Corporate offices in the United States are beginning to reopen as social distancing mandates tied to COVID-19 ease. The hope is that businesses across the country can return to normal. But a lasting threat from the pandemic exists on the cyber front. Companies are now facing a potential “doomsday” scenario that could play out over months, if not years.
The rapid, and sometimes haphazard, moves this year to embrace remote work has created much less secure communications networks, as employees have worked from personal computers, iPads and smartphones. Cybersecurity companies have tracked a sharp upswing in malware and insider-threat attacks since the Coronavirus pandemic hit the United States in February.
Cyber criminals have seized on the global anxiety created by COVID-19, seeking to penetrate computer systems by posing as healthcare providers or global regulatory bodies, for example. Ransomware attacks on hospitals and other medical facilities have sharply increased in recent months.
But the cyber threats to companies could be magnified as employees return to their physical office spaces and begin operating from within firewalls. The news headlines have been littered with stories of hackers seeking short-term gains by stealing financial, personal and medical data.
Hackers have also sought to steal corporate data or disrupt business activities by infiltrating remote meetings being held on Zoom, Google Hangouts or BlueJeans. Known as “Zoombombing,” these attacks have disrupted everything from college classes in Arizona and California to a local meeting of the NAACP in Florida in recent weeks.
But the bigger long-term challenge is that malware could be imported inside company firewalls as employees return to work. This will allow cyber assailants to embed themselves on networks and essentially lay dormant. They can then steal more valuable and strategic, business or government data at a time and place of their choosing. This could dwarf the damage to businesses caused by the ransomware and other cyberattacks that have occurred to date.
Employees using their assets outside their company’s virtual private network, or VPN, not only increase risk to the corporate data, but also make it difficult for security teams to see what is happening on those systems.
In recent weeks, a global Russian hacking group, known as Evil Corp., has been identified by the cybersecurity company Symantec as seeking to utilize the vulnerabilities presented by remote working to execute ransomware attacks. They’ve specifically targeted U.S. government officials and major American corporations.
Evil Corp., according to a report in the New York Times, infects commercial and media websites with its malware and seeks out email accounts tied to U.S. government or commercial entities. Once these targets matriculate back inside their offices’ firewalls, the Russian gang’s code is deployed. Evil Corp. has sought to lock up critical government or company data and demanded as much as $10 million to release it.
In this environment, companies will need to be on heightened alert as their offices begin to reopen. Employees should practice extreme digital hygiene and use two-step authentication before entering company networks. Company network administrators need to be prepared for attackers laying dormant in their systems.