Why Covid-19 is a gift for cyber criminals 为何说新冠肺炎是网络罪犯“良机”
Gillan Tett 吉兰·泰特
A few weeks ago I took part in a webinar designed to help US Hispanic-led businesses survive the economic shock of Covid-19. One of the speakers at this “Hispanic Recovery” event was Jesus Mantas， an IBM executive， who issued a heartfelt warning.
Levels of cyber crime had multiplied recently， he said，pointing to “a 6，000 per cent increase in Covid-related spam” at the height of the pandemic. He went on to cite some chilling examples. One was of an email dispatched to people who “are desperate for PPP [the US Paycheck Protection Program]. It installs malware into their computers，steals all their information [and] says， ‘If you don't pay us a ransom we will infect you and your family with Covid-19，’” he explained.
Another “pretends to be from the World Health Organization and is installed to grab every single thing you do to your computer”. His conclusion？ “Cyber crime is one of the fastest-growing businesses right now.”
But， as Mantas says， the more striking trend is the explosion of attacks on businesses and individuals. And although minorities in the US， who may be less informed about the risks and more nervous about approaching the authorities， seem particularly vulnerable， the onslaught is being felt by almost everyone， almost everywhere.
As Echo， the EU's cyber security network， recently pointed out， Covid-19 has left many of us so distracted and disoriented that our defences are down， even as we are more dependent than ever on all things digital.
“This pandemic offers cyber attackers unique opportunities to leverage existing attack tactics， techniques and procedures to exploit new opportunities，”Echo notes， before identifying “a massive increase of employees working from home， children using home computers for schooling， as well as the human factor and emotions caused by the pandemic”， as issues that are increasing risk levels.
Microsoft has recently unveiled measures to prevent a spate of hacker attacks on companies via its Office program. These typically use phishing messages with terms such as “Covid-19 Bonus”， the company said. Meanwhile， the cyber-investment group Option3Ventures tells me it has seen an explosion in attacks on hospitals， often using a Covid-19 tag.
What should we conclude from this profoundly depressing trend， other than that for cyber criminals to attack vulnerable people now is truly callous？ First， these attacks should remind us all that we still do not really understand the many second-order effects of the Covid-19 horrors. Long after the medical shock of the disease dies down we will be counting the other forms of collateral damage， cyber hacks being one.
Another lesson revolves around the issue of what economists might describe as “extreme information asymmetry” — the fact that we all rely heavily on processes that only a tiny minority of experts actually understand， be that in medicine，finance or cyberspace. In normal times， we usually quite happily ignore these asymmetries and dependencies. We live our lives， in other words， with extreme levels of blind faith in the safety of systems， and assume they will protect us， even though we are ill-equipped to check that.
However， Covid-19 has revealed the folly of assuming that medical systems — or digital experts — will always protect us: unless we all make more effort to understand pandemics， they are more difficult to fight. It should also remind us of the risks of putting excessive levels of trust in those experts — and networks — that we find even harder to comprehend.
All of us need to close the “asymmetries” in our understanding of digital technology — something that we are relying on even more in the age of Covid-19.