Bloomberg Law
June 25, 2020, 8:00 AM

INSIGHT: Lying in Wait—Cybercriminals and Covid-19 Tactics

Colin Jennings
Colin Jennings
Squire Patton Boggs LLP
Ericka Johnson
Ericka Johnson
Squire Patton Boggs LLP
Patrick  Morris
Patrick Morris
Squire Patton Boggs LLP

As businesses slowly and cautiously reopen, cybercriminals lie in wait; patiently hunting for a lucrative opportunity to strike.

In May, a well-organized Nigerian crime ring utilized a massive database of previously stolen personal information to fraudulently submit thousands of false unemployment claims. By patiently waiting for the right opportunity, i.e. the recent flood of legitimate unemployment claims, the crime ring defrauded several states’ out of hundreds of millions of dollars.

Their lie and wait tactics are not unique and have much broader implications—cybercriminals will continue to capitalize on the chaos of Covid-19 to infiltrate IT systems and patiently look for the right opportunity to strike. For that reason, companies reopening should consider conducting a comprehensive cyber-audit to identify their cyber vulnerabilities and thwart lurking cybercriminals.

Pandemic Brings More Remote-Access, Greater Cyber Threats

The rapid shift to teleworking prevented many businesses from adequately evaluating their remote-access software or properly training their employees. As a result, cybercriminals have leveraged this opportunity to increase attacks on unsuspecting employees and vulnerable IT environments.

Much like human viruses, malware and computer viruses also possess incubation periods. During this incubation time frame, malicious software can perform discrete actions, with intelligence gathering and data collection as part of the end goal. These often symptom-free, covert actions create a perfect environment for cybercriminals to move laterally within a company’s IT environment, harvesting user credentials, and accessing sensitive information, all while searching for the most opportune moment to attack.

For these reasons, breaches that may have occurred during the periods of stay-at-home orders may not have not been identified or even fully appreciated.

As stay-at-home orders expire and businesses reopen, cybercriminals may find more lucrative opportunities to attack. By way of example, higher volumes of financial transactions, particularly with international businesses, may make it easier to mask fraudulent wire transfers.

Likewise, as employees return to work, increases in research and development, proprietary information, or third party confidential information may provide more sensitive information to steal. For companies desperate to return to manufacturing after a prolonged closure, a debilitating ransomware attack may reap higher ransom payments. Further, as sales increase, companies that collect customers’ information may yield more personal information to take.

Without proper oversite, malicious software can remain undetected in IT environments for years. Cybercriminals can therefore take their time to decipher the ideal occasion to attack.

Mitigating the Risk of Attack During Reopening

As part of their reopening strategy, companies should consider undergoing a comprehensive cyber-audit to identify cybersecurity threats and vulnerabilities in their policies, procedures, and IT environment. While a cyber-audit can be conducted in-house, a team comprised of both a third-party IT vendor and outside counsel may provide greater expertise and attorney-client protections of privilege over the process.

A cyber-audit will, in part, analyze whether a company’s cyber-related policies and procedures comply with applicable laws and meet industry standards by benchmarking existing policies against these criterion. While each company’s policies and procedures will vary by industry, organizational size, and the jurisdiction in which they operate, benchmarking against these criterion will help identify cyber vulnerabilities specific to each company.

While a review of all cyber-related policies can seem overwhelming, a good place to start is a company’s Incident Response Plan (IRP) and cyber insurance policies. An IRP is an organized and systematic plan designed to address and manage the aftermath of a cyber-incident.

Companies should determine whether their IRP is still effective (or even feasible given the rapidly increased remote workforce) and should conduct a simulated cyber incident to refresh employees on its use. Equally important, a company should review its cyber insurance policies to ensure its cyber risk profile is still adequately covered.

A cyber-audit will also evaluate the technical internal controls within a company’s IT environment to identify vulnerabilities or existing intrusion. An IT vendor can conduct a penetration test, spear phishing exercise, and a variety of other ethical hacking methodologies, which probe for the same weaknesses cybercriminals seek out.

By mimicking what cyber criminals would attempt, and anticipating how the system could be compromised, an IT vendor can identify gaps in a company’s IT defenses and provide remediation strategies as appropriate.

Following this comprehensive gap analysis, a company should then develop a remediation strategy by considering its risk exposure, business priorities, and costs involved.

While all companies are cost conscious, cyberattacks generally cost more in business interruption, regulatory investigations, litigation, and reputational harm. Therefore, as businesses reopen, a cyber-audit is a cost-efficient risk mitigation strategy to protect against those cybercriminals lying in wait.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Author Information

Colin Jennings is a partner at global law firm Squire Patton Boggs. He has been selected as primary outside counsel for global compliance work by more than 35 public and privately held global companies, and regularly provides guidance and counseling in connection with these companies’ ongoing compliance efforts for both their domestic and international operations, including, when necessary, investigation and defense of compliance-related concerns.

Ericka Johnson is an associate at Squire Patton Boggs, and assists multinational companies in developing and implementing effective anticorruption compliance policies and strategies for domestic and international operations. As part of her compliance practice, Johnson advises companies on cybersecurity risks, internal compliance measures and incident response protocols.

Patrick Morris is an associate at Squire Patton Boggs and represents international and domestic clients in white collar criminal matters, government enforcement actions, and internal investigations.

All are members of the firm’s Government Investigations & White Collar Practice.

Learn more about Bloomberg Law or Log In to keep reading:

Learn About Bloomberg Law

AI-powered legal analytics, workflow tools and premium legal & business news.

Already a subscriber?

Log in to keep reading or access research tools.