Is the World on the Verge of a Cyber-Pandemic?

As technologies get more globally interconnected cyberattacks on businesses and infrastructure services are increasing to the point that a pandemic, similar to the viral pandemic currently affecting the world, is clearly foreseeable in the future.

In a recent event sponsored by Fortinet and Hexaware, two leading companies in the field of cybersecurity solutions, a group of industry experts discussed the possibility of a computer virus being “propagated through an app” and the devastating consequences it could have on the Worldwide Web.

In October 2021, the World Economic Forum (WEF) argued that hackers “are exploiting” the use of the Internet of Things (IoT), the internet everybody knows, and the millions of vulnerability points it provides to attack critical infrastructure in countries around the world.

In Puerto Rico’s case, Fortinet reported more than 29 million cyberattack attempts against the government and the private sector during the first quarter of 2021.

While hackers may attempt to attack just about any system connected to the IoT, they do have a preference for Operational Technology (OT) networks, which interconnect the Industrial Control Systems (ICS) that manage critical infrastructure, such as water supply, power grids, communications and transportation, among others.

Corporate targets

According to the WEF, as these services “increasingly integrate their operational technology systems with the Internet of Things, this creates a new frontier of risks where millions more vulnerability points and new vectors can be exploited by hackers.” That is what happened to the Colonial Pipeline.

The Colonial Pipeline is an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, that suffered a ransomware cyberattack in May 2021 that impacted computerized equipment managing the pipeline. The company ended up paying the 75 bitcoin ransom ($4.4 million) in order to restore network operations. It was the largest cyberattack on an oil infrastructure target in the history of the United States.

The consequences of these attacks are not limited to businesses and companies. But could have a great impact on communities, cities and entire countries.

Attacks against individuals

The fact that there are millions of employees now working remotely at home has increased the risks, not only to businesses but also to governments and individuals.

Remote work has put at risk thousands of archives and documents that businesses usually kept private, but are now stored in online platforms. Documents related to employees’ personal information, clients’ profiles, sales and corporate reports and operational protocols, among other documents are now being stored in open access servers.

According to a study made by Avast Threats Labs, the biggest cyber-threats in 2022 will come from social networks, cryptocurrency and remote work. The study revealed an online scam using the Amazon brand name to lure users to buy a fictitious, Amazon backed cryptocurrency called “Amazon Tokens”. The hackers used links to direct their victims to officially looking websites were they could allegedly buy the virtual currency.

In a different study made by Check Point Software Technologies last year it was estimated that the cost of ransomware to companies around the world was $20 billion. In the US, the Financial Crimes Enforcement Network (FinCEN) reported that the cost associated to suspicious activities related to ransomware attacks was 30% higher in the first semester of 2021 than in whole 2020.

“The vast majority of problems come not actually from incredibly sophisticated attackers, be they states or anyone else – they come from the carelessness of individual users who happen to have important jobs where they may or may not have a duty to know better,” argued Matt Warman, former British minister for digital infrastructure, in an interview with British online magazine The New Statesman.

The biggest vulnerability

Last December a new internet vulnerability was revealed, a piece of software identified as Apache Log4j, also known as ‘log4shell’. This software is used to record all activities that go on under the hood in several computer systems and it is used in several apps, particularly in lots of Java software, to register daily activities, users and even passwords.

The Log4j vulnerability allows attackers to enter a network and execute remote codes to access all the data in an infected computer. This also allows 'hackers' to delete or encrypt business files to retain them and then be able to demand ransom money, commonly known as 'ransomware'.

“New vulnerabilities are identified every day and impact everyone who uses technology such as computers and/or smart phones. It affects all industries, not just banking. Attacks creep in all the time and have a domino effect, so you have to protect yourself with layers of security,” added Martínez.

Vulnerabilities compromise the security of a company’s information network and with it, the trust of their customers. "In 2020, 31% of the companies that suffered cyberattacks in the US had to close down, and 60% of the SMEs, went bankrupt within six months after falling victim of a data breach or a cyberattack," Martínez said.

Another consequence that has been recently noticed, and that is directly related to the damage that hackers do to companies, is the increase in insurance policies covering cyberattacks if the company does not comply with several security requirements that insurers require.

All kind of businesses can be severely affected by 'hackers', regardless of what type of industry.

What can be done?

A group of cybersecurity experts convened by Banco Popular de Puerto Rico (BPPR), recommended that both, companies and citizens take action to prevent the theft of data that can affect the operations and finances of businesses and affected people.

Héctor Guillermo Martínez, president of the cybersecurity company GM Sectec, urged the people to be “more proactive” when making transactions on the internet and not wait for a cyberattack to occur to seek protection measures.

“People have security cameras at home because there are robberies… well, in the internet it is the same thing. There are always risks and threats. Safety is everyone’s responsibility. Before you react, you have to prevent. This affects the point of sale, the data center and large and small companies… all of them,” Martínez explained.

Puerto Rico suffered more than 29 million cyberattack attempts during the first quarter of 2021.

People have security cameras at home because there are robberies… well, in the internet it is the same thing.

"In 2020, 31% of the companies that suffered cyberattacks in the US had to close down,

2 views0 comments

Simple. Powerful. Cybersecurity.

IPG’s GearBoxTM is the first cybersecurity tool designed to secure and protect the Internet of Things (IoT).