This is the first part of a two-part blog on Coronavirus and Cyber. Read the second part here.
The entire global population is currently experiencing what it is like to live in a time of plague in the form of Coronavirus. In addition to pestilence, famine and death, the four horsemen of the apocalypse referred to in the New Testament Book of Revelations also bring war (or sword).
In a modern 2020 setting, the sword could well be wielded as a digital pandemic on the Internet and related Internet of Things. This may appear alarmist, but historically, it is true that pandemics and war are linked as shown by this list: -
While some cybercriminal opportunists are already exploiting the current environment to make money, there are cyberwar strategists who are modelling the impact that a largescale cyber hack could inflict on a society crippled by COVID-19.
Cyber warriors are exploiting the COVID-19 pandemic, as cyberattacks are soaring. Cyber security experts have found that the 2019 novel coronavirus (COVID-19) has led to a surge in phishing scams, with both individuals and organisations at risk.
Millions of employees are being forced to work remotely, which will limit the spread of the disease, but it will introduce new business risks that organisations must prepare for.
Cyber criminals are already rolling out coronavirus-themed phishing emails that prey on the curiosity or fear that comes with news stories to propagate their scams. Phishing emails imitating HMRC frequently surge as tax season approaches, as they do during major sporting events, the festive season and always on Black Friday.
These attacks are bad in any normal circumstance, but during this time of great uncertainty, they carry with them more significance and danger too. There is a great fear among officials of a major cyberattack on critical infrastructure.
The United States, for example, is vulnerable to cyber-attacks targeting hospitals, food supplies or other vital functions. New cyber threat actors launched an unsuccessful digital attack aimed at overwhelming computer networks at the Department of Health and Human Services. Meanwhile, there was an attempt by cyberwarriors to spread misleading claims that President Trump planned to impose a nationwide lockdown over text message, encrypted apps and social media platforms.
“There are actors out there in cyberspace that think we’re vulnerable,” Rep. Mike Gallagher (R- Wis.), who co-chaired the recent Cyber Solarium Commission on the future of U.S. cybersecurity, says. “At a minimum, we need to impose costs on whoever did this. We don’t want the signal to be that now is a good time to take advantage of the U.S.”
The pandemic has heightened concerns that the United States is not equipped to deter and resist digital attacks from hostile state-sponsored attacks including Russia and China. Some adversaries may be emboldened to target vital medical care services or food supplies. The warning also comes as huge portions of the nation's workers are suddenly working from home on unfamiliar or even un-vetted equipment, raising the likelihood of digital vulnerabilities that hackers could exploit.
Sen. Angus King (I-Maine), the commission's other co-chair, warned that the virus “underlines our overall vulnerabilities [to cyberattacks] and the absolute unscrupulousness of our adversaries.”
Attorney General William Barr says there will be “severe” consequences if the attack or disinformation campaign is traced to an adversary government, which suggests the U.S. reserves the right to retaliate in kind. He has also urged the Justice Department to prioritize prosecuting any cyber criminals who seek to profit from the pandemic.
A ransomware attack at the Brno University Hospital in the Czech Republic locked up the hospital’s computer server as doctors were dealing with a coronavirus outbreak.
Other damaging attacks, for instance, could target data used by grocery stores or agricultural firms to impede the flow of food to market.
If cyber attacks do impede the U.S. response to the pandemic, Washington could join with its allies to impose more punishing economic consequences or targeted retaliatory cyber attacks, Painter said. “You don’t want to escalate out of control, but you want to send a message that these things are off-limits,” he said. “You can take far more serious actions than we’ve done.”