As we enter the fifth week of the social distancing requirements, we have settled into a “Groundhog Day”-like existence. Cyber Security professionals have been defending their environments against the massive number of phishing and denial-of-service attacks. The problem with these attacks is they are noisy and typically unsophisticated. Most of the tools of the trade, even older ones, have become attuned to these obvious attacks and cyber security workers are prepared. An interesting article was posted last week in the WSJ (See here) that wonders aloud if we have a larger issue that is more insidious and dormant. The average dwell time in a network is greater than 200 days based on numerous threat reports so what awaits us once this crisis passes. Are our analytics tools good enough to detect that dormant attacker that is moving behind the scenes and doing reconnaissance on our networks and, more importantly, our data? I have predicted that we will have a post-COVID breach “boom” where companies who were unable to detect these breaches will start uncovering these invaders. We have already seen a number of companies openly attacked by aggressive criminal groups, but those are just the ones that have been made public.
In another interesting note, Cyberscoop reported (See here) that the Australian government will hack criminals who try to take advantage of the pandemic. I would love to hear about these counter-hacking exploits and whether they were effective in reducing the attacks. It raises a question – normally, governments have been cautious about counter-hacking unless there was a clear and present attack from another nation state and these attacks are usually shrouded in secrecy. This is the first time that i can remember where a government has threatened cyber criminal groups. These are strange times that we live in and this pandemic brings with it numerous new challenges that have never been encountered before. If the Australian government’s threat (and counter hacks) were effective, would that signal a new way for governments around the world to target cyber groups? What would it take for governments to take on these criminal groups? If disrupting commerce during a pandemic does not rise to the level of governmental action, what does?