COVID-19 and Cyber Risks

COVID-19 has claimed thousands of lives across the world since its outbreak in Wuhan, China. The temporary lockdowns to mitigate the spread of the virus has resulted in significant negative economic repercussions. Consequently, majority of corporate operations have adopted the work-from-home model, compelling people to operate in less secure environments. Weakened security barriers have opened up avenues for hackers, spammers and scammers to thrive. These nefarious actors are using varied techniques of social engineering, spoofing or phishing to gain access to confidential and sensitive information.

Surge in cyber risks

The pandemic has created a visible surge in cyber exploitations.1Work-for-home might be the safest option for individuals health-wise but the same is not true for the data and services that such individuals have to access remotely. Remote connections make it difficult for most of the threat detection tools to differentiate the genuine from the malicious.

Cybersecurity threats in such an environment are generally higher as unlike the networks of the workplace, which have due security measures like web filtering, required encryption, anomaly detection monitors or firewalls in place, the cyber networks at home usually do not have the same defence mechanisms. Moreover, the Virtual Private Networks (VPN) may not always be secure. Reports note that even some leading corporate VPNs have major vulnerabilities that organisations don’t always take the time to patch.2

Some reports indicate that ‘thousands’ of COVID-19 scams and malware sites have been created.3 Many of these sites are being used to disseminate malware files, host phishing attacks, or commit financial fraud,including tricking individuals into paying for forged Covid-19 cures, kits, vaccines or supplements.

On March 13, one of the Czech Republic’s biggest testing laboratories, Brno University Hospital, was hit by a cyberattack.4 As a result, the hospital had to postpone urgent surgical interventions and transfer patients with acute conditions to a different hospital. Additionally, they also had to shut down their entire IT network. This attack also impacted other branches of the hospital, including the maternity and the children’s wings.

Earlier in that week, Champaign-Urbana Public Health District’s website in the US was attacked by new ransomware called NetWalker.5 Ransomware is a malicious software that locks people out of their own systems. Victims receive a ransom demand for the encryption key to regain access to their data. This ransomware camouflages itself within essential Windows functions to evade anti-virus detection. Health district employees became aware of the ransomware attack on March 10 when they lost access to files.

In India too, an email feigning to be an official notification related to the closure of schools and hall in Delhi has been circulated and those who have clicked it for further information have got their systems and phones compromised.6

Even the World Health Organization (WHO) has stated that it is aware of many ‘suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency’.7There have been several reports of fabricated emails claiming to be from WHO employees asking the recipients to provide confidential details or click on malignant links.

These attacks have not just been limited to monetary gains, but have also been related to more insidious operations. Android applications positing as a genuine COVID-19 tracking map from the Johns Hopkins University for instance was found to be a spyware linked to a surveillance operation against mobile users in Libya.8

Securing the work-from-home model

Hospitals and banks are common targets as many malicious actors believe that the urgent need to function for these critical entities would push administrators to give in to their demands quickly. A cyberattack on a health care or financial sector entity during these critical times would have severe repercussions. Some cyber security firms like Coveware and Emsisoft have offered free ransomware curative services to healthcare organisations for the duration of the pandemic.9 The CEO of another firm, SafeGuard Cyber, has called for close coordination between cyber-security teams and stakeholders to secure all cloud environments.10

With employees having to operate outside the secured workplace, managing machine sprawl — when the numbers of virtual machines on a network increase, securing hundreds of thousands of endpoints becomes a much bigger challenge. Organisations therefore need to underscore the need to maintain cyber hygiene in these tumultuous times. These could relate to reminding employees about the importance of managing updates and security patches on their individual devices or home systems, circulating an updated list of websites that should be avoided, among others. Additionally, there is a need to follow a zero-trust approach at all levels and perform risk-assessment on a regular basis. Scrupulously adhering to such aspects as multi-factor authentication, whereby a user’s identity is verified by using multiple credentials, is essential. Equal attention should be paid to emergency response planning and disaster recovery,in order to minimize damage post-incidence. Given that the inimical impact of the COVID-19 pandemic will be long-drawn, organisations should work towards putting in place a tailor-made work-from-home cyber defence strategy.

Views expressed are of the author and do not necessarily reflect the views of the Manohar Parrikar IDSA or of the Government of India.

Keywords: COVID-19, Cyber Security, Cyber Weapons