[ANALYSIS] How cybercriminals are causing digital pandemic
Forbes magazine estimates that if cybercrime were an industry, it would be worth $2.1 trillion in 2019, equivalent to its damage in terms of business disruption, information loss, equipment damage, and revenue loss.
One anti-malware company last year was detecting a daily average of 30,000 to 50,000 new malicious software on their database. According to the US-based think tank Center for Strategic and International Studies (CSIS), a Chinese government-sponsored hacking group was reported to be targeting unidentified entities across the Philippines in May 2019. By year’s end, 2019 research revealed that the Philippines now ranked number 12 among the top 20 countries where users face the greatest risk of online infection.
By themselves, all these statistics would already scare the wits out of the average Filipino Internet user.
Now, COVID-19 is not only causing thousands of deaths, hundreds of thousands of infections, and shutting down national economies, it is also carving a large swathe of damage in cyberspace.
When the World Health Organization recommended that governments implement what is now widely known as physical distancing and shelter-in-place to slow the spread of the virus, this created a new normal: the ubiquity of companies and organizations switching to a work-from-home set-up.
This in turn has caused another phenomenon: a surge in internet use and the corresponding multi-fold increase in bandwidth requirements.
And like the novel coronavirus suddenly making the jump from animal pathogen to human-transmitted disease, cybercriminals have emerged from the dark shadows of cyberspace to prey on an ever-increasing number of online users.
COVID-19-related cyber threats have grown so bad that both the US Department of Homeland Security (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) have issued a joint alert warnings.
These warnings focused on the increased use of potentially vulnerable services like virtual private networks (VPNs) as well as amplifying the threat to individuals and organizations from state-sponsored/well-organized cybercriminal groups and cybercriminals targeting individuals, MSMEs, and large organizations with COVID-19-related scams and phishing emails.
Currently, both the work-from-home employee and the student undergoing online learning are largely left alone with their computers or laptops and their internet connection – without the benefit of supervision or assistance from their friendly IT guy in the office or in school.
'Open hunting season'
This danger is compounded by the fact that your average user is also not very keen on monitoring or ensuring that they are using software with the latest security patch, or an application that has already been installed with the latest security update.
These office-to-home and school-to-home schemes have now deprived these users of better protection from an ever-increasing number of malicious sites and unprotected emails loaded with malware and phishing scams.
Suddenly these users, employees, students, and teachers who used to enjoy the comforts of having the IT guy and the information security guy are now left alone. Suddenly there is no one on standby to physically resolve or remediate cyber security-related issues.
When laptops, PCs and other computer machines are connected to a home network, the risk of hacking and compromise goes up to the highest level – unlike being connected to the office network where security policies are in place and security mitigations are monitored and implemented.
Unfortunately, cybercriminals have also recognized the opportunity this situation has presented to them. Hackers are attacking not only the weak security implementation of our home networks but also our weaknesses as humans (through social engineering, for example).
They are attacking our curiosity, our eagerness to get the latest news update and even our willingness to help our fellowmen – all these are fair game for targeting through scamming and phishing websites and launching fraudulent mobile apps. (READ: #HustleEveryday: What apps do offices need for an efficient work-from-home system?)
While the whole point of cybersecurity – or securing the user while he/she is using his mobile phone or computer while connected to the Internet (or cyberspace) – is to reduce the attack surface or the total number of vulnerable points an attacker or unauthorized user can disrupt your system, damage your computer, steal your information and other ways to undermine you, the current situation has only served to create what is the equivalent of an “open hunting season” for hackers and cybercriminals.
Targeting health care institutions
The Interpol is currently in the midst of addressing and investigating cybercriminals that were able to target critical healthcare institutions with ransomware in Southeast Asia recently, reporting that: “As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients.”
They added that hospitals were locked out of their critical systems, not only delaying “the swift medical response required during these unprecedented times, it could directly lead to deaths.”
A ransomware attack on a hospital can lock them out of their patients’ database, and more dangerously, from their high-end medical technology equipment that requires access control.
NATO, through its Cyberspace Operation Centre (CyOC), also warned the public that there was “no limit on the creativity of hostile actors to exploit any given crisis” through their attempts to gain the trust of victims using branding associated with familiar names such as the US Centre for Disease Control and Prevention (CDC), the World Health Organization (WHO) and FedEx, as well as country-specific health agencies where unsuspecting users are usually directed to malicious sites or drawn to fake online information sources.
It was claimed that a local group calling itself the Philippine Communist Hacking Group successfully attacked and temporarily took down the websites of the Office of the Vice President, the Housing and Urban Development Coordinating Council (HUDCC), National Anti-Poverty Commission (NAPC), the Department of Health (DOH), and – ironically – the Department of Information and Communications Technology (DICT).
Secure your network
In this new environment, the need to secure the users and their devices along with the need to secure a network and IT infrastructure have become high priority.
A massive compromise would mean a degradation of operational capability of a business organization. A massive breach on personal information is tantamount to a privacy disaster. A massive ransomware infection on medical facilities is tantamount to a death sentence to those who are heavily dependent to the medical services.
If anything, these recent developments in cyberspace in the midst of a pandemic serve only to put cybersecurity where it should be, along with the world’s most pressing problems: front and center.
It is not enough anymore that individuals and organizations worry about ensuring that work and school and service to the public continue, albeit under new and remote (online) circumstances.
It is equally an imperative now to educate ourselves and our co-workers about the rising dangers of our use and/or presence in the internet; our use of technology platforms to communicate across distances and the need to ensure the cardinal principles of confidentiality, integrity, availability, and privacy in information security; and the collective vigilance necessary from citizens, companies, governments, and the community of nations to stave the wave of cyberattacks.
These are truly perilous times – offline and online. – Rappler.com
Angel T. Redoble is currently the CISO and First Vice President of a major telco in Southeast Asia. Francisco Ashley L. Acedillo, a former party list Congressman (16th Congress, 2013-2016), is currently involved in cybersecurity strategy in the private sector.