A few weeks ago, I participated in a webinar designed to help American businesses led by Hispanics survive the economic shock of Covid-19. One of the speakers at this Hispanic Recovery event was Jesus Mantas, an IBM executive, who issued a sincere warning.
Levels of cybercrime have increased recently, he said, noting “a 6,000% increase in spam linked to Covid” at the height of the pandemic. He then cited some frightening examples. One was an email sent to people “desperate for PPP [the US Paycheck Protection Program]. It installs malware on their computers, steals all their information [and] says, “If you don’t pay us a ransom, we’ll infect you and your family with Covid-19,” he said.
Another “claims to be a member of the World Health Organization and is installed to capture everything you do on your computer”. His conclusion? “Cybercrime is one of the fastest growing businesses today.”
Allegations of state-sponsored cyberattacks have hit the headlines in recent weeks. The FBI (and the White House) have accused China of using digital espionage to steal research on a Covid-19 vaccine, while Australia has exposed China for widespread cyberattacks.
But, as Mantas says, the most striking trend is the explosion of attacks against businesses and individuals. And although minorities in the United States, who may be less aware of the risks and more nervous about approaching the authorities, seem particularly vulnerable, the assault is felt by almost everyone, almost everywhere.
As Echo, the EU cybersecurity network, recently pointed out, Covid-19 has left many of us so distracted and disoriented that our defenses are down, even if we are more dependent on everything than ever. which is digital.
“This pandemic offers cyber attackers unique opportunities to take advantage of existing attack tactics, techniques and procedures to exploit new opportunities,” notes Echo, before identifying “a massive increase in homeworkers, children using personal computers for schooling, as well as pandemic factors and emotions, “as issues that increase risk levels.
There have been high profile victims. In London, for example, Zaha Hadid Architects admitted that some of her data was stolen in April. “With all of our 348 London-based employees working from home during this pandemic and cybercriminals ready to take advantage of the situation, we urge the architectural community to be extremely careful,” he said, adding that he had refused to pay the ransom requested.
In San Francisco, a laboratory at the University of California also suffered a “ransomware” attack. The hackers froze its systems – systems that supported the search for a cure for Covid-19 – and demanded payment. The lab paid a ransom of 116.4 bitcoins ($ 1.14 million) because “the data that has been encrypted is important to some of the academic work we do as a university serving the public good”, he told the BBC.
Microsoft recently unveiled measures to prevent a wave of hacker attacks on businesses through its Office program. These usually use phishing messages with terms like “Covid-19 Bonus,” the company said. Meanwhile, the Option3Ventures cyber investment group tells me that it has seen an explosion of attacks on hospitals, often using a Covid-19 tag.
The group also witnessed a new target. “Previously, hackers targeted coronavirus efforts. Now their eyes are on the George Floyd protests, “writes Option3Ventures partner Lisa Donnan, who says the FBI has recorded 20,000 cyberattacks related to Covid-19 and the protests.
What should we conclude from this deeply depressing trend, if not that cybercriminals now targeting vulnerable people are really insane? First, these attacks should remind us all that we still do not really understand the many second-order effects of the horrors of Covid-19. Long after the medical shock of the disease, we will count the other forms of collateral damage, cyber-hacking being one.
Another lesson revolves around the question of what economists might call “extreme information asymmetry” – the fact that we all rely heavily on processes that only a tiny minority of experts actually understand, whether in medicine, finance or cyberspace. Normally, we are usually quite happy to ignore these asymmetries and dependencies. In other words, we live our lives with extreme blind confidence in the security of systems, and assume that they will protect us, even if we are ill-equipped to verify it.
However, Covid-19 revealed the folly of assuming that medical systems – or digital experts – will always protect us: unless we all try harder to understand pandemics, they are more difficult to fight. It should also remind us of the risks of placing excessive reliance on these experts – and networks – that we find it even harder to understand.
Naturally, I welcome the steps taken by people like IBM’s Mantas to educate businesses about cybercrime. But we have to redouble our efforts in society. We all need to bridge the “asymmetries” in our understanding of digital technology – something we rely on even more in the Covid-19 era.
Follow Gillian on Twitter @gilliantett and email her at [email protected]
To follow @FTMag on Twitter to check out our latest stories first. Listen to our podcast, Call to culture, where FT editors and special guests discuss life and art in the days of the coronaviruses. Subscribe on Apple, Spotifyor wherever you listen.