A new threat, cyber-pandemic, may destroy digital technologies and bring down the global economy

By: Mikhail Falaleyev

Rossiyskaya Gazeta — Federal issue No. 143(8197)

The new post-coronavirus danger is fraught with greater economic or even geopolitical shocks for many countries, among them Russia. Cyber-pandemic is not just cyber frauds perpetrated by particular hackers. This is a global threat capable of wiping off digital technologies and bringing down the economy of countries which rely on those technologies. The era of copper phone lines, transistor receivers and tube TVs may actually come back.

The possible cyber-pandemic will put out these beautiful lights, and information will have to be stored on paper. Photo: peshkov / istock

President of the Russian section of the International Police Association, Dr. of Law, Prof., Merited Jurist of Russia Lt. Gen. Yury Zhdanov has told Rossiyskaya Gazeta about spread trends and consequences of the new threat.

Yury Nikolayevich, please tell us about the new danger, cyber-pandemic. Is it a real threat or rather a virtual scare, sort of a computer game?

Yury Zhdanov: Alas, this is not a game. Cyber-pandemic is as unavoidable as future disease pandemics. This is the conclusion drawn by many leading cyber-security experts. The very term, “cyber-pandemic,” was coined a while ago. Back in 2016, the anti-virus laboratory PandaLabs of the company Panda Security published the Cyber-Pandemic White Book regarding cyber-attacks on healthcare institutions. The coronavirus pandemic gave the term a new meaning.

Is Russia aware of that?

Yury Zhdanov: Absolutely. Director of the Russian Foreign Ministry’s International Information Security Department Andrey Krutskikh warned at the online discussion of the Valdai Club on April 7 that we were actually dealing with two pandemics. One is the coronavirus pandemic, people are dying, and this is the most pressing issue of today. Another global problem, which is clearly man-made, is exacerbating simultaneously. He called it cyber-pandemic. This means that humanity may be drawn into a cyber-confrontation or even a cyber-war. As he said, cyber-pandemic manifests itself with hacking, cyber-terrorism, and cyber-interference in private life and development of nations. All of them result from negative trends in the advancement of cyber-technologies.

Andrey Krutskikh also noted that certain countries had proclaimed doctrines allowing the so-called preemptive cyber-strikes on a potential enemy, whose alleged culpability is unproven. Hence, the diplomat believes that we should not just agree on terms but also reach a common understanding and elaborate uniform security standards. Solutions must be found before the next crisis, this time the cyber one, begins.

Could we be too late to act?

Yury Zhdanov: For now, it seems like it. There has been an unprecedented surge in malicious cyber-activity all over the globe since early March. Phishing, which aims to steal money or secrets from home office workers, has nearly doubled since last year. Its scope grew six times in certain areas. There have been a number of attempted cyber-attacks on critical infrastructure, including airports, power grids, ports, water mains, and sewage, Even hospitals treating Covid-19 patients have become a target, and the World Health Organization has reported a five-time increase in the number of attacks on its networks.

Looks like Russia is not far behind ...

Yury Zhdanov: It would be much better if it were. The number of crimes perpetrated in Russia in January-May by means of information and telecom technologies or in the field of computer information grew 85.1% year-on-year to more than 180,000. The rate of credit card frauds grew 4.7 times to nearly 64,000, and the number of crimes by means of mobile communication doubled to over 76,500.

According to the Main Information and Analytical Center of the Russian Interior Ministry, the crime rate grew most in Moscow, St. Petersburg, the Moscow, Kaliningrad, Novgorod and Rostov regions, the republics of Ingushetia, Buryatia and Bashkortostan, and the Jewish Autonomous District.

What viruses are the most popular with hackers?

Yury Zhdanov: The company Check Point indicated in its survey that banking Trojans and programs infecting devices and initiating hidden crypto-currency mining were the software most frequently sent to electronic devices of Russians in May.

The Emotet Trojan was the most active in Russia in May, as it attacked 7% of Russian organizations. RigEK and XMRig followed, attacking 6% of Russian organizations each. Emotet is capable of sending Phishing messages containing malware attachments or links, RigEK contains malware endangering Internet Explorer, Flash, Java and Silverlight, and XMRig is used for mining the Monero crypto-currency.

The world’s top 3 most active malware programs of May 2020 were the banking Trojan Dridex, which targets the Windows operating system and steals personal and credit card data, Agent Tesla, which steals Wi-Fi passwords and Outlook account data from target computers, and XMRig. In May 2020, Dridex affected 4% of all entities around the globe, while XMRig and Agent Tesla affected 3% each.

In addition, experts have detected a number of malicious spam campaigns, which emailed the Ursnif Trojan to receive access to confidential email data and bank accounts. It was upgraded from the 19th to the 5th position in the global list of the most active malware in May.

But still the proportion of attacked companies, 3%, 4% or even 7%, is not too high to assert a global threat.

Yury Zhdanov: There are other numbers, as well. Analysts say that the scope of hidden mining grew over 30% in the world in the past two years. Some 88% of respondents said they feared both mining malware and ransomware, which became particularly active in 2019.

How does hidden mining work?

Yury Zhdanov: There is a notion of crypto-jacking. This is how specialists describe the unauthorized use of others’ devices to mine crypto-currency. Computers, smart phones or whole networks of computing equipment could become such devices.

Hackers install malware when their victim downloads an application or visits a website. The virus starts using computing capacities of the infected device for mining crypto-currency.

It is quite often that users have no idea of their computers or smart phones being used for hidden mining. However, the device’s performance falls dramatically.

But still, what does this have to do with cyber-pandemic?

Yury Zhdanov: World Economic Forum experts Nicholas Davis and Algirde Pipikaite are right when they say that cyber-attacks with coronavirus-like features will be spreading faster and farther than any bio-virus.

They compared the spreading trends. For instance, the Covid-19 basic reproductive number, R0, ranges from 2 to 3 in the absence of social distancing, which means that every infected person transmits the virus to a couple of other people. This number influences the speed of virus spreading. The number of infected people in the New York state doubled every three days until the state went down into quarantine.

Meanwhile, R0 of cyber-attacks is 27 and higher. One of the fastest worms in history, Slammer / Sapphire 2003, doubled itself every 8.5 seconds and infected over 75,000 devices within ten minutes and 10.8 million devices within 24 hours. WannaCry 2017 used vulnerabilities of old Windows systems and damaged over 200,000 computers in 150 countries. The virus was stopped by crash fixes and the accidental detection of a “kill switch”.

Yury Zhdanov: The end result of cyber-pandemic is disconnection of millions of devices within several days. Photo: Alexander Korolkov

It looks like a cyber-attack runs out of control and starts living its own life?

Yury Zhdanov: That’s right. The cyber-equivalent of Covid-19 would be a self-propagating attack using one or more exploits — software codes that exploit vulnerabilities — zero-day attacks, and methods for which special codes or signatures of antivirus software are not yet available. Most probably, it will attack all devices using the same operating system or application.

In short, this is a new kind of the Terminator scenario.

Yury Zhdanov: Yes, a sort of Machine Uprising is in store for us. By the way, zero-day attacks are rarely detected immediately: Stuxnet used four different kinds of zero-day exploits and was hiding in systems for 18 months before the attack began. It will take time to identify the virus and even more time to stop its spread. If a vector were a popular social media application with, say 2 billion users, the virus with the reproductive number 20 could infect over 1 billion devices within five days.

That’s more than just a crisis but rather a catastrophe.

Yury Zhdanov: Perhaps, not a catastrophe but the economic impact of the extensive digital shutdown will be equal to or even bigger than what we are witnessing now.

If Cyber-Covid replicated the novel coronavirus’ pathology, 30% of infected systems would demonstrate no symptoms but continue to spread the virus, while half would lose much of their performance capacities, a digital equivalent of a person bed-ridden for one week. Fifteen percent would be “erased” with the complete loss of data, which would require re-installation of the system. Finally, 5% would be “walled up”, which would make the device inoperative.

The end result is millions of devices disconnected for a number of days.

The only way to stop Cyber-Covid from spreading is to fully disconnect all vulnerable devices from one another and from the Internet in order to avoid infection. The global cyber-blocking may continue until “a digital vaccine” is developed. All business contacts and data transfers will be blocked. Social contacts will be limited to personal communication via copper phone lines, post, or radio.

One day without the Internet would cost the world more than $50 billion, and the cost of a 21-day cyber-blocking would exceed $1 trillion.

The recent wildfires in Australia, which caused power outages and damaged mobile phone infrastructure, gave the population a chance to appreciate battery-powered radios. But if Cyber-Covid had devastated the country, would many radio stations keep working without digital recording and transmission systems? Will such countries as Norway, which have completed their transition to digital radio, survive?

But everything could be restored as time passes.

Yury Zhdanov: Restoration will be extremely difficult after the massive collapse of digital systems. Replacement of just 5% of the world’s devices would require about 71 million new devices. Manufacturers will be unable to meet the demand so quickly, especially if production and logistic systems are affected. Besides, there are digital systems. Systems that survive will experience a significant fixing and reinstalling bottleneck.

The geographical concentration of electronics production facilities will create additional problems. In 2018, China produced 90% of mobile phones, 90% of computers, and 70% of TV sets. Finger pointing at the source and motivation behind the cyber-attack, as well as rivalry for the leadership in supplies will inevitably lead to geopolitical tensions.

It is possible to deter cyber-pandemic or at least prepare for it?

Yury Zhdanov: Common systemic cyber-attacks should be anticipated. As we have seen in the case of Covid-19, even a slight delay could be extremely harmful. Covid-19 has prompted people and entities to search for digital substitutes for physical interaction, and the government and business leaders should consider the opposite. There is need for digital rollback and continuity plans to make sure that entities keep working in the event of a sudden loss of digital tools and networks.

That became clear during the NotPetya cyber-attack in 2017 when 49,000 notebook computers and printers were seized and all contacts were erased on phones synchronized with Outlook. The storage and access to confidential and essential information in the physical, printed form is a necessary part of digitalization.

Perhaps, that would require a brand new level of international cooperation.

Yury Zhdanov: One may call it an elementary truth. Back in December 2019, the UN General Assembly adopted Russia’s resolution on the elaboration of a new international convention to fight cybercrime.

Representatives of the Russian Foreign Ministry underlined in their speeches at the General Assembly that Moscow did not contrast its initiative against the existent European (Budapest) Convention, but suggested that “it would be as up-to-date as possible.” The General Assembly ordered that an ad-hoc open-ended intergovernmental panel of experts be established to represent all regions and to elaborate a comprehensive international convention on countering illicit usage of information and communication technologies.

Does this mean that everything is alright, the problem is solved, and we will be forearmed to deter the new challenge together?

Yury Zhdanov: Regretfully, the decision made by the General Assembly has encountered the increasing resistance of the United States and a number of European countries. This resistance manifests itself as a frenzied anti-Russian campaign in the media, alleging the existence of “Russian hackers” and “Russian cyber intervention in internal affairs of the U.S. and European countries.” The countless “sensational” reports and articles of the sort overwhelmed the Internet during the coronavirus pandemic. They have also become a factor of cyber-pandemic.

Under these circumstances, we should rely on national efforts and such time-tested international cooperation mechanisms as the Interpol.