A Brief History of Cyberattacks: From Ebola to COVID-19
Is the Infodemic new for you?
The weaponization of the information landscape is not a new trend, but it is a phenomenon that has taken place in regard to major epidemic outbreaks, such as Ebola and Zika, and in regard of tragedies, such as the Charlie Hebdo terrorist attack. This blogpost outlines the existence of similarities between COVID-19 Infodemic and other major Infodemics occurred in the previous years, summarizing how disinformation of past epidemics or major incidents have been deployed as vector of cyberattacks.
During the 2014 Ebola outbreak, disinformation, rumors and fearmongering were a regular occurrence any time a new outbreak occurred. Most of this disinformation was spread through social media, and the overload of information made more complicated to fight the virus both during the 2014 outbreak and the more recent once in 2018. For several African countries as well as for the U.S. Centers for Disease Control and Prevention (CDC), the communication effort towards the Ebola’s Infodemic was larger than any previous emergency response.
Looking at the modus operandi and attack vectors used by malicious actors to exploit the Infodemic during the outbreaks of Ebola, it is possible to notice several similarities with the COVID-19 Infodemic. In fact, e-mail scams and phishing campaigns using Ebola as a social engineering theme were identified as the most widespread attack vectors deployed by malicious actors to drop malware, in order to infect users’ devices and steal passwords or personal information. Additionally, Internet trolls largely abused social media platforms, as Facebook and WhatsApp, to disseminate false information about Ebola outbreaks. Finally, there were many cases of online hoaxes regarding Ebola’s cure as well as conspiracy theories about Ebola outbreaks.
During the 2014 Ebola outbreak, malicious e-mails with fake attachments of Ebola’s report or cure were sent to infect devices with malware (Trojan.Zbot, Breutmalware or variant of DarkKomet RAT tool) or to direct to fake website for stealing credentials. As it is happening today, most of these phishing campaigns impersonated major telecommunication providers, media outlets and international organization such as the World Health Organization (WHO).
With the outbreak of Zika virus in 2015-2016, similar cyberattacks were launched against civilians using the same attack vectors deployed to spread disinformation concerning Ebola. Despite the correlation of the term Infodemic to the concept of epidemic, the overabundance of online information around national and international tragedies has also been exploited by malicious actors to pursue their illegal purposes, by leveraging the fear and dismay of populations. In fact, the Charlie Hebdo terrorist attack’s theme was largely exploited by threat actors to lure victims into fake website for stealing credentials and personal information, and to infect devices with malware (DarkComet RAT) using the popular hashtag #JeSuisCharlie.
All these precedent cases are the evidence that Infodemics are not a new phenomenon and that the trend of malicious actors exploiting disinformation to carry out cyberattacks and cyber operations is not new as well. This brief analysis aims to outline how the concept and implications of the Infodemic are not recent, and they do not belong strictly to the COVID-19 outbreak. What we are experiencing is a trend in the spread of information during the digital era, but we should not allow attackers to take advantage of such trend.
Is there a cure to Infodemics?
As for epidemics it is not always easy to find a cure or vaccination in the following months of the first outbreak, similarly for Infodemics a combination of solutions and recommendations are required to prevent communities to become continuously targets of cyberoperations. In fact, the best practices for fighting such a swarm of cyberattacks are similar to the ones for fighting a real-world epidemic.
The CyberPeace Institute believes in the empowerment of civilians to behave like cyber citizens and to act responsibly online to avoid the spread of disinformation and related cyberattacks. With this in mind, there are several measures we need to put in place as soon as possible to curb the threats of growing cyberattacks and operations. First of all, we need early warning mechanisms to react upon new cyberthreats, and a clearing house to collect best practices and challenges of the first responders. As in the real world, this is about sharing treatments and diagnostics.
Second of all, we need orchestration of cyber volunteers’ actions to help the most vulnerable and to protect critical civilian infrastructures, particularly healthcare organizations and emergency services. Finally, we need forensic analysis to know how to respond and to cure. Once we know how to cure, we need cyber-hygiene campaigns to teach the public how not to propagate malwares, scams and other cyberthreats. And as there is no such thing as “natural” viruses in the cyberspace, we need a framework to hold malicious actors accountable in order to avoid future Infodemics to be exploited by malicious actors.
In all these field, a lot of efforts and initiatives shall be commended. The Access Now’s Digital Security Helpline and the NewsGuard’s Coronavirus Misinformation Tracking Centre are two examples of initiatives that aim to protect civilians and communities against cyberattacks, cyberthreats and disinformation, by providing to civilians the ability to better defend themselves in the future. Amid the COVID-19 pandemic, there has also been the emergence of grassroot cyber volunteer collectives, comprised of cybersecurity experts across the globe. Such initiatives include the so called COVID-19 CTI League or Cyber Volunteers 19 (CV19), which each claim to field hundreds of volunteers.
In collaboration with these initiatives, the CyberPeace Institute is committed to collect best practices and actionable recommendations designed to tackle the exponential curve of cyberattacks at the time of COVID-19, and to empower civilians with the knowledge and tools to improve the global cyber resilience.
The CyberPeace Institute is an independent, non-profit organization with the mission to enhance the stability of cyberspace. It does so by supporting vulnerable communities, analysing attacks collaboratively, and advancing responsible behaviour in cyberspace.
Copyright: The CyberPeace Institute