The COVID-19 pandemic has caused unprecedented global social disruption and also altered the threat landscape in the domain of cybersecurity. The landscape is characterised by changing patterns of behaviour and consequently an increase in incidents of coronavirus-related cyberattacks. This trend of exploitation of a global pandemic is not unique. Hacktivists tend to devour victims in the wake of disasters or high-profile events around the world.
In the past, malicious cyber actors have exploited human emotions for financial gains as well as for fear-mongering and spreading disinformation. Notable global disasters such as the Indian Ocean earthquake and tsunami in 2004, the mass shooting events in Las Vegas, and the Zika virus outbreak have all been used as hoaxes.
The current COVID-19 pandemic has also become a playground for the malevolent cyber actors. Amid the pandemic, businesses around the world are encouraging people and other related entities to carry out their business tasks, including financial activities through internet-based solutions or virtual transactions. This increased dependency on cyber tools constitutes an even greater threat to cybersecurity.
Meanwhile, the global workforce continues to change with much of the world practising social distancing. An unprecedented number of people are now working remotely using cyber means, many using it for the first time. Companies are making computational equipment available as part of their workforce with the deployment of collaborative software and implementation of network-based mechanisms for unhindered operations. The epidemic has also set the norm of having a greater reliance on online means, prompting states that are lagging in technology to adopt necessary measures. For instance, the use of cyber means is on the rise in African countries where the governments have stepped up to adopt digital payment methods.
As states are increasingly relying on online conduct of business; it puts at risk the information that is being shared. Since the onslaught of the COVID-19 pandemic, an increasing number of cyberattacks is being reported from around the world, which suggests that malicious actors are on the move to exploit the opportunity to advance their hideous objectives and test their cyber skills.
The World Health Organisation (WHO) has reported a fivefold increase in cyberattacks since the start of the COVID-19 pandemic. According to the report, some 450 active WHO email addresses and passwords were hacked online along with thousands belonging to others working on the novel coronavirus response. The attackers, impersonating WHO in emails, have also increasingly targeted the general public to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund.
According to a survey conducted by IT professionals from Check Point (an enterprise proving network security solutions), phishing is the most prominent threat exploiting the virus outbreak. This use of cyber technology for intrusion into others’ systems is not just for hacktivists or cyber criminals, the domain could be used for state-sponsored or state propagated cyber activities. This is because incorporating cyber means by a state during the pandemic sets in greater vulnerability to its critical infrastructure. Hence, substantially increasing the odds of exploitation to inflict harm on an adversarial state, whether for explicit gains or a means towards an indiscernible end.
In the case of state-sponsored cyber intrusion activities, the National Cyber Security Centre (NCSC) of the UK reported that hostile states including Russia, Iran and China are likely to be behind cyberattacks on universities that are researching the coronavirus. The report suggests that the actors behind these attacks are aiming at stealing the COVID-19 research work being done in different institutes.
The US Health and Human Services Department recently suffered a cyberattack related to its coronavirus response. The attack ultimately did not succeed, and no data was accessed, but officials believe the perpetrators were likely foreign state actors looking to undermine confidence in and the effectiveness of US government institutions.
Following the declaration of the state of emergency in Italy on January 31, 2020, cybersecurity professionals recorded an escalation of cyberattacks. Breach protection company Cynet tracked a spike in phishing attacks during April 2020 in Italy, while non-quarantined countries also experienced an increase in the number of cyberattacks.
Cybersecurity experts identify three potential areas of exploitation; criminal, political, and strategic. In criminal exploitation, cybercriminals are hunting and exploiting weaknesses. According to Check Point Software’s Global Threat Index, coronavirus-themed domain registrations are 50% more likely to be from malicious actors. Under different attractive labels related to the conduct of businesses during the pandemic, phishing attacks and ransomware attacks are being reported targeting hospitals and critical healthcare providers.
In the domain of political exploitation, there are and will also be attempted compromises on critical infrastructures, such as power plants and petrochemical facilities, as well as active disinformation campaigns to spread confusion and undermine confidence in political leadership. For instance, the US Federal Bureau of Investigation (FBI) and cybersecurity experts have accused Chinese hackers of trying to steal research on developing a vaccine against the coronavirus. The hackers are also targeting information and intellectual property on treatments and testing for COVID-19. US officials alleged that the hackers are linked to the Chinese government.
Earlier, on May 7, the Chinese Military was accused of deploying a hacking software ‘Aria-body’. A cybersecurity company in Israel identified Aria-body as a weapon wielded by a group of hackers, called Naikon, that has previously been traced to the Chinese Military. The tool was deployed against governments and state-owned companies in several countries. According to the Check Point report, the tool was deployed against several national governments, including Australia, the Philippines, Vietnam, Indonesia, Thailand, Myanmar and Brunei. The targeted government entities include ministries of foreign affairs, science and technology ministries, as well as government-owned companies.
According to research from Prevailion, a cyber intelligence firm focused on nation-state cyberattack schemes, its APEX platform and sensor network shows that more than 30 state and local governments have already been unconscious victims of nation-state actors looking to spread dissension and disruption. According to the report, among the most affected areas are New York, Ohio, Texas, California, Florida, Washington, DC, Alabama, North Carolina, Louisiana, and Connecticut. There has been an increase in this trend since the COVID-19 outbreak.
In the category of strategic exploitation, the most sophisticated cyber-attackers might exploit the current situation where organisations are preoccupied with business sustenance and not focusing on cybersecurity. They might inject malware inside a targeted company’s infrastructure for later exploitation.
The most prominent example of strategic exploitation during the pandemic is the disruptive attack on Iran that is being linked to Israel. Shipping traffic at Iran’s busy Shahid Rajaee port terminal came to a sudden and inexplicable halt. Computers that regulate the flow of vessels, trucks and goods all crashed at once, creating massive backups on waterways and roads leading to the facility. According to intelligence and cybersecurity officials, Israeli operatives carried out the disruptive attack, presumably in retaliation for an earlier attempt to penetrate computers that operate rural water distribution systems in Israel.
The pandemic has brought to fore another vulnerability where governments are using technology to track corona patients and public movement in an attempt to manage the outbreak effectively. There are increasing concerns over the power and control these tools provide to governments over their population. Incorporating online services and tracking gives way for effective control and ultimately a governance system based on cyber technology. A far greater concern should be the vulnerability of these systems to intrusion and hacking from outside, be a state or a non-state actor. Hacking or intrusion into the tracking system could result in stealing of live tracking data of people in a country which could be an asset for an adversary during times of conflicts and crisis.
Because of these developments, it is evident that times of crisis prove to be opportunities for those looking for vulnerabilities in their opponents. The COVID-19 pandemic is creating economic and political dislocation, disruption of the commercial status quo, and a breakdown in the fabric of global commerce along with uncertainty and fear.
A rapidly growing number of people already understand this. But most still do not know is that malicious cyber actors are also exploiting this crisis by capitalising on increased vulnerability. Increasing cyberattacks would wreak havoc for an already pandemic-struck feeble economic and social system.
There is no doubt that the pandemic would continue to amplify cyber threats. However, every crisis and attending threats also provide a learning opportunity. These opportunities could be lessons from which to adopt new strategies and supporting technologies to evolve the existing cybersecurity infrastructure to be better prepared for future challenges. In the case of the coronavirus threat, the vulnerabilities of the global supply chain and the digital economy are now comprehensible. States are being challenged to rethink the cybersecurity infrastructure and identify areas that are vulnerable to cyber-related threats. There is a need for states to quickly develop and strengthen cyber laws as well as devise joint mechanisms to secure the cyberspace. States and governments must be more resilient going forward in this arena while ensuring stringent mechanisms for cybersecurity.