ONLY a few weeks ago there was a warning about another pandemic. That it probably escaped the notice of most of us is hardly surprising. To begin with the world had more than enough to contend with in the shape of Covid-19.
Also it wasn’t a new alert, in fact experts have issued it countless times for many years now. Had most of us been aware of this other threat, the chances are we would have dismissed it anyway as something unlikely to impact on our lives directly. In that assumption we would have been dangerously wrong.
As experts at the Geneva-based World Economic Forum (WEF) pointed out earlier this month, Covid-19 is not the only risk with the ability to quickly and exponentially disrupt the way we all live. Or, as they more succinctly described it, our “new normal” isn’t Covid-19 itself it’s Covid-like incidents.
What these experts are referring to is the inevitability of a global cyber pandemic, one that would spread faster and further than any biological virus, impacting upon and potentially devastating many aspects of our lives.
Sound far-fetched and too sci-fi to be believable? Then think again. In fact just check the news from Australia this weekend where the prime minister, Scott Morrison, has confirmed that a state-sponsored cyber-attack is currently underway, targeting Australian government, business, education and political organisations.
While experts say that this latest attack in Australia is not particularly sophisticated, they have been so persistent there that the government felt now was the time to speak out.
The same experts too warned that the current hacking should serve as a wake-up call to the overall massive rise in cyber-attacks and their potential to wreak havoc in the future with the outbreak of an online pandemic.
READ MORE: Why Your Business Should be Looking into Cyber Security
One of those experts Dan Lohrmann, writing recently for the US magazine Government Technology, detailed through the prism of the American experience the duration over which such warnings have been given and their significance.
“For more than a decade, security leaders predicted that a “Cyber Pearl Harbour” or “Cyber 9/11” was coming that would dramatically change society as we know it,” said Lohrmann.
In his assessment he cites Janet Napolitano, former US Secretary of Homeland Security, who as far back as 2013 warned that America “ will, at some point, face a major cyber event that will have a serious effect on our lives, our economy and the everyday functioning of our society.”
But as Covid-19 has revealed such attacks were never only going to be limited to the US.
Right now evidence is mounting daily that state-backed hackers are seizing on the Covid-19 pandemic to lead cyber espionage transnationally at a time when home working and anxiety about infection are making populations more vulnerable to online hacking.
“Attacks have always been socially engineered to prey on people’s fears, habits, and ultimately, their bank accounts, but the exploitation in the Covid-19 era is nothing short of sinister,” warned Christopher Gerg, an information security expert writing in Security magazine last month. Just how sinister is borne out by the extent to which hackers have been exploiting employees whose working environment has radically changed as a result of Covid-19.
“Work from home is a gold mine for spies,” James Lewis, cyber security expert at the Washington based Centre for Strategic and International Studies,” told the Financial Times recently
“The Chinese in particular benefit because it gives them more and easier targets to go after and they have the resources to take advantage of a surge in easier targets.”
In April a rare joint assessment released by Britain’s National Cyber Security Centre (NCSC) - a branch of signals intelligence agency GCHQ – and the US’ Cybersecurity and Infrastructure Security Agency (CISA) - part of the Department of Homeland Security – highlighted the “growing use” of Covid-19 in state-sponsored cyber-attacks.
In the parlance of what security experts call “Advanced Persistent Threat” groups, hackers working on behalf of nation states such as China, Russia and Iran among many nations are making the most of the outbreak to spy on their adversaries according to NCSC and CISA.
It would be naive to imagine of course that both those same UK and US intelligence communities are not themselves doing likewise. Various reports have already surfaced over the extent to which numerous Chinese organisations or institutions for example have been the subject of scrutiny by the US, UK and others.
Evidence presented in the recent US-UK joint assessment of cyber security breaches here in Britain give some idea of how the coronavirus has upped the ante of such activity on all sides.
“APT groups are using the Covid-19 pandemic as part of their cyber operations,” the US version of the report reads. “Their goals and targets are consistent with longstanding priorities such as espionage and ‘hack-and-leak’ operations.”
Underlining the scale of the threat from state entities, the Reuters news agency last month reported that hackers linked to Iran targeted Gilead, the US-based pharmaceutical company that makes the anti-COVID drug Remdesivir.
READ MORE: Internet security competition for Scots businesses launches
According to experts who reviewed web archives for Reuters, the hacking infrastructure used in the attempt to compromise the email account of an executive at Gilead, had previously been used in cyber-attacks by a group of suspected Iranian hackers known by the bizarre name “Charming Kitten.” Such colourful or quaint codenames are not uncommon in the cyber world and often veil the seriousness of such a group’s impact.
“Access to even just the email of staff at a cutting-edge Western pharmaceutical company could give ... the Iranian government an advantage in developing treatments and countering the disease,” said Priscilla Moriuchi, a director with US cyber security firm Recorded Future, and former analyst with the US National Security Agency.
Responding to the hacking claims, Iran’s mission to the United Nations denied any involvement in the attacks.
“The Iranian government does not engage in cyber warfare,” spokesman Alireza Miryousefi told the news agency. “Cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure,” the spokesman added.
Just as in the Gilead case, other state-backed hackers are using similar email “lures” to entice government officials, academics and employees at public health bodies into clicking on links that give access to their organisations’ networks.
The World Health Organisation (WHO) is another recent example, reporting that it has experienced a five-fold increase in cyber-attacks compared to this time last year. Some were clearly motivated by profit as much as intelligence gathering.
Many of these attacks on the global health watchdog were targeted at the general public with emails that spoofed WHO employees’ emails asking for donations. Common “phishing” scams include emails claiming to come from the director general of the WHO, and others claiming to offer thermometers and face masks.
“The virus crisis has brought new intelligence requirements: countries now want to know what other governments are doing about the virus, they want to find out details about vaccines, to make sure they’re aware of the latest developments,” the Financial Times cited one security official as saying a few months ago.
“So as well as all the usual intelligence sources they’re now focusing on academic organisations that might be doing modelling, people working on public policy responses, scientists who are advising government,” the official added. “Nation states are asking for new types of intelligence so hackers are pivoting to answer those questions.”
But it is attacks on the health institutions and related services at the height of the global pandemic that have both alarmed and outraged cyber security experts and others.
Many point to the fact that hospitals and public sector organisations that deal with health and social care can be particularly vulnerable to cyberattacks.
There are historical precedents here of course in the shape of the devastating global cyber-attack in 2017 that crippled computers in hospitals across the UK and cost the NHS around £100m.
The so called WannaCry hack which shut down hundreds of thousands of computers around the world with messages from hackers demanding ransom payments, hit a third of hospital trusts and 8 per cent of GP practices. Around 1per cent of all NHS care was disrupted over the course of a week.
The hack caused more than 19,000 appointments to be cancelled, costing the NHS £20m between 12 May and 19 May of that year and £72m in the subsequent clean up and upgrades to its Information Technology systems.
The WannaCry hack caused 200,000 computers to lock out users with red-lettered error messages demanding the cryptocurrency Bitcoin. According to investigators those responsible for the global attack was an elite groups of North Korean hackers known as the Lazarus group. While the attack didn’t specifically target the NHS, it spread over the Internet using a leaked hacking tool developed by the US spy agency the NSA.
And here lies the obvious parallel with Covid-19, a cyber-attack that creates an infection, but one that would spread faster and further than any biological virus.
Over these past months many of us have become familiar with what is known as the R number or reproduction value by which a disease’s ability to spread is rated.
Should the reproductive rate – or R0 – of Covid-19 be on average around 2 without any social distancing, then each infected person passes the virus to a couple of other people.
By contrast, as cyber security experts at the World Economic Forum have recently pointed out, estimates of R0 of cyberattacks are 27 and above. One of the fastest worms - as they are known – in history was the 2003 Slammer/Sapphire worm, which doubled in size approximately every 8.5 seconds, spreading to over 75,000 infected devices in 10 minutes and 10.8 million devices in 24 hours. To give some sense of scale as to what this means, a virus with a reproductive rate of 20 may take only five days to infect over 1 billion devices.
The economic impact of such a global virus and subsequent digital shutdown would, say WEF experts, be of the same magnitude or greater than what we are currently seeing as a result of Covid-19.
“The only way to stop the exponential propagation of cyber-Covid would be to fully disconnect all vulnerable devices from one another and the Internet to avoid infection,” says Professor Nicholas Davis and Algirde Pipikate, the cybersecurity experts who complied the WEF assessment.
To put this in some kind of context the end result would mean millions of devices would be taken offline in a matter of days. A single day without the internet would cost the world more than $50 billion, while a 21-day global cyber lockdown could cost over $1trillion.
“The whole world could experience cyber lockdown until a digital vaccine was developed. All business communication and data transfers would be blocked. Social contact would be reduced to people contactable by in-person visits, copper landline, snail-mail or short-wave radio,” the experts added, describing a nightmarish scenario that more than mirrors Covid-19 and the impact it has had on all our lives economically.
Just as warnings have existed for many years over a global biological pandemic so likewise they have existed regarding a cyber pandemic. The systemic cyber-attacks that we are currently witnessing have shown themselves to be both easily deployed and dangerous.
The point now say those best able to judge the scale of the threat, is to fully anticipate them and have the necessary degree of preparedness. If Covid-19 has taught the world anything it’s that even a short delay in responding can cause colossal damage.
As we tentatively begin to surface from these recent dark and devastating times, it might be hard to even contemplate more potential disaster.
But as we now know from painful experience, fully recognising the extent of any threat and having the measures in place to cope must be a priority.
After all, just as with a biological pandemic so with a cyber equivalent, we now know it’s not a question of if it will happen, but when.
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel