In just a few days, the world has completely changed from a connected network to a distanced entity (at least in personal space terms). Most of the world’s population is in self-quarantine, which made them more dependent on the internet. This huge dependency on the internet and online services around the world, has created vulnerabilities and more opportunities for data-hungry criminals. In this digital era, the world is facing as much of a threat from cybercriminals as it is facing physical danger from the pandemic.
Currently, more and more services are becoming online such as doctors promoting tele-medicine even in smaller towns in Pakistan; private businesses and companies’ employees are working from home using more online apps for video conferencing; students and teachers are connected through online classes; even the financial and banking sector has shifted their services online. The government in Pakistan is using online mediums to transfer money to needy people. Downloading of games and entertainment apps has surged in the last two months due to the coronavirus outbreak. The increased online activity not only augmented the prospects of online cyber-attacks and phishing email attacks against the public and private sector, but also increased the risk of online fake news.
During this crisis, the public health sector, including hospitals and anti-viral drug research labs, is the most hit by cybercriminals’ activities around the world. According to a Congressional Research Service report in March 2020, law enforcement agencies reported that cybercriminals are selling fake coronavirus cures online, pretending to be government health agencies in phishing emails. On the other hand, criminals are also inserting malware into online resources to track the pandemic. In mid-March, the Brno University Hospital in Czech Republic was hit by a cyberattack right in the middle of the COVID-19 outbreak. Though the nature of attack is still unknown, the incident was considered severe enough to postpone urgent surgical interventions and re-route new critical patients to other hospitals. Moreover, the US Health and Human Services Department also reported a cyber-attack on its computer system, which was termed a campaign of disruption and disinformation to undermine the response to the coronavirus pandemic. The World Health Organisation (WHO) stated that it is experiencing more than two-fold cyber-attacks during the pandemic as elite hackers are trying to break into its computer systems.
Online intellectual property theft is also increasingly becoming a major risk. The global struggle and competition to develop treatments and a vaccine for COVID-19 also brought non-state and government-sponsored criminals’ interest to target government-led research on this crucial and cutting-edge pharmaceutical endeavour through cyber espionage and cyber-attacks. Apart from cyber-attacks, information security experts and online rights and privacy activists are also concerned about other factors amid this crisis, such as individuals’ private data being at risk due to vulnerabilities in the public health system and governments adopting online surveillance policies to track down potential coronavirus patients.
To warn the governments and people, Interpol has issued a warning to organisations at the forefront of the global response to the COVID-19 outbreak that have also become targets of ransomware attacks, which are designed to lock them out of their critical systems in an attempt to extort payments. In Pakistan, the Pakistan Telecommunication Authority (PTA) advised people not to use public Wi-Fi services, warning of possible cyber-attacks through messages pretending to contain COVID-19 information.
As this pandemic needs a coordinated response, so do the cybersecurity issues during and after the coronavirus crisis. In countries like Pakistan where cybersecurity is still a developing field, there is a dire need to recognise the consequences if some critical computer systems get hacked during any crisis like this pandemic. In Pakistan’s context, there is an immense space to work on cybersecurity policies and institutions, develop advanced tools and technologies to protect country’s cyberspace and sensitive data, and the economic sector as well. The government also needs to carry out risk assessment and risk management of computer systems of major hospitals, which are on the frontline of the fight against this pandemic, and the National Institute of Health (NIH).
On the global level, countries need to understand the necessity of international norms; no state-sponsored activity in cyberspace should be conducted against other country’s critical infrastructure.