Blog
09-11-2020
CVE-2020-COVID
If there is one thing that Covid-19 allows a cybersecurity analyst, it is to draw a parallel between health security and computer security (or the lack of them).
We all know. We are facing the presence of a "new” virus - Covid-19. This biological virus exploits a vulnerability in the human immune system, just as a computer virus exploits a vulnerability in a digital system. I thus took the liberty, for literary purposes, to abuse the nomenclature normally used to identify computer vulnerabilities (CVE) and to name this vulnerability of the immune system as CVE-2020-COVID. Allow me to be bold.
Like a computer virus, the biological virus contains at least the following stages in common: infection and transmission.
In the infection phase, the biological virus exploits a known vulnerability - CVE-2020-COVID. Through this exploration, Covid-19 has the ability to lodge in its host, i.e., in the human body. The same is true in the event of a computer virus infection.
In the transmission phase, Covid-19 propagates through the infection of other hosts where it is only possible using a transmitting agent, that is, the air. This phase is also convergent in the scope of a computer virus, in the sense that, after a system is infected, it may infect others that contain the same vulnerability, also using a transmitting agent, such as: a word document.
Of course, there are differences. Namely the purpose and nature of each one. On the one hand, we have the Covid-19 of a biological nature, whose purpose, like any other living thing, is to guarantee the survival of its species, which does not have a malicious purpose per se (as far as we know). On the other hand, we have a computer virus, whose purpose is to destroy the preservation of the famous "CIA” (Confidentiality, Integrity and Availability), thus having a purely malicious intent.
Nevertheless, it is necessary to mitigate any of these threats. Were Covid-19 a computer virus, one of the mitigating solutions of CVE-2020-COVID could involve performing an update to the operating system (our immune system), as is common in computer ecosystems. However, our "Supplier” (i.e., our immune system) is unable to launch this update. At least in service life. Another viable solution to combat the threat of both viruses is the existence of an antivirus (i.e., a vaccine). In the absence of these solutions (as is the case of the pandemic), we must resort and not dispense good behavioral practices.
In the context of computer security, the recommended best practices are: use of secure, non-transferable and unique passwords, do not open attachments of suspicious emails, do not trust pen drives of others, avoid spaces in the digital that do not use the best security practices, etc.
At the same time, in the context of the pandemic for the safety of our well-being, the recommended best practices are: wearing a mask, disinfecting hands, maintaining social distance, not frequenting spaces that do not respect safety measures, among others.
In summary, the parallelism outlined throughout this article allows us to reflect on the same problem in different contexts, concluding that "cyber hygene” is for computer security as good civic hygiene practices are for immune security in times of pandemic . Do not underestimate security on and offline.
Please note: the articles on this blog may not convey the opinion of .PT, but of its author.
Back to Posts