Image Courtesy: Wikipedia Commons
Amidst the coronavirus epidemic, there is a huge surge in phishing, spamming, cyber-attacks and high threats of a security breach to all the sectors of the economy. National Cyber Security Centre (NCSC) Director of Operations Paul Chichester said: “We know that cybercriminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak.”
An ancient Chinese stratagem dictates: “Chèn huò dàjiē” (趁或大街) or “loot a house when it’s on fire” which means strike when your enemy is most vulnerable. When the world is filled with panic, the hackers use it as a golden opportunity to play hacking games and extract data, or modify it to exploit the scenario. They target people in countries that are majorly affected by COVID-19. Hence we are vulnerable to CYBER ATTACKS in this period. Their targets can be classified into three major areas – the common public, corporates and medical institutions.
With the number of reported cases of the Corona is rising above thirty-five lakhs, this virus has not just got us the disease but also the fear of it. Fear of contracting the virus and not surviving it has put us in a situation where we tend to be more precautious and learn more to avoid it. But this is when we might get into a trap of ‘cyber VIRUS’. Taking advantage of individuals’ fear and need for health care and medical aid, the proliferation of COVID19 inspired cyber-attacks are noticed and reported. One such incident where a healthcare organization in the United Kingdom, treating the COVID19 patients, had to shut down its operations after a cyber-attack to its server.
The most deceiving traps of cyber-attacks are ‘phishing emails’ pretending to be sent from recognised institutions such as the World Health Organisation (WHO), asking you to download a document containing precautionary measures for the disease. This may contain a pre-programmed document to install Trojans and malware into your system as you download it and extract data. Such cases are being reported from the mid of February and are raising from a few hundreds daily to a few thousand.
Other ways could be through website links, which use click baits pretending to show authentic data of infected persons in the nearby locality, to enter into a specific webpage that does ‘cryptoviral extortion’ of information on your system. These are a kind of ransomware attack, where you would need decryption codes to access the infected system which is available with only the hacker, and you get on paying a ransom. This is not just confined to individual data, but also corporate and hospital data.
Also, numerous mobile applications dissimulating to layout information on people infected in the nearby locality are being spread rapidly which are illegitimate to be used. The only way to be wary of these is that, do not fear the disease and refrain from accessing unauthorised websites, mobile applications and emails.
Theft of trade secrets and company’s sensitive information is the most feared cyber threat for corporates. A common technique to hack the organisation’s network and get access to proprietary corporate data is through ‘Cyber-Espionage’. Those employees who work with their personal computers at home receive RSA encrypted codes to access their organisation’s network. When the system lacks a firewall or their Wi-Fi network isn’t secured, then it becomes an effortless task for the hacker. Also, there will be huge amount of remote login activity causing a need for more server access, in which case an unauthorised login request grant and the Denial-of-Service (DOS) attack might ensue. Hence working in a new environment with a low level of encryption is more vulnerable to cyber-attacks.
A cyber incident that happens when the organisation is already operating outside of normal conditions holds a greater potential to spiral out of control. Most of the time a hack occurs, it goes unobserved. Even if a security breach is noticed, there will be delays in identifying the reason for the breach and responding to it as everyone is working remotely.
The solution to it is working within the organizations’ network along with the risk assessment for data loss prevention, and making some changes to their BYOD (Bring your own device) policies. These two sectors are scourged with several isolated attacks, but still, they can be prevented.
The third and most susceptible area in the health sector. When the medical fraternity is putting their efforts to keep the epidemic in control, at the same time they are facing growing threats of unprecedented assaults from hackers. Negligence of cyber-security monitoring and devoid of safety measures could cause more fatality at this time.
Health records being one of the lucrative information over the internet, this is the time when an extensive data breach is noticed in health care institutions. An attack to the institution’s network can occur undetected and without a user interface. The loop-holes in the system could allow a remote attacker to take over and interfere with the function of medical devices and hospital networks.
Once the hacker has control of the device, he may alter its function through denial-of-service, information leaks and logical flaws that could pose legal risks. These acts could cause malfunction of the devices. Thus it is crucial to identify those devices that could be bugged easily. While advanced devices can offer a secure, more appropriate and timely health care delivery, even those might be vulnerable to cyber-attacks. A medical device linked to a communications network could have cyber-security vulnerabilities that could be misused resulting in patient’s harm. Therefore a safe communication network needs to be established among the health care organizations (HCOs).
Data breaches in healthcare resulted in an average of 7,202 patient and employee records lost or stolen. The three most commonly reported types of attacks were phishing (68 percent), malware (41 percent) and web-based (40 percent). There has been a 150% rise in the cyber-attacks faced by the health sector within the past two months (January – March). Their major targets are the health care providers, through whom they would hack the network of a whole medical community.
Hence, the duty of the whole medical fraternity has doubled as to save their patients and to keep an eye on their firewall as well to check for anomalous cyber activity. It’s critical now that cyber-security becomes a top priority in healthcare. The Cyber Threat Intelligence League (CTI-L) is formed briefly to tackle the cyber threats posed all over the world.
Social Security Concerns
Apart from the aforementioned sectors, ‘cyberbullying’ occurs in other sectors as well, in countless ways. Since the countrywide lockdown in many nations, everything happens virtually like conferences, webinars, meetings and even family get-togethers. These meetings can also be recorded remotely by the server handle, and rival countries are eyeing on each other for such data. The zoom application which is still widely used not just in India but other places worldwide is unsafe to use as the calls are routed via their servers in China, helping them store essential data.
Not just China, but Russia, Iran and other nations are also keen in extracting information on COVID-19. There were attempts to extract health record in India by spoofing the ‘Aarogya Setu’ mobile application, launched by the Government of India. These counterfeit apps had been discerned at an early stage to help us diverge away from it.
A joint advisory committee of the United Kingdom and the United States are investigating a number of such incidents. Some of these where ‘cyberpunks’ are targeting pharmaceutical companies, medical research organisations, and universities looking for sensitive data including research on the virus. The most rewarding information now is the data on a vaccine for the CoVID, and hawks are flying just above each locus where the research is being carried out.
We also have the High-Performance Computing (HPC) Consortium- formed by a group of global industries (IBM, AWS, Intel, Microsoft, Dell etc.), academia (Massachusetts Institute of Technology, Carnegie Mellon University, etc.), Department of Energy National Laboratories, and Federal Agencies (NASA, National Science Foundation, etc.) – to speed up the fight against COVID19 by doing extensive research in areas like bioinformatics, epidemiology, and molecular modelling to understand the threat we are facing and to develop strategies to address it.
We can expect more such incidents, either micro or macro level, in the near future as the world is yet to make a comeback from ramifications of the Wuhan virus outbreak. Despite the proliferation of cyber threats, we have the means to be safe. Being aware of numerous modes of getting infected by cyber-attacks would help refrain from them. This will help reduce individual attacks and prevent corporate attacks. For the health care sector, strengthening their communication network, identifying and rectifying faulty devices, and keeping a watch of anomalous cyber behaviour in the whole of their network through CTI-L are some of the methods to avert such incidents. Investing in cybersecurity architecture can help find a way out of this challenge.
(The author is a Research Intern at C3S. Her areas of interest include Science and Technology advancements, Space Science, Satellite Technology and Security. The views expressed are personal)