Originally posted by the Voice of America.
Voice of America content is produced by the Voice of America,
a United States federal government-sponsored entity, and is in
the public domain.


Coronavirus Putting US Cyber Vulnerabilities in the Crosshairs

Jeff Seldin

   WASHINGTON - The race to slow the spread of the coronavirus in the
   United States is placing an unprecedented burden on the country's cyber
   infrastructure, potentially making it as vulnerable as it has ever
   been.

   At issue are the U.S. government agencies, thousands of businessesand
   millions of Americans, who suddenly have been forced to telework and
   rely on the security of their internet connections and good cyber
   hygiene, to keep businesses and services running.

   The result, some officials warn, is an opening for anyone who would
   like to strike a virtual blow.

   "We're mindful that our adversaries often see opportunity in situations
   like these," a U.S. official toldVOA on the condition of anonymity,
   given the sensitive nature of the subject.

   Both the FBI and private cybersecurity firms'Żwarn the assault is
   already well underway.

   "We're seeing a significant amount of threat in email, leveraging
   social engineering at scale to do a variety of attacks,"
   saidSherrodDeGrippo, senior director of threat research and detection
   at Proofpoint.

     Watch out for emails claiming to be from the [1]@CDCgov or others
     saying they have information about the virus, and don't click on
     links you don't recognize. For the most up-to-date information about
     [2]#COVID19, visit the CDC's website at [3]https://t.co/VAxaOUzfeu.
     -- FBI Washington Field (@FBIWFO) [4]March 16, 2020

   Some of the emails are designed to look like they are coming from
   legitimate agenciessuch asthe U.S. Centers for Disease Control and
   Prevention (CDC) or the World Health Organization (WHO), using fear of
   the coronavirus to get a recipient to click on a malicious attachment
   or link.

   DeGripposays the largest attack involved about 300,000 emails, and that
   new variations are coming in constantly.

   "We're just seeing this being used across every potential attack style
   that you can possibly do," she said. "It's incredibly widespread."

   So far, almost all the attacks Proofpoint has documented have come from
   cybercriminals.'Ż'ŻBut the potential for damage is significant.

   Teleworking and the cyberthreat

   Some attacks are focused on phishing, looking to steal user IDs and
   passwords. Others involve installing malware (malicious coding)
   designed to steal data or to access financial accounts and steal money.

   And while those sorts of attacks are not new, many of the individuals
   being targeted are inexperienced.

   "We are now in the situation of 100% work from home for a huge number
   of employees in corporate America,"DeGripposaid. "They don't have the
   same technological protections and control at their home that they did
   have in their office."

   "You really completely shifted the attack surface," she added.

   For years, cybersecurity experts in government and the private
   sectorhave warnedthatthe networks Americans rely on are not secure and
   that many may have already been compromised.

   Lastweek, a bipartisan report by lawmakers and experts warned the
   United States is still not prepared.

   'Ż"The status quo in cyberspace is unacceptable," according to the
   intergovernmental U.S. Cyberspace Solarium Commission. "The current
   state of affairs invites aggression and establishes a dangerous pattern
   of actors attacking the United States without fear of reprisal."

References

   1. https://twitter.com/CDCgov?ref_src=twsrc%5Etfw
   2. https://twitter.com/hashtag/COVID19?src=hash&ref_src=twsrc%5Etfw
   3. https://t.co/VAxaOUzfeu
   4. https://twitter.com/FBIWFO/status/1239591031034830848?ref_src=twsrc%5Etfw

.