We need to rethink cybersecurity for a post-pandemic world. Here’s how

cyber

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Leonardas Marozas, Security Research Lab Manager, CUJO AI


  • The pandemic has created a new set of opportunities for cybercriminals.
  • From remote working to phishing scams, we need to rethink our approach to cybersecurity across the board.
  • Here are three areas on which we should be focusing.

Fear and a sense of urgency are some of the most powerful vectors of human exploitation when it comes to cybersecurity, and this was clearly visible in the first days of the COVID-19 pandemic.

It all began in March with scams and phishing efforts related to the COVID-19 emergency, such as impersonations of authority figures like the WHO and other global and governmental institutions. The start of the pandemic also clearly showed how unpreparedness around protecting home users and remote workers can strike back.

The pandemic has definitely changed the world, and that includes cybersecurity. While reflecting on the past three months in a post-pandemic world, three specific highlights emerge.

Challenges in a post-pandemic world

During lockdown, people at home started spending far more time online than before. Our data shows that the volume increased by 20% for the average household in March through May. This would suggest a resulting increase of entities generating internet traffic, but surprisingly there was a decline of almost 50% in the number of new devices appearing in end-users’ homes, since users stopped buying unnecessary equipment. Public behaviour and quarantine recommendations for isolation together with halted or slowed postal operations added to the overall decline (See figure below).

Corporations and small and medium-sized enterprises (SME) had to quickly adapt their business processes to fit the new ‘all-remote’ reality. Businesses had usually prioritized uninterrupted service delivery over the security of remote workspaces and devices, which meant people began working from home protected only by consumer-oriented solutions (or not protected at all).

People on lockdown bought fewer new devices than you might expect
People on lockdown bought fewer new devices than you might expect
Image: CUJO AI

Accessing corporate resources remotely through virtual private networks (VPN) has traditionally led to stricter remote access policies; however, the shift to remote work has resulted in more permissive VPN access policies, which is creating security risks that indirectly compromise corporate networks.

And although new device growth has slowed, the most recent data suggests it has returned almost to its previous volume. The growing number of internet of things (IoT) devices in home networks and the lack of security can create opportunities for access by outsiders. When we add together diverse home environments with loose security policies, shared wifi passwords, IoT and quickly-built infrastructure to ensure uninterrupted business continuity, we get to the point where a single vulnerability or misstep in configuration can open the door to malicious actors.

New waves of more complex malware that use devices or users as proxies in order to reach more valuable assets in corporate networks are some of the biggest potential threats in the post-pandemic world. The situation is also very convenient for advanced persistent threats (APT) or industrial espionage actors planning targeted attacks against selected victims. And while we are listing future problems, ensuring home networks are secure while also remaining segmented and transparent for regular family users is a challenge of the highest importance.

AI: Closing the gap between real time and reactive threat intelligence

While numerous protection schemes have proved to be useful and effective in certain situations against known attack vectors and threats, one of the biggest challenges is to cope with the unknowns. AI is one of the vehicles that can be used to close the gap between knowledge-based threat detection and protection and unknown or rapidly changing threats. While collected intelligence and knowledge are usually the indisputable source of truth for protection, they are currently mostly successful in stating the known: a certain threat has happened (now or before) and here is how to protect against it.

One example of how AI is used in rapidly changing pandemic and post-pandemic landscape is in recognition of uncategorized or unlabelled websites with illicit intentions that are related to the usual triggers, such as fear. According to MarkMonitor, there are more than 100,000 COVID-19-registered domains. Our AI analysis of uncategorized websites that were accessed by people over a period of 50 days shows that for between 20% – 35% of websites contain content which, while not directly dangerous, is at least misleading or shows signs of possible illicit intent.

While threat intelligence is a source of confirmation for threat actor maliciousness, AI usage will foresee potential maliciousness in actors before they are known or registered in knowledge bases. And while there are certain well-defined policies in place (the principle of least privilege, for example), there may be few to no problems here. However, in a world with mixed rights and rules regarding remote work – or at least in ensuring that risks do exist (and not only in disaster recovery drills) – AI has great capabilities to overcome and help solve numerous challenges.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

Post-pandemic tendencies among emerging threats

Over the previous months, the cybersecurity community has observed numerous attack vectors that use a COVID-19 theme either as bait or as a way to conceal malicious activity from easy identification and detection. Therefore, as COVID-19 infections now seem to be decreasing in some countries, changes in the most common attack patterns are inevitable. However, it seems that these changes are not inspired by attempts to quickly and easily exploit the pandemic theme (as in the beginning, when threat actors swiftly created scam campaigns), but by using sophisticated and well-developed campaigns at carefully chosen times.

The cybersecurity community has lately become aware of numerous attempts to mimic informational applications, and that malicious activities can occur underneath a good-looking infection map or fictitious ‘infection radar’. In other words, such apps act as remote access trojans (RAT) in users’ devices. When a RAT is installed on a device, the threat actor is not only able to capture and manipulate sensitive data but can also perform a whole range of spying activities. Even though such campaigns have been observed worldwide, it seems that attempts to launch these kinds of attacks increase only in specific regions and only when that region experiences another surge of COVID-19 infections. In other words, threat campaigns directly correlate to the number of infections and public perception of the pandemic – when people are more anxious, threat actors increase their exploitation of the COVID-19 theme.

It is expected that as long as COVID-19 is eradicated in at least one region (as an epidemic) and until the general public becomes less anxious about the threat it poses, we will likely still see a variety of even more sophisticated cyber-threats using COVID-19 as a cover for performing malicious activities.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Governments should renew efforts to reform support to agriculture

UN gender agency hails record-breaking number of women in new US Congress as ‘historic victory’

UN chief welcomes Taliban’s temporary truce announcement, encourages all parties to embrace ‘Afghan-owned peace’

World Summit Awards 2016: Sustainable impact through digital innovation

GSMA Mobile 360 – Latin America at Mexico City: Intelligently Connecting to a Better Future, in association with The European Sting

A European young student shares his thoughts on Quality Education

Algorithms are being used to convict criminals and decide jail time. We need to make sure they are fair

How regenerative agroforestry could solve the climate crisis

UN chief laments ending of Cold War-era disarmament treaty

Russia and the West use the same tactics to dismember Ukraine

Brexit: MEPs concerned about citizens’ rights

EU-Japan relations: Foreign Affairs MEPs back Strategic Partnership Agreement

How can you or your organization support the Hour of Pride initiative?

From Russia with love: Brussels and Moscow close to an agreement on Ukraine’s gas supplies

It’s time to build a responsible media supply chain

Amazon on fire: the interference in global health

Statement by OECD Secretary-General Angel Gurría on the outcome of COP 25

COVID-19 lockdown hits working mothers harder than fathers

Can privatisation be the panacea for the lack of growth in Europe?

Beyond 2020: How the world might recover and rebuild, according to experts

“The Arctic climate matters: to what degree?”, a Sting Exclusive co-authored by UN Environment’s Jan Dusik and Slava Fetisov

5G security: Member States report on progress on implementing the EU toolbox and strengthening safety measures

IMF: The global economy keeps growing except Eurozone

‘No steps taken’ so far to end Israel’s illegal settlement activity on Palestinian land – UN envoy

These are the countries best prepared for the fight against cancer

Guinea-Bissau needs ‘genuinely free and fair elections’ to break cycle of instability

A Sting Exclusive: “Delivering on the Environmental Dimension of the new Sustainable Development Agenda”, Ulf Björnholm underscores from UNEP Brussels

COVID-19: A new drug is tested, and other top science stories of the week

OECD tells Eurozone to prepare its banks for a tsunami coming from developing countries

Tax evasion and fraud threaten the European project

To all far-right partisans who exploit Charlie Hebdo atrocity: a peaceful reply given by a peaceful student

UN General Assembly President upholds value of multilateralism in speech closing annual debate

Australia wildfires: communities must stay vigilant, urges UN weather agency

The power of partnership: joining forces to fight financial crime

Climate change and health: an everyday solution

Russia: MEPs deplore military build-up, attack in Czechia and jailing of Navalny

The financial sector cripples Eurozone growth prospects

Trump’s trade wars: Aiming at long term gains for America

As children freeze to death in Syria, aid officials call for major cross-border delivery boost

3 steps to making multistakeholder partnerships a powerful force

Returning to free movement across borders is of utmost importance

Commission launches debate on responding to the impact of an ageing population

China joins list of nations banning the sale of old-style fossil-fuelled vehicles

“As German Chancellor I want to be able to cope with the merger of the real and digital economy”, Angela Merkel from Switzerland; the Sting reports live from World Economic Forum 2015 in Davos

Telecommunications and Internet: A Jungle with no principles?

Are we at risk of a financial crisis? Our new report takes a look

UN political chief calls for dialogue to ease tensions in Venezuela; Security Council divided over path to end crisis

COP21 Breaking News_09 December: The Draft Agreement Updated

An expert explains: How to turn industrial carbon emissions into building materials

Q&A on extraordinary remote participation procedure

COP22 addresses a strong global pledge to effectively implement the Paris Agreement

The ECB will do whatever it takes to set the Eurozone economy again in motion

ECB embarks on the risky trip to Eurozone banking universe

The US may be “open” to reviving TTIP, while the EU designs the future of trade with China

Businesses succeed internationally

Commission celebrates the 30th anniversary of the Jean Monnet Activities promoting European studies worldwide

Women vital for ‘new paradigm’ in Africa’s Sahel region, Security Council hears

Amazon fires: Health Effects, Near and Far

Journey of my life

Eurozone: Economic sentiment-business climate to collapse without support from exports

More Stings?

Comments

  1. It’s so interesting that the shift to remote work has resulted in more permissive VPN access policies, but that makes sense. I would have guessed it was the other way around. I had noticed on Google Trends that there has been a surge this year in demand for VPN judging by the number of organic queries. Daniel Agnew wrote a post for Namecheap that observed a spike earlier this year when many places were locking down, and then another bumb in the last two months.

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s