We need to rethink cybersecurity for a post-pandemic world. Here’s how

cyber

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Leonardas Marozas, Security Research Lab Manager, CUJO AI


  • The pandemic has created a new set of opportunities for cybercriminals.
  • From remote working to phishing scams, we need to rethink our approach to cybersecurity across the board.
  • Here are three areas on which we should be focusing.

Fear and a sense of urgency are some of the most powerful vectors of human exploitation when it comes to cybersecurity, and this was clearly visible in the first days of the COVID-19 pandemic.

It all began in March with scams and phishing efforts related to the COVID-19 emergency, such as impersonations of authority figures like the WHO and other global and governmental institutions. The start of the pandemic also clearly showed how unpreparedness around protecting home users and remote workers can strike back.

The pandemic has definitely changed the world, and that includes cybersecurity. While reflecting on the past three months in a post-pandemic world, three specific highlights emerge.

Challenges in a post-pandemic world

During lockdown, people at home started spending far more time online than before. Our data shows that the volume increased by 20% for the average household in March through May. This would suggest a resulting increase of entities generating internet traffic, but surprisingly there was a decline of almost 50% in the number of new devices appearing in end-users’ homes, since users stopped buying unnecessary equipment. Public behaviour and quarantine recommendations for isolation together with halted or slowed postal operations added to the overall decline (See figure below).

Corporations and small and medium-sized enterprises (SME) had to quickly adapt their business processes to fit the new ‘all-remote’ reality. Businesses had usually prioritized uninterrupted service delivery over the security of remote workspaces and devices, which meant people began working from home protected only by consumer-oriented solutions (or not protected at all).

People on lockdown bought fewer new devices than you might expect
People on lockdown bought fewer new devices than you might expect
Image: CUJO AI

Accessing corporate resources remotely through virtual private networks (VPN) has traditionally led to stricter remote access policies; however, the shift to remote work has resulted in more permissive VPN access policies, which is creating security risks that indirectly compromise corporate networks.

And although new device growth has slowed, the most recent data suggests it has returned almost to its previous volume. The growing number of internet of things (IoT) devices in home networks and the lack of security can create opportunities for access by outsiders. When we add together diverse home environments with loose security policies, shared wifi passwords, IoT and quickly-built infrastructure to ensure uninterrupted business continuity, we get to the point where a single vulnerability or misstep in configuration can open the door to malicious actors.

New waves of more complex malware that use devices or users as proxies in order to reach more valuable assets in corporate networks are some of the biggest potential threats in the post-pandemic world. The situation is also very convenient for advanced persistent threats (APT) or industrial espionage actors planning targeted attacks against selected victims. And while we are listing future problems, ensuring home networks are secure while also remaining segmented and transparent for regular family users is a challenge of the highest importance.

AI: Closing the gap between real time and reactive threat intelligence

While numerous protection schemes have proved to be useful and effective in certain situations against known attack vectors and threats, one of the biggest challenges is to cope with the unknowns. AI is one of the vehicles that can be used to close the gap between knowledge-based threat detection and protection and unknown or rapidly changing threats. While collected intelligence and knowledge are usually the indisputable source of truth for protection, they are currently mostly successful in stating the known: a certain threat has happened (now or before) and here is how to protect against it.

One example of how AI is used in rapidly changing pandemic and post-pandemic landscape is in recognition of uncategorized or unlabelled websites with illicit intentions that are related to the usual triggers, such as fear. According to MarkMonitor, there are more than 100,000 COVID-19-registered domains. Our AI analysis of uncategorized websites that were accessed by people over a period of 50 days shows that for between 20% – 35% of websites contain content which, while not directly dangerous, is at least misleading or shows signs of possible illicit intent.

While threat intelligence is a source of confirmation for threat actor maliciousness, AI usage will foresee potential maliciousness in actors before they are known or registered in knowledge bases. And while there are certain well-defined policies in place (the principle of least privilege, for example), there may be few to no problems here. However, in a world with mixed rights and rules regarding remote work – or at least in ensuring that risks do exist (and not only in disaster recovery drills) – AI has great capabilities to overcome and help solve numerous challenges.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

Post-pandemic tendencies among emerging threats

Over the previous months, the cybersecurity community has observed numerous attack vectors that use a COVID-19 theme either as bait or as a way to conceal malicious activity from easy identification and detection. Therefore, as COVID-19 infections now seem to be decreasing in some countries, changes in the most common attack patterns are inevitable. However, it seems that these changes are not inspired by attempts to quickly and easily exploit the pandemic theme (as in the beginning, when threat actors swiftly created scam campaigns), but by using sophisticated and well-developed campaigns at carefully chosen times.

The cybersecurity community has lately become aware of numerous attempts to mimic informational applications, and that malicious activities can occur underneath a good-looking infection map or fictitious ‘infection radar’. In other words, such apps act as remote access trojans (RAT) in users’ devices. When a RAT is installed on a device, the threat actor is not only able to capture and manipulate sensitive data but can also perform a whole range of spying activities. Even though such campaigns have been observed worldwide, it seems that attempts to launch these kinds of attacks increase only in specific regions and only when that region experiences another surge of COVID-19 infections. In other words, threat campaigns directly correlate to the number of infections and public perception of the pandemic – when people are more anxious, threat actors increase their exploitation of the COVID-19 theme.

It is expected that as long as COVID-19 is eradicated in at least one region (as an epidemic) and until the general public becomes less anxious about the threat it poses, we will likely still see a variety of even more sophisticated cyber-threats using COVID-19 as a cover for performing malicious activities.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Qualcomm to be the next target of EU antitrust regulators? China might be the answer

France breaks budget promises once again and the EU’s finance offices are shaking

COVID-19 shows why we must build trust in digital financial services

Amazon: our green is turning to ashes

EP President praises Nobel Peace Prize award to Denis Mukwege and Nadia Murad

Suriname’s climate promise, for a sustainable future

Medical students: catalysts to close the gender gap

As people return to work, here’s how we can make commuting more inclusive and sustainable

Safety fits into our palms: The role of mobile technology in healthcare systems and life saving

Keep Africa’s guns ‘from firing in the first place’, UN political chief urges

Algorithmic warfare is coming. Humans must retain control

Paris, Rome, Brussels and Frankfurt to confront Berlin over growth and the Athens enigma

How the institutional response to COVID-19 can prepare us for climate change

Germany is turning its old mines into tourist hotspots

Turkey’s Erdogan provokes the US and the EU by serving jihadists and trading on refugees

Yemen bus attack just the latest outrage against civilians: UN agencies

We need to protect 30% of the planet by 2030. This is how we can do it

Friday’s Daily Brief: UN chief in China, counter-terrorism, updates from Bangladesh, Mali and Mozambique

7 steps to becoming a ‘CEO Academy’

Merkel refuses to consider the North-South schism of Eurozone

Coronavirus: Commission adopts new exceptional support measures for the wine sector

MEPs vote for upgrade to rail passenger rights

Juncker and Tusk killed Greece on 07 July 2015 to meet the Commission’s summer vacation plan? #Grexit #Greferendum #Graccident

‘Protracted crisis’ in Venezuela leads to ‘alarming escalation of tensions’: UN political chief

Afghanistan: Civilian casualties exceed 10,000 for sixth straight year

A letter from Italy: Our insecurity in COVID-19 times

These coastal countries are sinking the fastest

Women still struggle to find a job, let alone reach the top: new UN report calls for ‘quantum leap’

‘Act now with ambition and urgency’ to tackle the world’s ‘grave climate emergency’, UN chief urges UAE meeting

European Commission statement on the adoption of the new energy lending policy of the European Investment Bank Group

A challenge for inclusion in the Dominican Republic’s health care services

There is no recipe for a healthy mental state

Outbreaks and pandemics periods can be stressful, but how can we turn it to a positive life-changing experience?

International World Summit Award calls for outstanding digital applications with impact on society from 178 UN member states

China greenlights first underwater high-speed railway

Three out of the past five Julys were the hottest on record

COP21 Breaking News_04 December: Commitments Made to Reduce Black Carbon, Methane and HFCs

Medical workforce migration in Europe – Is it really a problem?

Investing in rural women and girls, ‘essential’ for everyone’s future: UN chief

European Parliament speaks out against “killer robots”

10 million Yemenis ‘one step away from famine’, UN food relief agency calls for ‘unhindered access’ to frontline regions

These are India’s cleanest cities

EU Border and Coast Guard: new corps of 10 000 border and coast guards by 2027

7 lessons leaders should take from the COVID-19 crisis

We won’t win the online security war without people power

The world is a book and those who do not travel read only one page

Q&A on extraordinary remote participation procedure

EU Elections: new rules to prevent breaches of data used to influence elections

Mining the deep seabed will harm biodiversity. We need to talk about it

Congolese expelled from Angola returning to ‘desperate situation’: UN refugee agency

In West Africa, UN Security Council visits Côte d’Ivoire and Guinea-Bissau

JADE President opens JADE Spring Meeting 2014

Commission welcomes the political agreement on the transitional rules for the Common Agricultural Policy (CAP)

Cameroon: Clear ‘window of opportunity’ to solve crises rooted in violence – Bachelet

The EU Commission fails to draw the right conclusions about corruption

How youth and technology can drive Africa’s COVID-19 response

We are ‘burning up our future’, UN’s Bachelet tells Human Rights Council

How to change the world at Davos

5 ways to get your business ready for AI in 2020

UN, global health agencies sound alarm on drug-resistant infections; new recommendations to reduce ‘staggering number’ of future deaths

More Stings?

Advertising

Comments

  1. It’s so interesting that the shift to remote work has resulted in more permissive VPN access policies, but that makes sense. I would have guessed it was the other way around. I had noticed on Google Trends that there has been a surge this year in demand for VPN judging by the number of organic queries. Daniel Agnew wrote a post for Namecheap that observed a spike earlier this year when many places were locking down, and then another bumb in the last two months.

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s