by Angel T. Redoble* and Francisco Ashley L. Acedillo**
Introduction
In May 2019, a Chinese government-sponsored hacking group was reported to be targeting unidentified entities across the Philippines.
By year’s end 2019, the Philippines was ranked number 12 among the top 20 countries where users face the greatest risk of online infection. One anti-malware company last year was detecting an average of 30,000 to 50,000 new malware (malicious software) on their database on a daily basis.
If cybercrime were an industry, its estimated worth would be $2.1 trillion in 2019 – equivalent to its damage in terms of business disruption, information loss, equipment damages, and revenue loss.
By themselves, all these statistics would already scare the wits out of the average Filipino Internet user. And these statistics were all before the recent onslaught of the novel Coronavirus 2019 pandemic (officially called COVID-19). Now, COVID-19 is not only causing thousands of deaths, hundreds of thousands of infections, and shutting down national economies – it is also carving a large swathe of damage in cyberspace.
A New Normal, More Dangers
Because limiting face-to-face contact with others is the best way to reduce the spread of the Coronavirus disease, the World Health Organization (WHO) strongly recommended that governments implement what is now widely-known as social distancing: shuttering schools, offices, malls, restaurants, gyms, and other institutions – except grocery stores, food stores and pharmacies – and the banning of public gatherings like religious services and business, social and sporting events. This intervention, called flattening the curve, is believed to slow the spread of the virus, enough for hospitals and the entire public health system of a country or a region to ramp up its preparations for the increase in COVID-19 related admissions instead of getting totally overwhelmed by it.
This imperative has created a new normal: the ubiquity of companies and organizations switching to a Work-From-Home set-up (or for some, maintaining a skeletal workforce while the majority continue their work at home in other places of isolation or quarantine). This in turn has caused another phenomenon: a surge in Internet use and the corresponding multi-fold increase in bandwidth requirements. In one preliminary estimate, total Internet use have surged between 50% and 70%, and streaming has also jumped by at least 12%.
And like the novel Coronavirus suddenly making the jump from animal pathogen to human-transmitted disease, cybercriminals have emerged from the dark shadows of cyberspace to prey on an ever-increasing number of online users.
COVID-19 related cyber threats have grown so bad that both the United States Department of Homeland Security (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) have issued a joint alert warning that the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations, and state-sponsored/well-organized cybercriminal groups and cybercriminals targeting individuals, small and medium enterprises, and large organizations with COVID-19-related scams and phishing emails.
Whence before your average worker or employee divided his Internet time between home and the office/work (interrupted only by the commute or travel time to and from work) while the average student could only have extended time online after school, both these users now – because of social distancing – have spent the most time in the Internet for work, schoolwork, and surfing than in any other time in recent history. For both the work-from-home employee and the student undergoing online learning, they are largely left alone with their computers or laptops and their Internet connections – without the benefit of supervision or assistance from their friendly IT guy in the office or in school.
This danger is compounded by the fact that your average user is also not very keen on monitoring and/or ensuring that they are using software with the latest security patch, or an application that has already been installed with the latest security update. These office-to-home and school-to-home schemes have now deprived these users of better protection from an ever-increasing number of malicious sites and unprotected emails loaded with malware and phishing scams (whether COVID-19 related or not).
Suddenly these users, employees, students and teachers who used to enjoy the comforts of having the IT guy and the information security guy are now left alone. Suddenly there is no one on standby to physically resolve or remediate cyber security-related issues. When laptops, PCs and other computer machines are connected to a home network, the risk of hacking and compromise goes up to the highest level – unlike being connected to the office network where security policies are in place and security mitigations are monitored and implemented.
Since the start of the pandemic, security incidents have escalated to their highest, as compared to pre-pandemic levels. Unfortunately, cybercriminals have also recognized the opportunity this situation has presented to them. New security threats have come out while old attack techniques are being used again. Hackers are attacking not only the weak security implementation of our home networks but also our weaknesses as humans (through social engineering, for example). They are attacking our curiosity, our eagerness to get the latest news update and even our willingness to help our fellowmen – all these are fair game for targeting through scamming and phishing websites and launching fraudulent mobile apps.
While the whole point of cybersecurity – or securing the user while he/she is using his mobile phone or computer while connected to the Internet (or cyberspace) – is to reduce the attack surface or the total number of vulnerable points an attacker (in this case a hacker or a cybercriminal) or unauthorized user can disrupt your system, damage your computer, steal your information and other ways to undermine you; this so-called new normal has only served to increase the attack surface and create what is equivalent to an “open hunting season” for hackers and cybercriminals.
At the Frontlines – Hospitals
The International Criminal Police Organization, or Interpol, is currently in the midst of addressing and investigating cybercriminals that were able to target critical healthcare institutions with ransomware in Southeast Asia recently, with its Director General Jurgen Stock reporting: “As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients.” Interpol reported that hospitals were locked out of their critical systems, not only delaying “the swift medical response required during these unprecedented times, it could directly lead to deaths.”
Imagine a hospital operating at or near its full capacity due to the surge of COVID-19-positive patients. Then all of a sudden a ransomware attack locks them out of their patients’ database, and more dangerously, from their high-end medical technology equipment that is supposed to have access control.
Government Agencies and International Organizations
The North Atlantic Treaty Organization (NATO), through its Cyberspace Operation Centre (CyOC), also warned the public that there was “no limit on the creativity of hostile actors to exploit any given crisis,” stating that these threat actors attempted to gain the trust of victims using branding associated with familiar names such as the U.S. Centre for Disease Control and Prevention (CDC), the World Health Organization (WHO) and FedEx., as well as country-specific health agencies where unsuspecting users are usually directed to malicious sites or drawn to fake online information sources.
Locally, a group calling itself the Philippine Communist Hacking Group successfully attacked and temporarily took down the websites of the Office of the Vice President, the Housing and Urban Development Coordinating Council (HUDCC), National Anti-Poverty Commission (NAPC), the Department of Health (DOH), and – ironically – the Department of Information and Communications Technology (DICT).
Conclusion
In this work from home and learn from home environment, the need to secure the users and their devices have become the highest priority in parallel with the need to secure a network and IT infrastructure of one’s organization. A massive compromise would mean a degradation of operational capability of a business organization. A massive breach on personal information is tantamount to a privacy disaster. A massive ransomware infection on medical facilities is tantamount to a death sentence to those who are heavily dependent to the medical services.
If anything, these recent developments in cyberspace in the midst of an influenza pandemic serve only to put cybersecurity where it should be, along with the world’s most pressing problems: front and center.
It is not enough anymore that individuals and organizations worry about ensuring that work and school and service to the public continue, albeit under new and remote (online) circumstances. It is equally an imperative now to educate ourselves and our co-workers about the rising dangers of our use and/or presence in the Internet; our use of technology platforms to communicate across distances and the need to ensure the cardinal principles of Confidentiality, Integrity, Availability and Privacy in information security; and the collective vigilance necessary from citizens, companies, governments, and the community of nations to stave the wave of cyberattacks.
These are truly perilous times – offline, and online.
*Angel T. Redoble is currently Vice Chairman of the National Advisory Group for Police Transformation and Development (NAGPTD), with oversight over the Philippine National Police (PNP)’s strategic roadmap PATROL Plan 2028.
**Francisco Ashley L. Acedillo is a former party-list Congressman (16th Congress, 2013-2016). Both Redoble and Acedillo work as cybersecurity executives (CISO/First Vice President and Assistant Vice President, respectively) in one of Southeast Asia’s largest telecommunications companies.