Coronavirus Cybersecurity Fallout Might Not Be Felt for Weeks or Longer

Kim Borton worked from home while her children created an art project in Beaverton, Ore., earlier this month. Millions of Americans are working from home amid the coronavirus pandemic, and experts say overstretched IT teams might not be able to keep up with updating their networks.

Photo: Craig Mitchelldyer/Associated Press

As millions of U.S. workers frantically pivoted to remote work last week, putting new strains on their computer networks, federal officials warned that hackers smelled blood.

But the fallout from coronavirus-related breaches may not become clear for weeks, months or even longer, experts say. The expected delay highlights how confusion from the pandemic has created long-term security risks that could eat up precious resources as the economy hurtles toward a recession.

“Very well-organized criminal organizations or nation-states—they can wait,” said Nicolas Fischbach, chief technology officer of Forcepoint LLC, a cybersecurity firm that specializes in data protection. “They get to more data. They can learn more about the environment.”

Overstretched IT teams might not be able to keep up with updating their networks, experts say, while nonessential businesses that have effectively closed shop could prove to be easy targets. Those challenges come as workers’ use of private devices and services give attackers ample opportunity to avoid employers’ detection tools.

The public and private sectors already have faced an array of threats. The Federal Bureau of Investigation warned of an uptick in phishing scams against businesses. The World Health Organization told Reuters that hackers targeted it with a malicious look-alike website. And the U.K.’s National Crime Agency confirmed to WSJ Pro Cybersecurity that it is investigating an alleged ransomware attack against Hammersmith Medicines Research Ltd., a drug-testing company that has carried out trials for the ebola vaccine and other treatments.

While some attackers use ransomware for an immediate payout, more sophisticated groups could use the upheaval to penetrate networks and quietly search for bank account numbers, trade secrets or personally identifiable information that is financially or politically valuable, Stephen Breidenbach, a cybersecurity and privacy lawyer at Moritt Hock & Hamroff LLP, said in an email.

“They’ll then start siphoning off those resources as inconspicuously as possible, or wait to hit all the assets in one fell swoop when the company is most vulnerable,” Mr. Breidenbach said, adding that attackers could lie dormant for years. “Some hackers even try to get money from the stock market using nonpublic information they acquire.”

The question is whether companies and governments can also play the long game. Widespread office closures over the past two weeks have overloaded some virtual private networks with remote workers, according to cybersecurity experts. Mr. Fischbach, of Forcepoint, said the most common question clients had last week was how to scale up VPNs to handle the surge in traffic.

Debbie Gordon, chief executive of Cloud Range Cyber LLC, which works with businesses to war-game cyberattacks, said IT teams will continue to be pulled between helping employees maintain productivity and aggressively policing potential breaches. That balancing act—let alone new security investments—might prove difficult for businesses tightening their budgets amid an economic slowdown.

More From WSJ Pro Cybersecurity

“Their focus might not be on the proactive patching and maintenance of the networks as well,” Ms. Gordon said.

The Cybersecurity and Infrastructure Agency at the Department of Homeland Security has urged public- and private-sector workers to patch their systems, be on the lookout for abnormal activity and ensure machines have properly configured firewalls.

But the added wrinkle is that many remote workers may turn to their own computers, email and file-sharing accounts in a pinch, said Paul Martini, chief executive at iboss Inc., a cloud security firm. Often accessed through the public internet, those private tools increase the surface area for attacks and make successful data breaches more difficult for intrusion-detection tools and cybersecurity teams to see.

“My suspicion is we’re going to see a big uptick in terms of the amount of data on these public, information-sharing sites that shows up on the dark web,” Mr. Martini said.

Write to David Uberti at

Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Join Wall Street Journal For Just $1