teams and is based out of London, U.K.

Protocol | Policy

Why Twitch’s 'hate raid' lawsuit isn’t just about Twitch

When is it OK for tech companies to unmask their anonymous users? And when should a violation of terms of service get someone sued?

The case Twitch is bringing against two hate raiders is hardly black and white.

Photo: Caspar Camille Rubin/Unsplash

It isn't hard to figure out who the bad guys are in Twitch's latest lawsuit against two of its users. On one side are two anonymous "hate raiders" who have been allegedly bombarding the gaming platform with abhorrent attacks on Black and LGBTQ+ users, using armies of bots to do it. On the other side is Twitch, a company that, for all the lumps it's taken for ignoring harassment on its platform, is finally standing up to protect its users against persistent violators whom it's been unable to stop any other way.

But the case Twitch is bringing against these hate raiders is hardly black and white. For starters, the plaintiff here isn't an aggrieved user suing another user for defamation on the platform. The plaintiff is the platform itself. Complicating matters more is the fact that, according to a spokesperson, at least part of Twitch's goal in the case is to "shed light on the identity of the individuals behind these attacks," raising complicated questions about when tech companies should be able to use the courts to unmask their own anonymous users and, just as critically, when they should be able to actually sue them for violating their speech policies.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | Workplace

Remote work is here to stay. Here are the cybersecurity risks.

Phishing and ransomware are on the rise. Is your remote workforce prepared?

Before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

Photo: Stefan Wermuth/Bloomberg via Getty Images

The delta variant continues to dash or delay return-to-work plans, but before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

So far in 2021, CrowdStrike has already observed over 1,400 "big game hunting" ransomware incidents and $180 million in ransom demands averaging over $5 million each. That's due in part to the "expanded attack surface that work-from-home creates," according to CTO Michael Sentonas.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.
Protocol | Fintech

When COVID rocked the insurance market, this startup saw opportunity

Ethos has outraised and outmarketed the competition in selling life insurance directly online — but there's still an $887 billion industry to transform.

Life insurance has been slow to change.

Image: courtneyk/Getty Images

Peter Colis cited a striking statistic that he said led him to launch a life insurance startup: One in twenty children will lose a parent before they turn 15.

"No one ever thinks that will happen to them, but that's the statistics," the co-CEO and co-founder of Ethos told Protocol. "If it's a breadwinning parent, the majority of those families will go bankrupt immediately, within three months. Life insurance elegantly solves this problem."

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Latest Stories