Context

An inter-governmental law enforcement organization, INTERPOL, the International Criminal Police Organization, has cautioned that it has detected a significant increase in cyber-attacks against hospitals around the world that are engaged in the COVID-19 response. Attacks that could "directly lead to deaths."

Background:

• With over a million confirmed cases of SARS-CoV-2 virus across more than 200 nations and territories, coronavirus has spread its filthy feathers across the whole world.
• Globally, the total number of coronavirus cases neared 1.35 million while the death toll crossed 74,000.
• However, some people are out there who seek to gain advantage from crisis.
• According to an Interpol warning, cybercriminalsare exploiting the coronavirus crisis and threatening to hold hospitals to ransom despite the life-saving work they are carrying out.
• The International Criminal Police Organisation has issued a global alert to health care organizations about the ransomware attacks, often disguised as official advice from government agencies, which are designed to lock administrators out of the critical IT systems they need.
• Interpol’s Cybercrime Threat Response has detected a “significant increase” in the number of attempted ransomware attacks against key organizations around the world.

Analysis

Cyber Crimes: 

• The bane of the internet, cybercrime refers to any and all illegal activities carried out using technology.
• Cybercriminals, who range from rogue individuals to organized crime groups to state-sponsored factions, use techniques like phishing, social engineering, and all kinds of malware to pursue their nefarious plans.
• Cybercrime is defined as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes). 

Types of Cybercrimes:

• Cyberextortion: A crime involving an attack or threat of an attack coupled with a demand for money to stop the attack.
  • Ransomware: One form of cyberextortion is the ransomware attack, in which the attacker gains access to an organization's systems and encrypts its documents and files -- anything of potential value -- making the data inaccessible until a ransom is paid.
• Cryptojacking: An attack that uses scripts to mine cryptocurrencies within browsers without the user's consent. Cryptojacking attacks may involve loading cryptocurrency mining software to the victim's system.
• Identity theft:An attack that occurs when an individual accesses a computer to glean a user's personal information, which they then use to steal that person's identity or access their valuable accounts, such as banking and credit cards.
• Cyberespionage: A crime involving a cybercriminal who hacks into systems or networks to gain access to confidential information held by a government or other organization.
  • Cyberespionage activities can include every type of cyberattack to gather, modify or destroy data, as well as using network-connected devices, like webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted individual or groups and monitoring communications, including emails, text messages and instant messages.
• Software piracy: An attack that involves the unlawful copying, distribution and use of software programs with the intention of commercial or personal use. Trademark violations, copyright infringements and patent violations are often associated with this type of cybercrime.
• Exit scam:The dark web, not surprisingly, has given rise to the digital version of an old crime known as the exit scam. In today's form, dark web administrators divert virtual currency held in marketplace escrow accounts to their own accounts -- essentially, criminals stealing from other criminals.
• Dark web: The deep webrefers to all parts of the internet (sites, e-shops, forums, etc.) that are not accessible by a regular search engine like Google or Bing. 

What INTERPOL has found?

• INTERPOL has now issued a "purple notice" alert to law enforcement in all 194 member countries (including India) to support the global fight against this cybercriminal endeavor.
• In the alert, Interpol said organisations at the forefront of the global response to the COVID-19 outbreakhad also become targets of ransomware attacks, which were “designed to lock them out of their critical systems in an attempt to extort payments”.
• The agency’s Cybercrime Threat Response Team had detected an increase in the number of attempted ransomware attacks against key organisations and infrastructure engaged in the virus response.
• This despite less than one month ago, the operators of two of the most prevalent ransomware attack threats promising not to attack healthcare targets during the COVID-19 crisis.

About INTERPOL: Founded in 1923, Interpolis an international police organisation made up of 194 member countries.  The International Criminal Police Organization, or the ­Interpol is an international police agency that helps other law-enforcement agencies track criminals who operate across national borders. In each country, an INTERPOL National Central Bureau (NCB)provides the central point of contact for the General Secretariat and other NCBs. An NCB is run by national police officials and usually sits in the government ministry responsible for policing.

About INTERPOL Notices:

INTERPOL Notices are international requests for cooperation or alerts allowing police in member countries to share critical crime-related information.

• Red Notice: To seek the location and arrest of wanted persons wanted for prosecution or to serve a sentence.
• Yellow Notice: To help locate missing persons, often minors, or to help identify persons who are unable to identify themselves.
• Blue Notice: To collect additional information about a person’s identity, location or activities in relation to a crime.               
• Black Notice: To seek information on unidentified bodies.
• Green Notice: To provide warning about a person’s criminal activities, where the person is considered to be a possible threat to public safety.
• Orange Notice: To warn of an event, a person, an object or a process representing a serious and imminent threat to public safety.
• Purple Notice: To seek or provide information on modus operandi, objects, devices and concealment methods used by criminals.

Cyber Laws and Legislation in India and Abroad:

At Global Level:

1. Budapest Convention on Cyber Security: 

• It is the first international treaty seeking to address Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations.
• It’s objective is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation.

2. International Telecommunication Union (ITU): 

• ITU is the specialized agency of the United Nations which deals with adopting international standards to:
  • ensure seamless global communications and interoperability for next-generation networks
  • building confidence and security in the use of ICTs
  • emergency communications to develop early warning systems and to provide access to communications during and after disasters, etc.

3. International Governance Forum (IGF):

• Internet Governance Forum (IGF) is a multi-stakeholder forum for policy dialogue on issues of Internet governance which brings together all stakeholders in the Internet governance debate.
• It facilitates a common understanding of how to maximize Internet opportunities and address risks and challenges.
• It is convened under the auspices of the Secretary-General of the United Nations.

National Level:

1. National Technical Research Organization (NTRO): 

• NTRO is a highly specialized technical intelligence gathering agency. 
• It develops technology capabilities in aviation and remote sensing, data gathering and processing, cyber security, cryptology systems, strategic hardware and software development, and strategic monitoring.

2. National Critical Information Infrastructure Protection Centre (NCIIPC): 

• National Critical Information Infrastructure Protection Centre is envisaged to act as a 24x7center to battle cybersecurity threats in strategic areas such as air control, nuclear and space.
• It is placed under the National Technical Research Organization.

3. CERT-In: 

• The Computer Emergency Response Team (CERT-In) has been designated to serve as the national agency to perform the following functions:
  • To collect and analyse information on cyber incidents
  • To forecast and give alerts of cybersecurity incidents
  • To provide emergency measures for handling cybersecurity incidents 
  • To coordinate cyber incident response activities
  • To issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents

4. National Cyber Coordination Centre (NCCC): 

• NCCC is a critical component of India’s cyber security against hackers and espionage as well as to track terrorist activity online. 
• It will scan the country’s web traffic to detect real-time cybersecurity threats and alert various organizations as well as internet service providers for timely action. It also will coordinate between intelligence agencies, specifically during network intrusions and cyber-attacks.

5. Crime and Criminal Tracking Network System (CCTNS): 

• CCTNS is a nationwide network infrastructure for evolution of IT-enabled state-of-the-art tracking system around “investigation of crime and detection of criminals”.
• It is initiated in 2009 which aims at to interconnect about 15000 Police Stations and additional 5000 offices of supervisory police officers across the country and digitize data related to FIR registration, investigation and charge sheets in all Police Stations.

6. Information Technology Act, 2000: 

• It is the most significant piece of legislation addressing conduct in cyberspace in India.
• It provides legal recognition to e-commerce and e-governance and facilitates its development as an alternative to paper-based traditional methods.
• The Act seeks to protect the advancement in technology by defining crimes, prescribing punishments, laying down procedures for investigation and forming regulatory authorities.

7. National Cyber Security Policy, 2013: 

• The policy provides for developing effective Public-Private Partnership and collaborative engagements through technical and operational cooperation and contribution for enhancing the security of cyberspace.
• Key-features:
  • Creating a secure and resilient cyberspace
  • Creating a secure cyber ecosystem, generate trust in IT transactions
  • Creation of a 24 x 7 National Critical Information Infrastructure Protection Center (NCIIPC)
  • Testing of ICT products and certifying them

Suggestive measures:

There are a number of steps hospitals and others can take to protect their systems from a ransomware attack:

• Only open emails or download software/applications from trusted sources
• Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender
• Secure email systems to protect from spam which could be infected
• Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive)
• Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running
• Use strong, unique passwords for all systems, and update them regularly

Conclusion:

In the current situation, prevention and mitigation are key, with the malware mainly being spread by emails. The hospitals and healthcare companies need to ensure hardware and software are kept up to date, and that essential files are backed up. Moreover, the public needs to be encouraged to exercise caution when buying medical supplies online during the current health crisis, with criminals capitalizing on the situation to run a range of financial scams.