July 5, 2020

Volume X, Number 187

July 03, 2020

Subscribe to Latest Legal News and Analysis

July 02, 2020

Subscribe to Latest Legal News and Analysis

Lying in Wait: Cybercriminals’ COVID-19 Tactic

As business slowly and cautiously reopens, cybercriminals lie in wait.  A case study into a massive unemployment insurance fraud shows that cybercriminals patiently hunt for  lucrative opportunities to strike.  For that reason, companies reopening should consider conducting a cyber-audit to identify their cyber vulnerabilities and thwart cybercriminals lying in wait.

Pandemic Brings More Remote-Access, Greater Cyber-Threat

Beginning in March, states implemented stay-at-home orders throughout the United States, baring non-essential workers from reporting to the office. Since then, companies have attempted to allow their employees to function much as they did in their office settings, relying heavily on remote access to corporate servers. However, the rapid shift to teleworking prevented many businesses from adequately evaluating their remote-access software or properly training their employees.  As a result, cybercriminals have leveraged this opportunity to increase attacks on unsuspecting employees and vulnerable IT environments.

Threats in the New Remote Environment

According to the Department of Justice, cybercriminals have created hundreds of fraudulent websites with domain names that contain words such as “covid19,” or “coronavirus,” and, in some cases, purporting to be run by, or affiliated with, public health organizations or agencies.  Cybercriminals utilize these websites to deploy secret malicious software onto systems so that devices used for teleworking navigate to them.  Such websites have been used to trick individuals into entering personally identifiable information, including banking details.

Similarly, a joint alert by the United States Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), and the United Kingdom’s National Cyber Security Centre (NCSC), warns that cybercriminals use COVID-19-related themes in their email and SMS phishing campaigns. These emails and text messages generally contain a call to action, encouraging the victim to visit a website that malicious cybercriminals use for stealing valuable data, such as usernames and passwords, credit card information, and other personal information.

Under the right circumstances, malicious actors can utilize these schemes to gain access to a company’s IT environment.  In particular, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.

Case Study of Lying in Wait Tactic

A recent case study indicates that cybercriminals may use the chaos caused by the COVID-19 pandemic to incubate their malware, waiting for an optimal opportunity to strike.  On May 14, 2020, the Secret Service issued an alert regarding a well-organized Nigerian crime ring exploiting the COVID-19 crisis to commit large-scale fraud against states’ unemployment insurance programs.  The cybercriminals, who had amassed a substantial data base of personal information, submitted and received unemployment benefits on behalf of hundreds, if not thousands, of individuals, totaling hundreds of millions of dollars in fraudulent unemployment payments.  The cybercriminals used personal information belonging to first responders, government personnel, and school employees to submit claims in the states of Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, Wyoming, and possibly more.

In effect, this criminal organization halfway around the world spied an enormous opportunity to utilize its data base of personal information to commit widespread fraud.  As the personal information was likely stolen during past consumer data breaches, this lie and wait tactic shows cybercriminals patiently crouching for the most opportune moment to pounce.

This tactic is salient to companies planning to reopen, a time that may present a lucrative opportunity for cybercriminals to attack (e.g., companies may have higher cash flows, engage in more financial transactions, etc.).  Much like human viruses, malicious software can incubate while remaining undetected in IT environments for years.  During incubation this malware can perform discrete actions, with intelligence gathering and data collection as part of the end goal.  These often symptom-free, covert actions create a perfect environment for cyber criminals to identify a favorable moment for their assault.

Mitigating the Risk of Attack during Reopening

In order to mitigate the risk of a cyberattack, companies should consider undergoing a cyber-audit as part of their reopening strategy. A cyber-audit comprehensively identifies cybersecurity threats and vulnerabilities in policies, procedures, and the IT environment.  In addition, a cyber-audit assesses a company’s level of preparation to respond to a cyberattack.  This includes evaluating the incident response plan and cyber insurance policies to ensure that coverage is commensurate with the level of cyber risk.  Finally, a thorough cyber-audit should also determine solutions for any vulnerabilities identified, particularly in addressing the greater risks associated with a continued remote workforce.

While a cyber-audit can be conducted in-house, a team comprised of both a third party IT vendor and outside counsel will provide greater expertise and attorney-client protections of privilege over the process.  By leveraging cyber experts and conducting a thorough cyber-audit, companies can defend against the risks of cybercriminals lying in wait.

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume X, Number 154


About this Author

Colin R. Jennings, Squire Patton, Governmental Investigations Lawyer, Complex Criminal Matters Attorney

Colin R. Jennings is a trial lawyer focusing on complex civil and criminal matters, including responses to governmental investigations and enforcement actions. As a natural extension of his litigation practice, Colin has an active global compliance and data breach response practice. He has successfully tried numerous civil and criminal matters in various federal and state courts.

Colin’s criminal practice involves representing public and private corporations and business professionals in response to federal, state and local criminal...

216 479 8420
Ericka A. Johnson, Squire Patton Boggs, government investigation attorney

Ericka Johnson is an associate in the Government Investigations & White Collar Practice. She previously served for six years as Judge Advocate in the United States Marine Corps (USMC), where she specialized in complex litigation and providing international legal advice to general officers.

While in the USMC, Ericka was responsible for all facets of investigating and defending Marines accused of misdemeanor and felony violations of the Uniform Code of Military Justice. She represented clients accused of crimes in Jordan, Guantanamo Bay, Spain, Afghanistan, Japan, the Philippines and North America, and litigated nine jury trials, including five major felony cases, more than 40 administrative hearings and multiple guilty hearings. She conducted hundreds of witness interviews, routinely prepared clients and witnesses for live testimony, and zealously pursued discovery and engaged in motions practice to challenge and limit the evidence used against her clients.

202 457 6110