The COVID-19 pandemic shows a striking resemblance to several examples of massive epidemics of computer viruses. We can distinguish similar infection methods and mechanisms to spread the virus, as well as the sad consequences of its activity. And although it is not entirely correct to compare human lives and computer systems directly, there is a chance of gaining useful experience and fight against both digital and real-life infections more effectively in the future.
Compared to computer malware, the Coronavirus pandemic is most reminiscent of the WannaCry and NotPetya ransomware epidemics:
- It spreads randomly, “jumping” to the nearest accessible facility.
- The most vulnerable is the older generation of systems. For WannaCry, these are Windows XP and Windows Server 2000, and for COVID-19, people over 60.
- To penetrate the system, WannaCry exploits vulnerabilities in the SMB protocol, and the Coronavirus takes advantage of the fact that the body of most people does not know how to resist it because the immune system is unfamiliar with a new infection.
By encrypting files on the affected system, WannaCry blocks the ability to work and requires a ransom. Coronavirus does not require anything. However, its victims also lose the ability to function normally. Penetrating the cells of the body, the virus reprograms them, forcing them to reproduce the infection.
Thus, Coronavirus resembles a very popular among hackers ransomware that exploits zero-day vulnerabilities in the human body. And there is no patch yet – no vaccine for this vulnerability. Just as the decryptor for the data blocked by the crypto-malware has not been found, an effective drug that guarantees the recovery of the sick person has not yet been created.
Now let’s look at the tools that can stop the spread of computer malware for which there are no patches and compare them with measures that are taken in real life. Based on my infosec experience, the most effective in combating mass infections are:
- Safe online behavior habits
Let’s will analyze each of the tools in more detail.
To protect the enterprise network from viruses, firewalls are installed on the borders with the outside world that monitor traffic and let in only those packets that are allowed. During the WannaCry epidemic, companies whose networks were protected by firewalls escaped being infected.
The closest analogy to firewalls in the real world is closing the borders between countries. Minimizing all types of passenger traffic, restricting entry and exit in cities, resembles closing computer ports. Monitoring body temperature and doing quick Coronavirus tests in local airports, can be compared to Deep Packet Inspection, DPI.
The process of setting up firewalls to stop the spread of COVID-19 is now happening all around the world. Countries closed their borders to minimize the penetration of infection, leaving a thin, fully controlled corridor. And so that the Coronavirus does not enter the country, newly arrived people are sent to quarantine.
If a computer virus somehow penetrates the network, all systems that come under attack or suspicion get turned off so that the malware does not spread further. This allows us to deal with the situation calmly, find out the details of the incident, and take measures to protect other computers and servers.
Quarantine in the real world helps to stop the spread of infection by isolating sick people and those who were in contact with them. Given the relatively long incubation period of COVID-19, a few weeks is not the highest price for public safety.
An antivirus installed on the device protects from known viruses. In some cases, a heuristic analyzer helps to identify and block unknown infections. However, no antivirus vendor, of course, can provide a 100% protection guarantee.
In a sense, an antivirus can be considered an analog to personal protective measures. A mask, gloves, antiseptic liquid, and handwashing also reduce the likelihood of contracting a Coronavirus, but they do not give an absolute guarantee.
The similarity between the computer and the usual epidemic is even more apparent if we study the influence of the human factor on the spread of infection. Let’s compare:
- A careless employee opens a malicious attachment in a phishing email, and a big corporation loses access to its files that ransomware has encrypted. Speaking about large corporations, losses can go as high as $100 million.
- A 68-year-old man arrives at the hospital, passes through the building, sits in a general queue for an X-ray. After he is diagnosed with pneumonia, he also is tested positive for COVID-19. So, the entire hospital gets closed for quarantine.
Carelessness during mass epidemics, whether it be a computer threat or a real infection, is criminal negligence since it is awfully expensive. A single click on a phishing email causes a multimillion-dollar loss for the company. A patient’s visit to a medical institution stops its work, and dozens of people suffer from it.
When people believe in something, they follow this idea. Therefore, if social engineering has worked in the beginning, the victim obediently follows the instructions of the fraudster – installs a fake Adobe update, does not notice malicious redirects, opens an “important document” or enters a password on a dubious website.
Likewise, believing the conspiracy theories, people ignore virologists’ warnings about precautionary measures. People believe that their immune systems are strong enough to withstand any infection. And sometimes they are completely sure that there is no infection at all.
How to stop a pandemic?
While the patch that closes the vulnerability is not available, and work on the decryptor is still underway, there are not many options for confronting the computer infection. It is impossible to quit using vulnerable systems in the event of a human epidemic since these systems are people themselves. If you “disconnect everyone from the network” by arranging total quarantine, life itself may stop.
Specific sets of rules help ensure an acceptable level of security and maintain overall performance. For computers, we are talking about white lists, restrictions on the number of running programs, permission to install only those applications that are digitally signed, etc. When transferred to real life, these rules turn into special passes for workers, control using a face recognition system, and fines for violators of the regime.
Yes, these unpopular measures complicate our life, but at the same time limit the spread of infection, giving extra time to cure those sick, and reduce the number of new infections. Indeed, unlike computers, such a wonderful feature as restoring from a backup is not available to people. Therefore, until a drug is created, it is necessary to restrain the growth in the number of COVID-19 cases.
During computer epidemics, the factor that ensures a quick victory over the virus usually becomes the joint efforts of the vendor of the vulnerable system, leading information security companies and experts. Unfortunately, every country fights alone with the Coronavirus pandemic.
A serious problem for both digital and real-life epidemics is the human factor. According to statistics, companies that systematically train employees in safe online behavior skills are much less likely to become victims of successful hacker attacks. Obviously, entering the new paradigm, residents of all countries will have to change their habits and develop safe behavior habits following the recommendations of the World Health Organization.
Featured image by Andrii Vodolazhskyi from Shutterstock.com