Title: FBI flooded with pandemic cybercrime complaints

Author: Politico

Date: 17.04.2020

Abstract:

RISING TIDE OF CYBER SCAMS — The coronavirus pandemic has sparked a massive increase in the number of cybercrime complaints flowing into the FBI these days, a bureau official said Thursday. The agency’s Internet Crime Complaint Center, which typically received 1,000 complaints per day before the pandemic, is now receiving 3,000 to 4,000 per day, according to Tonya Ugoretz, a deputy assistant director of the FBI’s Cyber Division. “Not all of those are COVID-related,” she said during an Aspen Institute webinar, “but a good number of those are.”

Coronavirus-related schemes “really run the gamut,” said Ugoretz, who cited domain names spoofing personal protective equipment vendors and phishing emails promising government checks or private loans. The FBI has also “seen people set up fraudulent COVID charities” or “promise delivery of masks and other equipment and then not deliver,” she said. When the pandemic first began, she added, “there was this brief shining moment” when officials thought that exploiting the crisis “might be beyond the pale” for criminals. “Sadly, that has not been the case.” Ugoretz also discussed how nation-states have been hacking U.S. health care organizations involved in virus research.

The webinar also included a presentation by Marc Rogers, co-founder of the COVID-19 Cyber Threat Intelligence League, a volunteer coalition of cyber experts who fight back against hackers. The group’s roughly 1,400 members have taken down nearly 3,000 malicious virus-related domains as of April 14, said Rogers, including sites impersonating the World Health Organization, the United Nations and the CDC. The group has also used open-source platforms like Shodan to find more than 2,000 vulnerabilities in “high risk” health care organizations, including 22 remote code execution flaws.

Rogers’ cybersecurity group has been careful not to recruit volunteers from countries under U.S. sanctions, a choice that he said provoked “a very heated discussion.” “We see this as a humanitarian project, but in order for us to have the deep collaboration we have with government and law enforcement, we have to … be careful about how we walk that line,” he said. “Trust and the ability to share information is critical to the success of this project.” The group’s apolitical defensive activities will still end up helping innocent people in blacklisted countries, he noted. “By doing that, I think we can protect the whole world.”

CMMC & COVID-19 — The coronavirus pandemic is unlikely to disrupt the rollout of the Pentagon’s new digital security standards, a senior official said Thursday. “I don’t think it’s going to be impactful to the schedule” for implementing the Cybersecurity Maturity Model Certification, Katie Arrington, the CISO to the undersecretary for acquisition and sustainment, said during a Bloomberg webinar Thursday. “Maybe we’ll have a two-, three-week slip on actually doing the first audits, the pathfinders, but nothing that’s significant,” she added. Arrington said she is working with the nonprofit board that oversees training of third-party auditors, as some of that education “has to be done in person.”

DoD will begin putting the CMMC level requirements as language in select contracts this year, with the goal of implementing the cyber standards throughout the entire acquisition community by 2025. “The model and all of that is on track,” according to Arrington. “We really haven’t slowed down because a lot … was able to be done from teleworking capability. We’re waiting to see what happens.”

TECH GROUPS SUGGEST CYBER COVID-19 SPENDING — The next coronavirus legislative package should include funding to boost cybersecurity for the remote workforce, such as money for training IT executives and upgrades for VPNs, a coalition of tech groups said in a list of principles released Thursday. The groups — the Information Technology Industry Council, Alliance for Digital Innovation, the Computing Technology Industry Association, the Center for Procurement Advocacy, Internet Association and the Cybersecurity Coalition — sent their ideas to congressional leaders and the Office of Management and Budget.

GONNA GO AHEAD AND CALL THAT ‘A LOT’ — Google said that it saw 18 million daily malware and phishing emails related to Covid-19 last week. It also said in the same blog post on Thursday that it saw 240 million daily spam emails related to the virus. The company boasted that it is blocking 99.9 percent of spam, phishing and malware from its users. “We have put proactive monitoring in place for COVID-19-related malware and phishing across our systems and workflows,” company officials wrote. “In many cases, these threats are not new — rather, they’re existing malware campaigns that have simply been updated to exploit the heightened attention on COVID-19.”

THIRD TIME’S THE CHARM — CISA re-upped an alert on Thursday about attacks on Pulse VPN servers and offered new detection methods, including a tool the agency created. “CISA has conducted multiple incident response engagements at U.S. Government and commercial entities where malicious cyber threat actors have exploited” the vulnerability “to gain access to victim networks,” the latest of three alerts on the subject reads. Despite a patch issued last April, “CISA has observed incidents where compromised Active Directory credentials were used months after the victim organization patched their VPN appliance.”

WILL THE U.S. BE NO. 1? — The Harvard Kennedy School Belfer Center for Science and International Affairs this summer will release an index of 30 prominent countries that matches the nations’ objectives with their capabilities. “The Belfer Cyber Power Index reconceptualizes the notion of ‘cyber power’ at the country-level to reflect the different objective(s) that each country is pursuing — demonstrated through national strategies, rhetoric and action — and their ability to achieve these objectives,”