This year is only four months old and it’s already one for the history books — and not in a great way.
As the defense community works in tandem with the broader government to keep citizens safe and healthy, cybersecurity threats are only becoming more aggressive.
If we’ve learned anything about cyber adversaries, it’s that they will seize on any opportunity to gain an advantage in targeting their victims, including exploiting the fears of the public during a global pandemic. As COVID-19 has moved from the East to the West, adversaries have followed suit, using lures that play into people’s desperation for information on the disease. In “The Art of War,” Sun-Tzu said“In the midst of chaos, there is also opportunity.”
The COVID-19 virus is infecting more than just people. The pandemic has created chaos and handed adversaries an irresistible opportunity to exploit the situation to gain entry into our networks, whether that’s to steal intellectual property, disrupt operations, or gain a strategic advantage if they are a nation-state actor.
Already, we are seeing an increase in phishing campaigns using COVID-19 as a hook to launch malware in emails disguised as alerts. Particularly vulnerable are the thousands of remote workers — government employees and contractors alike — who are using their own home networks, which are largely less sophisticated and secure than their work environments.
The stakes are high, particularly for those in defense jobs, where an errant click can have devastating consequences. Coincidently, 2020 is the year when the DoD’s Cybersecurity Maturity Model Certification has grown teeth and will force more than 300,000 defense contractors to up their cybersecurity game or face bottom-line consequences. Now is not the time to make mistakes.
In CrowdStrike’s recent Global Threat Report, we captured and analyzed real-world inputs from observed trends in cyber-attacks on commercial and government enterprises. The following are some of the notable attack vectors and trends we observed across the public sector during 2019:
- An escalation in ransom demands, including ransomware attacks on defense supply chain providers, schools and local municipalities.
- Surpassing the volume of malware attacks are malware-free attacks that use code which executes from memory or stolen login credentials.
- Continued state-sponsored targeted intrusions aimed at the government and defense sector. In fact, we have witnessed adversaries exploiting fear around COVID-19 to socially engineer their way to user credentials and sensitive data.
In the months ahead, I contend we’ll see many more of the same tactics from the same bad actors: Russia, China and newer players on the block, such as Iran, which has leveraged U.S. social media platforms to develop information operations campaigns.
Amidst massive change, periodic chaos and long-term disruption, the defense community — government and industry — must put a premium on speed. Speed to detect. Speed to investigate. Speed to mitigate. We recommend that agencies and companies implement cybersecurity practices that follow the 1-10-60 Rule: detect intrusions within 1 minute; investigate and gain a comprehensive understanding of the attack within 10 minutes; and contain and remove the threatening adversary from the network within 60 minutes.
This benchmark will limit the damage caused by inevitable attacks. Yes, inevitable. Cyberattacks are a constant and while building a bigger, wider and thicker wall may help keep bad actors out, they are persistent and determined enough to eventually get in, and when they do, you’re on the clock.
This year will only get worse as the impacts of COVID-19 will be deep, damaging and long-lasting. We’re all faced with loss and uncertainty as we attempt to recover from the global pandemic. For the defense community, there is no time to recover and regroup. You are already on the clock, as those who wish to do our nation harm are already hard at work.
James Yeager is vice president of public sector for CrowdStrike, a cybersecurity threat intelligence firm.