How is the coronavirus pandemic exacerbating cybersecurity risks?
The coronavirus outbreak has forced the global population to become more digitally dependent than ever. Already, nearly every enterprise today requires the internet for almost all business operations, and the outbreak has only intensified this by necessitating that employees work from home. In doing so, the attack surface multiplies incomprehensibly, giving malicious actors more opportunities to pounce. The sad truth is that despite the sombre climate, there really is no rest for the wicked.
The World Economic Forum (WEF) reminds us that cyber attacks in the midst of the outbreak are more than just a nuisance – they can be deadly. In particular, the WEF explains that "broad-based cyberattacks could cause widespread infrastructure failures that take entire communities or cities offline, obstructing healthcare providers, public systems and networks."
It didn't take long before cyber criminals would sink their teeth into opportunities to attack the organisations crucial to the pandemic and disrupt information flow. By March, both Worldometers.info (a primary source for coronavirus statistics) and the US Department of Health and Human Services fell victim to cyber attacks.
In the UK, Hammersmith Medicines Research (HMR) suffered an attack while the facility performed COVID-19 vaccine trials. HMR were sadly unable to pay the ransom, and the hackers released the data to the public. Overall, hospitals, research hubs, and even the World Health Organization (WHO) are reporting more hacking attempts during the outbreak.
Ransom is one of many reasons malicious actors may wish to attack a medical facility. Other motivations include simply causing disruption and panic or to sell intelligence on the black market. Whatever the aim, the consequences are dire, proving a viscous cycle: the coronavirus outbreak exacerbates cyberterrorism, but cyberterrorism is also hindering the progress we can make in overcoming the disease.
Cyber attacks are increasingly infiltrating our homes too
However, larger bodies are not the only targets experiencing a surge of attacks. The 'infodemic' – a term the WHO coined to describe the abundance of information, accurate or otherwise – is giving malicious actors ammunition to attack too.
Understandably, people are searching online for prevention methods, cures, and so on. Of course, this is a highly dangerous endeavour in itself given that there is so much information out there that is purposefully false or misleading. Worse still, it also presents an opportune time for actors to strike and capitalise.
In particular, phishing attacks are becoming increasingly common. Malicious actors are taking advantage of the situation by posing as various authorities to distribute malicious links. Often, these links promise intelligence regarding data local to the recipient or treatments and cures. Of course, amid all the panic and chaos, such offerings are enticing to recipients who are fearful in the current climate.
By following through on the instructions provided in the phishing attack, the recipient will be coaxed into handing over their credentials. If not that, then they may be tricked into installing malware by clicking through on the links.
Phishing is becoming even harder to spot given the increasingly sophisticated nature of the attacks. Today, malicious actors are gaining enough intelligence on their targets that they could even pose as the recipient's colleagues. For example, if you were to receive an email that appeared to be from your ops team/CEO/HR that discusses how your company is responding to the crisis (with a "click here for more information" and all the rest that follows), you would be hard-pressed to recognise that it is actually from a cyber criminal.
In the same way that people are exercising vigilance for their physical health at this time, they must also do so to ensure their online safety. It is especially important that people only pay attention to information that comes first-hand from reputable sources. Just like you shouldn't take medical advice from a post on a Facebook group, you must also not succumb to any links for cures, treatments, or information unless it comes directly from a legitimate authority. For tips on how to spot coronavirus-driven phishing attacks, check out this article.