Though the effects of the COVID-19 pandemic are, indeed, unprecedented, our global relationship with pandemics is more cyclical and less Orwellian than it may seem to a majority of the world, as depicted here.
As this illustration demonstrates, infectious diseases have spread across the globe throughout the migration of humanity, though not all infectious diseases reach the pandemic level that COVID-19 has. As technology continues to advance, our expectations increase, sometimes without the consideration of how historical context can inform our present and predict our future.
For example, during the 2008 to 2009 economic recession, the Association of Certified Fraud Examiners (ACFE) released a study focused on the impact economic recession have, concluding that the financial pressures of economic crisis can lead to an increase in fraud.
The International Monetary Fund (IMF) economists and the World Economic Forum (WEF) predict that the COVID-19 pandemic could lead to a substantial reduction in GDP (Gross Domestic Product), as low as a 7.4% reduction and as high as a 35% reduction. Assuming these predictions are accurate, fraud levels could increase by 30.3 % and possibly double if the GDP decreases by 35%. Though these are rough estimates, historical data predicts that a substantial increase in fraud is a likely consequence of an economic downturn.
In fact, many malicious campaigns are using COVID-19 as a springboard to launch social engineering attacks via phishing attempts, business email compromise (BEC), malware, ransomware, and malicious domains.
As the number of malicious campaigns targeting people's insecurities and fears increases, federal agencies in countries such as Australia, the United Kingdom, the United States, and New Zealand have been striking back by shutting down newly registered malicious domains that were leveraging the pandemic to achieve sinister goals since January of 2020.
Cyber Criminals are using natural disasters and major world events like the COVID-19 pandemic to drive their business results and cater to market demand by selling virus-themed malware assets with virus-related discount codes on the dark web. In fact, since February of 2020, IBM X-Force has observed a 4,300 percent increase in coronavirus-themed spam and phishing attempts. Assets like these and others are bought and sold though Bitcoin. Bitcoin's exchange rate has varied according to the instability in the market caused by COVID-19.
The exchange rate of one Bitcoin has ranged from being worth $8,914.00 USD to $9424.67 USD within a short period of months.
Essential health services have also been hit by ransomware attacks which have traditionally focused on Distributed Denial of Service (DDoS) attack threats. A DDOS attack floods a server, service, website, or network with internet traffic. If the traffic overwhelms the target, its server, service, website, or network is rendered inoperable.
However, recently, cybercriminals have pivoted to issuing direct extortion attempts through ransomware after compromising victim organisations by stealing or encrypting their data. Once the data is compromised, targets are then given ransom notes with instructions to pay the ransoms in Bitcoin in order to buy back their cryptographic keys to unlock their own data. In many cases, organisations comply to protect lives and data. Many of these organisations also use cyber insurance in anticipation of these types of scenarios. The use of cyber insurance has led to a series of repeated attacks since many cyber insurance companies pay ransoms to protect their clients' interests and to meet their privacy obligations.
Though cybersecurity is top-of-mind for many organisations, cybercrime is quickly evolving. Recent attacks have threatened victim organisations with the release of data records to the public, many of which contain the private information (PI) of patients. These attacks are continuous. In fact, Australia and New Zealand have experienced at least four of these attacks in the last week. Both AUSCERT and NZ CERT have issued advisories on various ransomware attacks. The pressure to pay the ransoms immediately in these cases is intense in both countries but possibly more so in Australia due to the Notifiable Data Breach (NDB) legislation and others.
Threatpost warns that “double extortion,” or double-tap, attacks like these will continue to hit ransomware victims in 2020 and will target hospitals which not only collect and house sensitive health-related data, but are also on the front lines of the COVID-19 pandemic. According to Cybersecurity researcher "PeterM," several hospitals have been targeted by the Ryuk ransomware. Hammersmith Medicines Research, a London-based healthcare provider that worked with the British government to test COVID-19 vaccines, was also recently hit by a ransomware attack by the Maze ransomware group who later posted the stolen data online during April 2020.
“We’re especially worried about hospitals having to face this threat,” said Check Point and Palo Alto researchers. “With our focus on coronavirus patients, addressing a double extortion ransomware attack would be very difficult. We issue caution to hospitals and large organisations, urging them to back up their data and educate their staff.”
Though it's tempting to rely on cyber insurance alone, it is no substitute for a resilient security posture. Insurers can — and will — refuse to cover events that could have been avoided. Organisations can prepare for a number of what-ifs by creating adequate redundancies, practicing disaster scenarios, and ring-fencing critical systems. For specific risks that cannot be avoided, cyber insurance can be a viable option — but it's crucial to read the fine print. An organisation must be fully prepared with a Business Continuity Plan (BCP), which is regularly practiced and tested at least annually. Organisations must protect clients' data under their respective privacy acts or country legislation.
According to recent statistics, working remotely due to social distancing requirements has risen to 84%. Remote work necessitates tools such as virtual conference capabilities using Virtual Private Networks (VPNs). Currently 99% of all IBMers are working remotely from home, and approximately 75% of all organisations are working remotely.
To combat the risks with this shift to remote work, organisations must ensure that their employees are equipped with robust security awareness training and preemptive measures like the following:
- Ensuring that employees patch theirs systems with updates as soon as they become available to protect organisations and themselves.
- Reducing the number of phishing and spam attacks by encouraging employees to change the DNS records on their computers or broadband routers to "9.9.9.9." Quad9 is a non-profit organisation supported by IBM, Packet Clearing House (PCH), Global Cyber Alliance (GCA) and many other cybersecurity organisations for the purpose of operating a privacy and security-centric public DNS resolver. Its aim is to protect users from accessing the overwhelming majority of malware, malicious domains, botnet infrastructure and more.
- Ensuring that systems are hardened regularly to support only wanted services and therefore reducing their public fingerprint.
- Ensuring storage systems are working effectively and efficiency.
- Ensuring their endpoints are protected with endpoint detection and response controls.
- Ensuring that appropriate incident response playbooks and scenarios are practiced and tested regularly.
The cybersecurity challenges arising in this new threat landscape necessitate a change in thinking: a shift towards Zero Trust Security. The threat perimeter of yesterday is no more. Data must be protected wherever it resides. Again, pandemics are not novel, and they occur far more often than we think. They do have an impact on the world’s economy, and COVID-19 is no different. There are enormous campaigns driving an exponential growth in cybercrime, and potentially, no organisation will be exempt unless they're prepared.
