The Battle of the Digital Bulge
Cyberwar is becoming the second front in the fight against COVID-19. Here’s how you can help while also protecting yourself and your family.
Cybercrime and cyberwar and are most commonly differentiated by intent. The former is usually intended to yield profit; the latter aims to destroy data and infrastructure. Attacking critical infrastructure during a crisis would likely meet the definitions of cyberwar, as disabling critical capabilities such as medical technology systems or essential public utilities would be life-threatening during a public health emergency like the COVID-19 pandemic. But while we all hope that such potentially devastating cyber intrusions are not imminent, we should equally be on guard for lesser, more subtle cyberthreats and actions that could have long-term effects on patient and personal safety, as well as on national security.
Rapidly escalating use of networked technologies in response to shutdowns triggered by the COVID 19 pandemic has resulted in a massive spike in internet activity. Just as the sneak attack in World War II’s Battle of the Bulge capitalized on an exposed area of significant weakness in the defensive positions of Allied troops in the Ardennes forest in 1944, our surge and dependency on internet usage during COVID-19 amplifies our cyber vulnerabilities and presents an unprecedented opportunity for cyber adversaries.
The imminent threats take multiple forms. First, the COVID-19 crisis and the U.S. response to it have resulted in an unprecedented and shocking display of national weaknesses. The lack of a coordinated public health system, critical supply shortages due to an woefully inadequate national stockpile, systems and licensing that fail to cover necessary capabilities across state lines without emergency action — all represent intelligence that would take years of effort for a domestic or foreign adversary to sense, aggregate, and analyze. Yet, we are documenting all this consternation in exquisite detail and broadcasting it, 24/7. Clearly our adversaries are closely watching the chaos and disarray and taking careful notes, not just with regard to our physical capabilities, but also our readiness for cyber conflict.
The Internet Bulge
For any cyber adversary, the present moment offers an ideal time to probe our defenses, test attack strategies, and nourish the potential for destruction. Social media tool use is up more than 50%. Internet traffic is up significantly and it remains to be seen if the excellent actions by internet service providers and heavy-use vendors such as Netflix and YouTube will suffice to keep the internet functioning adequately while a substantial portion of the nation works from home. Internet shopping is surging, as is internet fraud. Another significant contributor to internet traffic has been the rush by health systems to enable telehealth in order to extend their reach and to act as a force multiplier against coronavirus. And while all this is taking place, increased cyberthreats and highly destructive attacks are being sensed and documented. Looking specifically at internet use, Verizon reported that a 22 percent week-to-week increase between March 12th and 19th. Meanwhile, more city- , county-, and state-wide lockdowns are likely on the way.
The Threats
An attack on the World Health Organization (WHO) that discovered on March 13th of this year provides an example of how insidious these operations can be. The attack took the form of a malicious site that had been set up to mimic the WHO’s internal email system in an attempt to steal passwords from agency staffers. This effort, serious as it was, was just one of multiple attacks against the WHO.
One cybersecurity researcher, Blackstone Law Group’s Alexander Urbelis, reported seeing approximately 2,000 coronavirus-themed sites being set up daily in recent weeks, many of them malicious. The emerging cyberthreats are many and varied, and are likely to evolve throughout the crisis. The Cybersecurity and Infrastructure Security Agency (CISA) remains a good resource for information on threats and recommended actions.
Specific Threats While Practicing Social Distancing
The need to practice social distancing adds unique complexity to internet security, largely thanks to the evaporation of remaining separations between home and work in the digital age. Many people are forced to connect their work computers to their home networks, and many have not been given the proper tools to do so securely due to the haste and confusion of patchwork efforts to implement shutdowns and shelter-in-place orders. Further, people are undoubtedly mixing activities such as social media use, private emailing, and work emailing all at once, which greatly increases the exposure of everyone in that home. We must be aware, informed, and diligent if we are to do our part. Just as a single person can be a super spreader during an epidemic, bad technology hygiene can put your family and your workplace at risk. And if your workplace happens to be a healthcare provider, you may also be putting patients at risk. Below are some tips and information that may help.
Virtual Meeting Technologies
First, it’s important to understand that every digital interaction is an opportunity for harm, especially when using virtual meeting technologies. None of these systems are close to perfect, and demonstrated security vulnerabilities have included uninvited strangers being able to join WebEx meetings without passwords, or an adversary being able hijack a user’s webcam via Zoom. Although these specific vulnerabilities have been fixed, there is a range of hazards and behaviors that can strengthen or weaken the security of these tools. Using Zoom as an example: users may be surprised to learn that Zoom can measure and track whether they are paying attention during calls.
Of course, few of us have ever read or understood the privacy policies of these technologies. According to Ritchie Koch, writing for Security Boulevard, the best practices on Zoom include:
- Use two devices during Zoom calls: If you are attending a Zoom call on your computer, use your phone to check your email or chat with other call attendees. This way you will not trigger the attention tracking alert.
- Do not use Facebook to sign in: It might save time, but it is a poor security practice and dramatically increases the amount of personal data Zoom has access to.
- Keep your Zoom app updated: Zoom removed the remote web server from the latest versions of its apps. If you recently downloaded Zoom, there’s no need to be concerned about this specific vulnerability.
— Ritchie Kotch, “Using Zoom? Here are the privacy issues you need to be aware of”
Regardless of which remote meeting tools you and your organization use, educate yourself on best practices and security weaknesses and use them accordingly.
Ensure the Basics Are Covered — Don’t Be that Person
As friendly as we may all be, few of us are up for a hug from a stranger right now. Similarly, as we’re forced to connect through digital means, you don’t be the well-meaning but clueless person who introduces a risk to your family or employer. We all have more time on our hands right now — use some of that time to ensure your basic cyber hygiene is solid. Back up data and systems on all your devices. Use a password management tool. Be sure your antivirus and firewall software is up to date. Update all of your apps, especially ones on work computers. The basics of cyber hygiene are well understood, and by following them, you can avoid being an easy target.
Once the basics are covered, please consider stepping up and contributing some of your time to protecting yourself and others by learning and using more advanced cyber techniques. In Renee DeRista’s excellent “The Digital Maginot Line,” she notes that “In a warm information war, the human mind is the territory. If you aren’t a combatant, you are the territory.” Here are some ways you can enlist and help.
Quantify and Decrease your Personal and Professional Attack Surface
Attack surface denotes the sum of possible digital entry points available to a cyber adversary. Personal attack surface can be estimated as the sum total of accounts, applications, individual devices, and networks that an individual maintains. For a person working at home via a shared family internet connection, the total attack surface is the sum total of the attack surface of each person using that network. Hence, the apps on your child’s tablet actually pose risk to your work computer.
The easiest way to minimize attack surface is to decrease the number of entry points. Review your accounts, subscriptions, and charges, and close everything truly non-essential. De-authorize old devices. Prioritize your most sensitive accounts, such as online banking. Look through your spam folder to find sites you have stopped using and close those accounts. Change your home Wi-Fi password. Change your primary email address and start clean. Pull and check your credit reports…You get the idea. You’ll enjoy the lack of spam and quiet once it is done.
Ensure Access to Patient Portals
The one addition I would recommend to anyone’s personal attack surface during this pandemic is to ensure access to the patient portals of all critical healthcare providers. To conserve the limited number of critical care hospital beds and to prevent contagion in medical facilities, minor cases of COVID-19 are being treated at home using telehealth tools. In such a scenario, having access to your medical records and history is extremely important for ensuring proper care. Most health systems use toolsets like MyChart to enable patient access to healthcare records. Be sure you have ready access to your personal health information at all times.
Become a Student of Threat Data
Use this opportunity to both do some recreational reading and increase your knowledge of cyber threats. There are many great sources of cyber threat intelligence, and the case studies read like a gripping crime or spy novel. Some of the best services, such as FireEye, require paid subscriptions, but many don’t. The CIS Center for Internet Security is one example; ThreatPost is a personal favorite due to the truly great writing by many knowledgeable contributors. There are also news sites that do a better-than-average job describing recent hacks and emerging threats. Of these, CSO online is among the better choices although, as with many news sites, some of their content is behind a paywall.
Troll or Be Trolled
Misinformation about the coronavirus pandemic has become such a severe public health threat that the WHO has declared it an “infodemic.” The threat is well understood and the problem is being mapped and fought by experts, but there’s also much that each of us can do to help. We’re all exposed to content daily that we know to be of low credibility or even outright false and dangerous. Now is the time to stop scrolling and do something about it. When you encounter misinformation on social media, take the time to “click and report” those posts and links. Don’t ignore something that may cause harm to someone else. Not only will you be helping others, but, over time, your own feed will contain less garbage. Go through your spam folder and “report, block and delete” all the garbage that has come in — don’t just delete these messages without reporting them. And when you have friends and family who engage in discussions of questionable merit on social media, take the time to direct them to higher-quality sources if you have that knowledge. If you see a campaign local to your neighborhood or school system enlist some friends and flood the thread with positive, accurate messages. Every little bit counts.
None of us really knows what our world will look like a year from now. However, the changes caused by the COVID-19 pandemic are likely to be profound and long-lasting. There’s no need to sit on the sidelines, however. Each of us can play a positive part in both fronts of the battle.
Stay well,
Eric
Originally published at https://forge.duke.edu on March 31, 2020.
