Episode #2: Social Engineering and the Escalations of Cyber Scams (Brian Finch)

Joel Simon: So, I understand, Brian, that clients are dealing with two types of threats that have skyrocketed during the current crisis?

Brian Finch: The first wave is really just a continuation of attacks we’ve seen in the past, where news items are transformed into ways to get people to reveal their passwords, user ideas, or potentially, divert money from accounts into fraudulent bank accounts. With respect to COVID-19, we’ve seen these types of scams since January. Emails would be sent out saying, “Hey, if you want to know the latest about the coronavirus outbreak, go to this website…,” and then it evolved into “Where’s coronavirus in America?” and now it’s transforming into, “Do you want your stimulus check soon? Check on them on this website.” All come preloaded with malware, and that’s been a great way for criminals to steal information and that’s what we’ve seen record surges from a number of cybersecurity intelligence firms.

Simon: Are these like the old Nigerian scams that were going around five to10 years ago?

Finch: That’s actually a wonderful way to put it. This really is just the old Nigerian scam updated. Instead of using a Nigerian prince who has millions of dollars to wire, now it’s simply, “Hey, reveal some details to us and we’ll give you the latest about COVID so you can stay healthy.” It’s actively being used over and over again and just modified. For example, I’ve spoken with a company who realized that they sent a six-figure wire transfer to a scammer posing as a legitimate vendor who had sent them an email. They wondered whether their loan agreement might have covenants or reps and warranties implicated by having sent that wire. In the end, they were lucky because their insurance policy saved them from any losses but they proceeded to make changes to their internal controls and payment system. It shows how even sophisticated businesses can be fooled by these scams.

Simon: What can you tell us about the second problem that you mentioned, Brian, the state sponsored cyber-attacks?

Finch: We’re now seeing the fruit of latent network infrastructure that has been set down over the past couple of years by sophisticated bad actors—like Iran, China, North Korea and others. We’re seeing an addition of increased cyberattacks from all those entities, and this is the moment they’ve been waiting for because with the unprecedented rapid transition from working in the office to working from home, there have been unbelievable surges in remote traffic. That creates so much noise that these hackers can use all their techniques and tools—whether it’s compromised networking gear or stolen passwords into these virtual private networks that every business relies upon. All that gives them cover to sneak in while the IT professionals are busy looking in the other direction—just trying to maintain those networks—and steal really valuable information. Or even lay in malware that could potentially be very destructive. It’s very disturbing that there is a lot that’s going on in this world and we’ve seen multiple reports now from law enforcement, from private sector cybersecurity professionals, that these attacks are spiking dramatically. In fact, one cybersecurity company noted recently that they’ve seen one of the largest waves ever from China of cyber hacking and that was in the middle of the coronavirus outbreak in China. So, while China was locking down virtually the entire country, it was also launching an enormous hack into the United States and other areas. And then, on top of that, we just saw a report from the FBI late last week that they are seeing a significant spike in attacks on hospitals, testing labs, pharmaceutical companies, etc. So, we can see the fruit of all of this and what that really means—making sure your users have a reliable, stable network connection. You need to be monitoring those connections for cyberattacks because the adversaries are coming. We know North Korea is out trying to hack for money as much as possible. I mentioned the Chinese—we know our other adversaries are out there doing that, so it’s urgent that everyone pays attention to this cyber risk because the warning levels are off the chart at this point.

Simon: That’s a pretty scary thought, Brian. You must end up working with more than just the IT guys at a company on this?

Finch: Right. It really becomes an existential crisis for the company, so we do wind up working with everyone in the team, as well as the risk colleagues within the firm and external allies like law enforcement from secret service and the others. We need to pull together at that time—an entire crisis management suite really—and so you need your counsel, you need instant response firms who are going to be able to help find the adversary. Public relations, to talk about the right way to message that this break-in has happened and what the damage that may be occurring to your business. You need to talk to your insurance broker, your insurance carrier and even insurance coverage attorney. You need to speak with a regulator if private information has been stolen. In fact, that can generate some disclosure requirements to state or even federal regulators. So it really becomes an all-in effort that’s very time consuming and distracting. And particularly at a time when many companies are really focused on survival, it’s the last thing you need to happen. And just because a hack occurs, that doesn’t mean that someone did something wrong, but it does mean that everyone needs to pay attention and do their best to not only stop what you can stop, but make whatever does happen have as minimal of an impact as possible.

Simon: Thanks for those insights, Brian.