Cybersecurity in COVID-19 Times- How attackers using pandemic in their favor to compromise security

In a recent forty-five minute webinar about the state of cybersecurity in COVID-19 times, Mikko Hypponen, an expert on the matter to whom the Hypponen Law of IoT security is  credited, said that during the time of a crysis bad actors on the internet becomes particularly  active. 

Now, that’s not the end of the list of vulnerabilities and precautions he warned his viewer about.  We will get to that later. First, let’s take a step back and look at how you might be affected by the  surge in security compromises on the internet. 

cybersecurity-in-covid-19-times

Assuming you are working from home, you have been using some kind of instant messenger  software, with or without video conferencing options, e-mail clients and other various sorts of  communications softwares. While in the office floor you were pretty safe behind a corporate  firewall and a team of IT personnel to come take look at your computer at the first glance of an  irregularity, but in your home, you are connected to the internet through a regular internet service  provider and a router that has not seen password changes in six months or a year.

Also you may  practice safe browsing habits, other members of your family might not be so careful. In all of these  cases, all of your personal, private and/or corporate information are wide open to compromise. 

State of International Cybersecurity in COVID-19 Times

Officials of the EU and the UN are very worried about these situations. In the era of novel  coronavirus, we are forced to isolate ourselves in order to flatten the curve—so that we don’t get  infected, if we are already not, or become the carrier by whom ten other people get infected  causing a chain reaction of infections. Thus we have been introduced to the term “social  distancing.” The United States has shut down or postponed many services that they deem “non- essential.” And working from home has become the new norm in this ever connected world. 

But, we were not ready, neither were those officials from European Union and United Nations.  Their daily and frequent communications are being done by video conferences and constant stream of emails thrown back and forth. All of the information, sensitive or otherwise, are being  transmitted by the internet. This is a very lucrative opportunity to steal said sensitive information.  One such official has exclaimed that these video conferences are an open invitation for the  hackers. Since we were not ready, ready to cope with this vulnerability, we all have become  targets of phishing, malwares, eavesdroppings, spoofing or other assortment of cybersecurity  threats in COVID-19 times. 

Now, let’s focus on the corporate environment again. Let’s say a certain pharmaceutical firm has  been working tirelessly day in and day out with the view to find a vaccine to cure the patients most  prone to death from the coronavirus. And for a sniff of that extremely valuable piece of information  corporate espionage is being mounted on an unprecedented scale, by any actor, nation or  otherwise. What disaster might happen if that formula ends up in the wrong hands. 

Cybersecurity in COVID-19 Times

In that webinar Mister Hypponen shows us several images from a hospital in Italy, a country  devastated both economically and in thousands of human lives by COVID-19. In those images,  as Mikko points out, there are computers and connected devices accompanying all the patients  lying in those hospital beds. Those computers contain vital information regarding the condition of  the patient and progress of his or her recovery. No one can say for certain that those computers  are under ironclad security of state-of-the-art firewalls or anti-malware protection. 

Mister Hypponen also shows us that these kinds of situations, situations where pandemic  ravaging lives all over the globe and healthcare systems are on the brink of being overrun, these  are the kinds of instances when hackers find the hospitals as ripe targets for ransomware attacks.  He shows us various cases of such attacks in real life, happening in the first world hospitals. Even  in 2020, the Pleasant Valley Hospital in West Virginia, US was reported being attacked by  ransomware. And the worst case scenario, a small town hospital in California, the Wood Ranch  Medical, declared bankruptcy under the threat of a ransomware.

These are not the least of our worries. Because when all the government agencies are rushing  towards keeping the economy stable, there might be a window to launch an attack by interested  groups on any nation’s critical infrastructures, such as water, gas, or even the electrical grid.  Where the coronavirus may not be the biological weapon, but it can open avenues for other  attacks just as easily. 

Another potential target of cyber security breaches may be the intellectual properties held by  persons or organisations. Proprietary information has always been a target by the black hats, to  obtain and sell in the dark web to the highest bidder. And given the opportunity of a professional  sitting at their home-computer with maybe an outdated Windows XP or compromised internet  security software can be an easy conduit of intercepting such information. 

All the ways a malware may propagate, in this time, the most effective way is thought of as the  phishing links disguised as a news article relating to the coronavirus. We are all reading these  news articles, and some of us may be being less careful about the origin of such links before  clicking on them. Other ways might be the macros in the word or excel files that are being sent to  us from mail addresses bearing uncanny similarity of our official web mails.

Some of them might  announce one of our colleagues might have caught the virus, so they want some information to  better organize a quarantine. Others may want our log-in information saying that the mail clients  have been updated and we must log in again using the given link. 

Tips for Cybersecurity in COVID-19 Times

Experts are not just issuing cautionary tales without giving some solid, easy to follow advices on  how to stay reasonably safe during this unforeseen, trying times. The first of which is using and  masking everyone’s internet activity by a VPN. VPNs are virtual private network softwares. They  encrypt and bounces the data packets through different servers before they reach their  destinations. So, anyone who might be trying to snoop around our internet activity, might find  them uninteresting and insignificant. And, thereby ignore them altogether, or fail to decrypt the  data packets in case they are intercepted.

There are free options and paid options on VPN services, some paid versions may offer one to more months of free trials. Using them is highly  advised by all of the experts who have been warning the public about the dangers of a vulnerable  connection. 

If you have not changed them already, now is the best time to change your wi-fi and router  passwords to something more robust and unpredictable. Passwords with 8 or more characters  containing both upper and lower cases and some special characters such as the pound sign or  hash tag, exclamation point, caps etc along with some numbers are considered to be strong.  Some sign up forms have password strength meters at the bottom of the password box to indicate  how difficult it is to guess your password by anyone who might want to guess them. 

Keeping your operating systems updated ensures it has all the latest security measures put in  place. The updates fix bugs as well that could have been exploited by the hackers. So, if you had  been putting off that annoying windows update, it is better to run it now, than later. 

Another measure to keep your operations safer is to separate the work computers from those that  are usually used for entertainment. This is a good practice because the entertainment websites  may be cloned, and to any pair of unsuspecting eyes they may appear legit, but are just clones  to collect your log-in information, mail address and browsing history. They fetch a great price in  the targeted advertisement business. 

Not letting your kids near your work computer is also advised. Because, they may lock your  personal computer by trying to open it with repeated entries of wrong password, limiting you to be  on time for work. Or they may click on some links that you would have no problem avoiding. 

Take care of your Cybersecurity in COVID-19 Times

This is a historic time. We will be talking about and pulling references about this time for years to  come. When they write the histories of the twenty-first century, the COVID-19 pandemic and the  year 2020 will surely be mentioned countless times. With our advanced medical technologies and  automated systems to assist, this level of human cost and suffering is unprecedented.

And we are not out of the woods yet. So, staying safe from the coronavirus itself might not be enough, we  have to be careful about the threat lurking around the interweb too. Without our careful, concerted  efforts, bad actors will find ways to bring on more suffering and trouble on us. We can defeat both  of these threats. Human spirit must endure and flourish against all odds.