How the COVID Pandemic Makes Us More Vulnerable to Cyber Intrusions

By Mark Pomerleau, MCPA Public Affairs Officer and Chris Kubecka

May 29, 2020

Even under normal circumstances, cyber criminals and nation states are seeking any advantage and vulnerability they can exploit. However, the increasing prevalence of teleworking, spurred by the novel coronavirus (COVID-19), is creating a new set of cyber targets. These new targets, which are generally less secure, provide malicious cyber actors a larger attack surface to exploit.

“Even in a pandemic, these types of nation state attacks are not really ceasing. Because of our situation, we could be in a slightly more vulnerable situation,” Chris Kubecka, Founder and CEO of HypaSec and an Air Force veteran, said in the Military Cyber Professionals Association’s third installation of Lockdown Lunch & Learn (3L) Tuesday, May 5. 

For business and government entities, actors are seeking to gain access to information that could be exploited for financial or strategic interests. 

In the medical field, for example, Kubecka explained that the current pandemic has substantially increased the value of research data. Proprietary vaccine research directly correlates to a strategic economic advantage. She mentioned that whoever can get an effective vaccine to market first, seeks to gain the greatest financial reward. That first mover would be able to sell the vaccine globally and/or inoculate their own citizenry, ending the economic slowdown created by mandatory social distancing measures.

Increased vulnerabilities 

To highlight the increased number of vulnerabilities, Kubecka provided a chart outlining vulnerable digital assets. The data was derived from the previous Friday using multiple Internet-wide scanning systems (Censys.io, Shodan.io, and Robtex) in order to identify the top ten nations with the greatest number of digital assets with an IP address that aren’t protected by a firewall. Distilled more simply, Kubecka said the graph demonstrates which nations have the most to risk as well as those with the most vulnerabilities.

Image: Numbers of scanned devices (red) and discovered vulnerabilities (black) by country. The services scanned for vulnerabilities included FTP, RDP, SSH, SMB, and VNC.

The United States had the most digital assets showing on the Internet in the world by far with over 47 million. The next closest nation, China, had 8 million.

That number of devices was then compared to the total number of vulnerabilities. She noted that one asset might have multiple vulnerabilities.  

The United States showed almost 12.5 million exploitable vulnerabilities within its geolocation for digital assets, according to Kubecka’s data. 

Reality of working from home

The pandemic has also forced many to work from the confines of their own homes as opposed to secure offices. 

Kubecka explained that the majority of people’s home Internet set ups likely aren’t as secure as they should or could be, and are less likely to be secured than those employees’ office networks. Commercial firewall systems are upwards of roughly $2,500, she said, which most businesses won’t pay to supply each of their employees. Moreover, work laptops are connected to consumer grade modems with consumer grade security, and most individuals don’t understand how to upgrade their own systems and security. 

She said there has been evidence of certain types of botnet attacks targeting Internet service provider routers. In order to upgrade the modems, ISPs maintain a remote administration capability. However, the remote administration access can be compromised by an attacker and used to access the router, especially since the routers aren’t upgrading themselves.

While some organizations may mitigate some of these risks with a virtual private network (VPN), Kubecka noted that VPNs are often misconfigured (including using default certificates) or unpatched, which attackers can pinpoint to gain access to the private network. As an example, she raised the Democratic National Committee (DNC)’s usage of a VPN to secure their network, which was used as a breach point by the Russians.

This reality will be especially pertinent given after the COVID crisis, telework will be more widespread. Kubecka noted that working from home is now the reality despite how many companies previously said employees can’t. Proving it’s now possible, many employees will now want to continue working from home. Therefore, companies will need to seriously consider the security implications of residential networks in order to protect their sensitive data.

About the Authors

Mark Pomerleau is the MCPA Public Affairs Officer (PAO) and a journalist whose work has focused on information warfare, cyber, electronic warfare, intelligence, and defense technology. His work has appeared in The Hill, The Atlantic, Defense News, C4ISRNET and Fifth Domain.

Chris Kubecka is the founder and CEO of HypaSec, a nation-state incident response, and a national defense advisor in IT/IOT/ICS. She tackles areas of cyberwarfare and defending critical infrastructure.