Coronavirus and Cyber Security Challenges

Author Name: Maheen Shafeeq and Amna Tauhidi       21 May 2020     Cyber

The outbreak of Covid-19 has not only challenged and disrupted the modes of global functioning, but has also provided some state and non-state actors an opportunity to manoeuvre through cyber loopholes to achieve specific agendas.

The declaration of Covid-19 as a global health emergency by the World Health Organization (WHO), pushed the states to take strong measures to curb daily human interactions and protect the public from the pandemic. In pursuance of the standard operating procedures (SOPs) announced by the governments, the organizations and enterprises have increased their reliance on the internet as a primary means of connectivity and digitization.

While human-to-human interactions are on pause, the social and economic activities bulged online. Software and technology giants such as Google, Zoom, Facetime, WhatsApp, WeChat and Slack are being used most frequently during the pandemic to continue working, schooling, shopping, communication, parties and other social engagements.

This transformation of the social sphere towards virtual interactions allowed intruders who made their way to spoil the occasion. This led to a storm of intelligence firms, security agencies, and technology giants to ring alarm bells regarding the growing cyber threats in wake of COVID-19 highlighting the ransom ware emails that inject viruses into systems and malicious economic activities to score hefty payments.

For example, with recent news of the desperate situation in Italy, Wizard Spider was observed deploying files that solely targeted customers of Italian financial institutions, with the intent of stealing credentials for accounts.

As per the Cyber Intelligence Center report, cyber-attacks in the wake of Covid-19 have increased rapidly. The most commonly observed cyber-attacks include phishing attacks, malware spams and ransom ware attacks. These attacks are launched through emails using the subject of COVID-19.

Cybercriminals manipulate human psychology by offering them Covid-19 cures and creating curiosity among people to find more information about the virus as a potential tool to spread malware and viruses.

It was found by cyber experts that 92% of cybercriminals use emails to hack into a computer system. Researchers at IBM X-Force, a threat intelligence platform, discovered that hackers are sending spam emails to infect computers and smartphones with malicious software.

The main goal of this software is to glean personal information and data. The panic due to COVID-19 gave the fraudsters a chance to capitalize on by launching fake websites that pretend to sell face masks and sterilization supplies but they exist only to collect credit card information to gain access to people’s financial details.

International organizations have also fallen prey to cyber attacks. WHO, one of the key agencies working to tackle the pandemic, has also reported a fivefold increase in the number of cyber-attacks. In the last week of April, the WHO reported some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to medical workers and researchers of the novel COVID-19 vaccine.

As per the press release by the WHO, the scammers impersonating WHO emails have also increasingly targeted the general public to channel donations to a fictitious fund and not the authentic Covid-19 Solidary Response Fund.

The omnipresent cyber threats have also rendered health sector data as vulnerable as personal and institutional. As the health sector is stretched to its limit, any cyber-attack on the health sector data can cause havoc on the suffering population.

One such incident has been reported in Brno University Hospital in the Czech Republic that claimed that a cyber attack caused serious intervention in the surgical processes and also re-routed new clinical patients to other hospitals.

Meanwhile, ransomware attacks have become common in medical facilities, as this information is more valuable on the black market than credit card information. Deterrence in cyberspace is, however, a long-standing challenge but there will be dire consequences if a country is caught mingling with another country's public health system.

In this time of acute health crisis, the health sectors have redirected their efforts to medically frame their COVID-response in a manner that pushes states into a fierce competition. This competition has further exposed the vaccine developers and their research centres and made them vulnerable to cyber espionage by state and non-state actors that want access to the cutting-edge of this crucial pharmaceutical endeavour.

While the pandemic poses serious challenges to cyber security, there could be several ways quoted by cyber experts to avert being made the target of such attacks. Several national and international organizations have taken a head start approach to tackle the threat. They have also published COVID-19 related specific cyber security guidelines to secure organizational data.

Artificial intelligence is evolving as a tool adopted by governments and major companies, such as The National Aeronautics and Space Administration (NASA), to defend against cybercriminals and hackers. Moreover, governments, health and financial sectors around the world are investing in machine-learning algorithms to spot deviations from normal working patterns of an organization and the algorithms automatically trigger an alert when unusual activities are trembled upon.

Some cyber experts are of the option that hackers can even work their way to create a copy of normal working patterns of an organization into their tactics and to overshadow the suspicious activities giving a false image.

They suggest, therefore, that the best way to guard against this is to have multi-layered cyber security systems. Multi-layered security will protect data at all levels and across various devices and applications. It can provide proactive, detective and reactive cyber security to secure the data from vulnerabilities.

While the world is grappling with the consequences of Covid-19, cyber security has shown itself to be an important domain that needs the utmost attention of national and global organizations.

States need to focus their attention on developing policies and laws to attend to cybercriminals. Likewise, the global arena needs to ensure that due efforts are made to develop international treaties and laws to catch state and non-state actors involved in cyber and hybrid attacks.

 

Maheen Shafeeq and Amna Tauhidi are working as Research Fellows at Centre for Aerospace and Security Studies (CASS). This article was first published in Daily NHT newspaper. They can be reached at cass.thinkers@gmail.com.