Cyber threats and COVID-19: the pandemic is fuelling the cyber war?

Posted by

In June 2017, the Ukraine has been the recipient of a cyber attack is absolutely devastating. Presumably carried out by hackers sponsored by the Russian state known as Sandworm, the attackers have deployed a formidable ransomware virus known as “NotPetya”. Most of the public infrastructure, and a massive part of the private sector in Ukrainian are being brought to our knees by this weapon. The entire national health care system is due to go offline, paralyzing any capacity to deliver health care effectively and timely to an unknown number of citizens.

As the cyber war knows no boundaries, the worm NotPetya it is widespread in several large multinational companies. Among these, there were Maersk, the largest shipping company in the world, and Merck, the american manufacturer of vaccinesdespite none of the two companies to be the designated target of the virus. In 2021, with a supply chain that is protected and the global need to support the dissemination of the vaccine against the COVID-19, the implications of such an attack could cause loss of human life. The very nature of the global response to the pandemic has prompted a fast, reliable access to networks for the supply of niche, health care resources are allocated efficiently and that the population can easily receive accurate information. This makes the current global effort extremely vulnerable to attacks based on the Internet and poses a new sad possibility of the damage that can be done with cyber weapons.

The problems of logistics in the cold chain

The cold chain, the supply network of niche designed to move items that are sensitive to temperature, has been shown to be vulnerable to cyber attacks since the early days of the development of the vaccine COVID-19. A number of vaccines, including the majority of influenza vaccines and vaccines for COVID-19 based on mRNA, must be stored and transported at low temperatures. This is a massive undertaking on a global scale, whereas the world health Organization hopes to deliver 11 billion for vaccines COVID-19 around the world by next summer. Given the delicate nature of the cold chain, its importance, and for the necessary expenses to maintain it, represents an attractive target for the actors of the threats.

In December of last year, Security X-Force IBM announced it had discovered a massive phishing campaign global against the Cold Chain Equipment Optimization Platform (CCEOP) of The Gavi Vaccine Alliance. The CCEOP is a consortium public-private developed to promote the global distribution of vaccines, mainly in developing countries. The campaign has attempted to obtain credentials via phishing by employees at the companies associated with the program CCEOP of Gavi in at least six Countries. The report does not name any entity in a specific way, but says that the precise nature of the attack was indicative of an actor is sponsored by the state (there are attacks that can be made by anyone, we want to skills and you're not doing that for free).

The idea that she could be an actor of threats with the ability of a government to the shoulders is of concern. There are no fixed rules on what constitutes an act of war in the realm of cyberspace. Many definitions the term “cyber war” or “cyber war” state that occurs when a nation attacks the critical infrastructure of another. However, when the critical infrastructures in so many nations depend on the private sector, partnerships corporate-government and several international organizations, when an attacking player reaches that threshold of an “act of war”? The CCEOP of Gavi and the attacks discovered by X-Force demonstrate a very good example of such a puzzle.

The redemption of the health care systems that is the gorge

Another way in which the operators have become more and more threatening during the pandemic of COVID-19 have been attacks real that occurred in hospitals and in health infrastructure. The increased pressure on health systems from the treatment of patients with COVID-19 arrived with a marked increase in the amount of cyber crime directed at such an infrastructure. The actors of the threats often choose ransomware attacks against such institutions: that is, on a global scale, but also in Italy (Ospedale S. Raffaele, Milan, system, and vaccine Region Lazio, S. Giovanni Hospital, Rome, ASL Roma3, ASP Messina).

A attack ransomware occurs when a malware that made its way into a system will encrypt all of the files to a computer, making them completely unusable. Attackers require payment for the key to decryption. Although extremely common, the ransomware can be modified in some cases to make it unrecoverable system. This alteration was a component of the weapon cybernetics NotPetya.

An example of a ransom note of the ransomware

In may, the public health service, the irish, theHealth Service Executive, has announced that it suffered two attacks ransomware (the second here). Ireland was forced to temporarily close all of the IT systems of its health services. The irish government has said not to have paid any ransom to the attackers, with the consequences of a week in the emergency roomwith the inability to process the PCR test COVID-19 and the workers forced to use a system that is entirely made of paper.

A similar accident occurred in Lazio, this time aiming specifically to the booking system of the vaccines regional. Inhibited almost six million citizens from receiving their doses. After the initial announcement, the governor of Lazio, he went on to say that the the attacks were ongoing, and “the nature of terrorism”, but he has not stated if he was involved or not a specific organization. The attacks came almost certainly from outside the Country and also used ransomware, although it is never revealed the details of a possible redemption required: the detail that brings out the suspicion of criminal groups funded by the States.

It is important to note that these incidents, preventing direct access of individuals to the treatment and preventive medicine, are putting at risk the lives of those individuals. Cybercriminals are betting on this realization, in the hope of being able to monetize their ransomware. This also means that they are willing to gamble with the lives of the innocent, and can be reasonably assumed to have been indirectly responsible for a number of deaths in this way.

Misinformation offfusa

Being a new disease, the information about the infection from COVID-19 continue to accumulate rapidly. The recommended treatments, the counter-measures to slow its spread, and the research on its mutations and symptoms have prompted a rapid rise both to the authorities and the public. This has made the social media and communication on the Internet is a great strength that a grave responsibility for any response unified global. This is because the nature of the Internet today provides a platform to the disinformation, with the same ease with which they are scientific discoveries. The disinformation definitely has claimed victims in the course of the pandemic. The amount of distrust in vaccines and in the recommendations of the experts continues to spread on every social media platform, despite the current efforts of Facebook and Twitter.

One way in which the misinformation replication is through the manipulation of the stolen data. This gives the disinformation, the apparent credibility of a source for an authoritative, at the same time allowing the attacker to create their own narrative. These attacks also send clear threats to the organizations from which they stole their information. In December of 2020, the european medicines Agency (EMA), based in the Netherlands has been the victim of such a data breach and thethe investigation is still ongoing. According to the EMA, the hacker they stole documents matching digital and have them handled in a way “that could undermine trust in vaccines”. An analysis of the accident on the part of the swiss institute CyberPeace he declared that “The nature of the specific attack and the joints are manipulated to suggest an information operation cybernetics that could potentially undermine the reputation of Comirnaty [the vaccine BioNTech / Pfizer], both at a global and regional level. This, in turn, may give to the vaccines rivals a competitive advantage in the supply of the soft power of the states of the “diplomacy on vaccines” and to prevent the response to the pandemic in the EU as part of a greater Infodemia”.

Assessments honest threat

It is important to note that, although the pandemic has not necessarily brought with it new tactics of cyber-war specifications, is the world itself that has become more vulnerable. The COVID-19 has tested the limits of the systems of our world in a way that would make it a tool such as the weapon cybernetics NotPetya absolutely devastating.

The intensive care unit and the emergency room, all over the world are full, despite the abundant availability of vaccines in many countries. If the mobility of those vaccines were to be reduced through an interruption of the cold chain, or if the patients are not able to schedule appointments for vaccines, how many millions more will require these shelters? If the internal networks of hospitals with break in a continent, how many patients could potentially die waiting for care? How many people have been convinced, through a series of efforts of misinformation, to refuse, or even hesitate, to be vaccinated? Will there ever be a way to tell what could be the number of the dead?

There are numerous best practices cyber security consolidated, which would reduce the damage caused by the threats outlined in this analysis. Many of these practices, however, require a public willing to implemented the directive and a culture of safety is not compliant between our institutions. As with any security policy, this must begin with an honest assessment of the threat (not minimized a priori).

Want to comment on? Turn on the discussion