An international group of nearly 400 volunteers with expertise in cybersecurity formed to fight cyberattacks related to the novel coronavirus.
According to Reuters, the group is called the COVID-19 CTI League, for cyber threat intelligence, and spans more than 40 countries, including professionals in senior positions at major companies such as Microsoft and Amazon.
One of four initial managers of the effort, Marc Rogers, said the top priority would be working to combat hacks against medical facilities and other frontline responders to the pandemic, Reuters reports. The group is already working on hacks of health organizations and has already dismantled a campaign that used a software vulnerability to spread malicious software.
Another goal of the group is the defense of communication networks and services that have become essential as more people work from home, said Rogers, head of security at the long-running hacking conference Def Con and a vice president at security company Okta Inc OKTA.o, reports Reuters.
The group is also using its web of contacts in internet infrastructure providers to squash garden-variety phishing attacks and another financial crime that is using the fear of COVID-19 or the desire for information on it to trick regular internet users, says Reuters. “I’ve never seen this volume of phishing,” Rogers said. “I am literally seeing phishing messages in every language known to man.”
“I have never seen this level of cooperation,” Rogers added. “I hope it continues afterwards, because it’s a beautiful thing to see.”
Security magazine spoke to Joseph Carson, chief security scientist and Advisory CISO at Thycotic, who is a member of the group and has signed up for Cyber Volunteers 19 to help with Health Services in the UK. "This is a great opportunity to support the IT security super heroes who are keeping the health care and critical supplies working to save lives," he says.
Atif Mushtaq, CEO and founder at SlashNext, agrees, "This is a wonderful idea and great way for the security community to unite and pitch in during the COVID pandemic to help vital medical and infrastructure defend against the rise in phishing attacks and bad actors taking advantage of the situation. To be really meaningful the security community will have to continue to work together, cooperate, share resources, and defend critical organizations like health care from the increase in phishing attacks so they can focus on their goal of caring for coronavirus victims."
"The security community as a whole, specifically those with expertise in phishing and social engineering threats, needs to support the effort and be involved," adds Mushtaq. "This would require unilateral cooperation and support from corporations, executives, employees, white hat hackers, coders, researchers, and any other security professional who could assist in the effort."
Mushtaq says SlashNext and their team are also considering how they can get more involved in this initiative. "Our team of security professionals are focused and dedicated to defending organizations against phishing and social engineering, so are positioned to assist in this situation with a team of cybersecurity experts in Silicon Valley and overseas," he noted.
Apurva Kumar, Staff Security Intelligence Engineer at Lookout, notes that cybersecurity practitioners and researchers have long advocated for information sharing initiatives. "So we applaud this idea," says Kumar. "Just as the theme of RSA this year was ‘The Human Element,” it is going to take a community effort to be our most successful during this global crisis."
Kumar expects that this will be a meaningful initiative. She adds that there are already many private information sharing initiatives that exist as email lists for the purpose of identifying emerging threats in various industries. "Many competitors are happy to work with each other privately for the greater good, from both security vendors and researchers to law enforcement and CISOs from industries such as healthcare and banking. As long as we can develop a similar coalition for these efforts I expect similar positive results," she says.
She also notes that they see a role for our organization in this effort and that it is already actively engaging with the cybersecurity community.
Chris Morales, head of security analytics at Vectra, also notes that this is a good idea. "I like the idea of the community coming together for altruistic reasons. I believe that this will organically work itself out into what can and cannot be done. Hopefully, this is an effort that will continue beyond even just today’s current crisis.”