with Tonya Riley
Attempted cyberattacks against several hospitals and an airport in the Czech Republic show the coronavirus pandemic has not slowed down the West’s digital adversaries.
While those attacks were successfully foiled, Czech leaders fear more attacks from highly sophisticated adversaries are on the way. The nation’s top cybersecurity agency has warned it expected imminent “serious cyberattacks” against its health-care sector aimed at disabling computers and destroying data.
Czech officials didn’t name the suspected attacker but the language they used suggested greater concern about hackers backed by a national government rather than criminals.
The attacks should be a warning sign for the United States that global hacking conflicts have not only continued even as the public health crisis rages – but have become even more dangerous as they threaten to disrupt medical care and cost patients’ lives.
“Unfortunately, nation-states see opportunities in the pandemic and they’re going to take advantage of them,” said Chris Painter, a former top cybersecurity diplomat who’s now president of the Global Forum on Cyber Expertise. “This is particularly problematic during a pandemic because it puts people’s lives at stake.”
The stakes are high: A cyberattack that takes the lives of coronavirus patients would likely prompt serious retaliation, Painter notes. That could draw countries into a conventional military conflict.
“It’s a dangerous game when you’re talking about this sort of critical infrastructure,” he said of the Czech targets.
Nation-backed hackers are also trying to steal information from companies that are researching coronavirus treatments.
That's according to FBI Deputy Assistant Director Tonya Ugoretz. She didn’t name the nation responsible for those attacks during an online panel discussion hosted by the Aspen Institute, though U.S. officials have frequently accused China of stealing secrets from U.S. researchers.
The cybersecurity firm Crowdstrike has also tracked multiple government-linked hacking groups launching sophisticated data-stealing operations during the pandemic. Those include groups linked to China and North Korea, the company said.
Hacking by criminal gangs has also continued unchecked, though few thought criminals might temper their actions out of global health concerns.
The attacks come despite world leaders’ calls for a cease-fire during the pandemic. United Nations Secretary General António Guterres called in March for a global cease-fire to all conflicts. Fabrizio Hochschild, a special adviser to Guterres on digital cooperation issues urged a halt specifically to global cyberattacks in an op-ed in Vox — but with little evident effect on the world’s hackers.
“That’s a good statement for the U.N. to make, but the reality is a lot of actors are not going to obey that,” Painter said. “When terrible things happen, like vultures on carrion, a lot of people will come in and try to take advantage.”
U.S. Secretary of State Mike Pompeo responded to the Czech warning by pledging serious consequences for any nation that launched such an attack. He also called on other nations “not to turn a blind eye to criminal or other organizations carrying out such activity from their territory.”
The U.S. has zero tolerance for malicious cyber activity. Such actions will have stark consequences. https://t.co/GWbMTGq8j1— Secretary Pompeo (@SecPompeo) April 18, 2020
The call was amplified by other nations. Here’s one from Lithuania’s U.S. Embassy:
Malicious cyber activity on critical infrastrucure, especially on the health system in the time of #COVID-19 pandemic, is unacceptable and must bear consequences. #Hybrid threats are as real as military ones. We express our #solidarity with the #Czech Republic. https://t.co/zOMXylhSBR— Embassy of Lithuania (@LTembassyUS) April 18, 2020
And from Latvian Foreign Minister Edgars Rinkēvičs:
#Latvia condemns cyber attacks against Czech health infrastucture, this is more outrageous because of #Covid_19 pandemic, we express our support & solidarity with our Czech friends & allies, #NATO & #EU must take such actions seriously & respond appropriately @TPetricek @CzechMFA— Edgars Rinkēvičs (@edgarsrinkevics) April 18, 2020
Painter applauded Pompeo’s tough language but also warned the threats will ring hollow if they’re not followed by actions such as serious sanctions or other consequences.
“When and if this happens, there has to be follow-through, making sure we’re sending a clear signal that this is unacceptable and there are going to be consequences,” he said. “Had we been stronger earlier at imposing consequences when bad things happened (in cyberspace) we might be able to reach an understanding with (adversary) countries now. But there’s no forum to do that.”
PINGED, PATCHED, PWNED
PINGED: House leaders who were initially skeptical about voting remotely during the pandemic are starting to change their minds, despite concerns about hacking.
House Majority Leader Steny H. Hoyer (D-Md.) told reporters he favors voting over Apple's FaceTime, per Sheryl Gay Stolberg at the New York Times. “Other lawmakers have been impressed with an electronic voting system, developed by a private technology firm, Markup.Law, that runs on the Microsoft Teams platform and uses two-factor authentication,” Stolberg reports.
House Speaker Nancy Pelosi (D-Calif.), who was among the biggest skeptics of remote voting, is now backing a plan to allow lawmakers who can't safely travel back to Washington to have a colleague vote on their behalf, Stolberg reports. The low-tech solution avoids the security risks that come with electronic voting, said Rep. Jim McGovern (D-Mass.), chairman of the House Rules Committee, which was tasked with studying the issue. McGovern is hoping to strike a deal with Republicans so they can adopt a rule change to allow proxy voting by unanimous consent and spare lawmakers the trip back to Washington.
But there are still a lot of pitfalls ahead. Rep. Thomas Massie (R-Ky.), who already delayed a House vote on the $2 trillion coronavirus stimulus bill, has promised to block any unanimous consent votes. And, even if the House moves forward on remote voting, the Senate seems far more hesitant.
PATCHED: Telecom regulators failed for nearly two decades to sufficiently scrutinize Chinese telecommunications companies that could threaten U.S. national security, a Senate panel will allege in a forthcoming report.
The lack of oversight allowed Chinese companies that “present an unacceptable amount of risk” to obtain U.S. licenses to operate in the United States, Senate investigators tell Kate O'Keeffe and Drew FitzGerald at the Wall Street Journal.
The regulators, called “Team Telecom,” have already moved to overhaul their oversight in recent months. They recently recommended revoking the ability of China's largest landline provider, China Telecom, to operate in the United States, my colleague Ellen Nakashima reported.
A more aggressive approach from the United States could cause retaliation from Beijing, American carriers warned the Senate panel. But intelligence officials say the benefits outweigh the costs.
“The time for silently watching Chinese state enterprises get a trusted toehold in our critical telecommunications infrastructure has ended,” Adam S. Hickey, a Justice Department official involved with the regulatory team, told the Journal.
PWNED: Hackers are finding new ways to exploit the coronavirus pandemic.
The average number of coronavirus-themed digital attacks tracked each day by researchers at the cybersecurity firm Check Point has increased sixfold to 14,000. The attacks include:
- Malware-laced emails posing as information about pandemic stimulus efforts
- Phony stimulus-related domains to con users into giving up their personal information.
Hackers are also increasingly posing as videoconferencing brands including Zoom and Webex, researchers at Proofpoint found. They found:
- Hackers send emails posing as missed meeting alerts or telling users they need to reset their passwords to steal their log-in information.
- Some emails also come laced with information-stealing malware.
Hacking unrelated to the coronavirus isn't taking a break, either: The social sharing site Pinterest is asking some users to reset their passwords after “an external breach on another service," the company told Cybersecurity 202 researcher Tonya Riley. A “small percentage” of users were affected, spokeswoman Malorie Lucich said, but she could not share a specific number. The issue has since been resolved, she said.
— Leading House Democrats renewed calls for $4 billion in additional election security money and improved protection for voters during the pandemic in a statement released Friday.
“Without decisive action by Congress, the coronavirus crisis may exacerbate dangerous impediments for voters, including closed or restricted access to polling places and public health restrictions that deter voter participation — all of which could result in depressed voter turnout that undermines the will of the American people,” wrote the group, which includes Committee on House Administration Chair Zoe Lofgren (D-Calif.) and Committee on Oversight Chair Carolyn B. Maloney (D-N.Y.).
—More news from the public sector:
— Tech and consulting company Cognizant was hit by a ransomware attack, Zack Whittaker and Manish Singh at TechCrunch report. The company said it's working with law enforcement and declined to comment further.
—More news from the private sector:
THE NEW WILD WEST
— A data breach unveiled a trove of 42 million messaging accounts embroiled in an Iranian spy operation, Ryan Gallagher at Bloomberg News reports. “The Hunting System indicates Iranian authorities are using new and more aggressive techniques to collect and analyze huge troves of information about their citizens,” researchers told Bloomberg.
- The Open Technology Institute will host an online event on work-from-home digital security on April 21 at 11:00am.
Have an event you want our readers to know about? Email firstname.lastname@example.org.