We need to rethink cybersecurity for a post-pandemic world. Here’s how


(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Leonardas Marozas, Security Research Lab Manager, CUJO AI

  • The pandemic has created a new set of opportunities for cybercriminals.
  • From remote working to phishing scams, we need to rethink our approach to cybersecurity across the board.
  • Here are three areas on which we should be focusing.

Fear and a sense of urgency are some of the most powerful vectors of human exploitation when it comes to cybersecurity, and this was clearly visible in the first days of the COVID-19 pandemic.

It all began in March with scams and phishing efforts related to the COVID-19 emergency, such as impersonations of authority figures like the WHO and other global and governmental institutions. The start of the pandemic also clearly showed how unpreparedness around protecting home users and remote workers can strike back.

The pandemic has definitely changed the world, and that includes cybersecurity. While reflecting on the past three months in a post-pandemic world, three specific highlights emerge.

Challenges in a post-pandemic world

During lockdown, people at home started spending far more time online than before. Our data shows that the volume increased by 20% for the average household in March through May. This would suggest a resulting increase of entities generating internet traffic, but surprisingly there was a decline of almost 50% in the number of new devices appearing in end-users’ homes, since users stopped buying unnecessary equipment. Public behaviour and quarantine recommendations for isolation together with halted or slowed postal operations added to the overall decline (See figure below).

Corporations and small and medium-sized enterprises (SME) had to quickly adapt their business processes to fit the new ‘all-remote’ reality. Businesses had usually prioritized uninterrupted service delivery over the security of remote workspaces and devices, which meant people began working from home protected only by consumer-oriented solutions (or not protected at all).

People on lockdown bought fewer new devices than you might expect
People on lockdown bought fewer new devices than you might expect
Image: CUJO AI

Accessing corporate resources remotely through virtual private networks (VPN) has traditionally led to stricter remote access policies; however, the shift to remote work has resulted in more permissive VPN access policies, which is creating security risks that indirectly compromise corporate networks.

And although new device growth has slowed, the most recent data suggests it has returned almost to its previous volume. The growing number of internet of things (IoT) devices in home networks and the lack of security can create opportunities for access by outsiders. When we add together diverse home environments with loose security policies, shared wifi passwords, IoT and quickly-built infrastructure to ensure uninterrupted business continuity, we get to the point where a single vulnerability or misstep in configuration can open the door to malicious actors.

New waves of more complex malware that use devices or users as proxies in order to reach more valuable assets in corporate networks are some of the biggest potential threats in the post-pandemic world. The situation is also very convenient for advanced persistent threats (APT) or industrial espionage actors planning targeted attacks against selected victims. And while we are listing future problems, ensuring home networks are secure while also remaining segmented and transparent for regular family users is a challenge of the highest importance.

AI: Closing the gap between real time and reactive threat intelligence

While numerous protection schemes have proved to be useful and effective in certain situations against known attack vectors and threats, one of the biggest challenges is to cope with the unknowns. AI is one of the vehicles that can be used to close the gap between knowledge-based threat detection and protection and unknown or rapidly changing threats. While collected intelligence and knowledge are usually the indisputable source of truth for protection, they are currently mostly successful in stating the known: a certain threat has happened (now or before) and here is how to protect against it.

One example of how AI is used in rapidly changing pandemic and post-pandemic landscape is in recognition of uncategorized or unlabelled websites with illicit intentions that are related to the usual triggers, such as fear. According to MarkMonitor, there are more than 100,000 COVID-19-registered domains. Our AI analysis of uncategorized websites that were accessed by people over a period of 50 days shows that for between 20% – 35% of websites contain content which, while not directly dangerous, is at least misleading or shows signs of possible illicit intent.

While threat intelligence is a source of confirmation for threat actor maliciousness, AI usage will foresee potential maliciousness in actors before they are known or registered in knowledge bases. And while there are certain well-defined policies in place (the principle of least privilege, for example), there may be few to no problems here. However, in a world with mixed rights and rules regarding remote work – or at least in ensuring that risks do exist (and not only in disaster recovery drills) – AI has great capabilities to overcome and help solve numerous challenges.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

Post-pandemic tendencies among emerging threats

Over the previous months, the cybersecurity community has observed numerous attack vectors that use a COVID-19 theme either as bait or as a way to conceal malicious activity from easy identification and detection. Therefore, as COVID-19 infections now seem to be decreasing in some countries, changes in the most common attack patterns are inevitable. However, it seems that these changes are not inspired by attempts to quickly and easily exploit the pandemic theme (as in the beginning, when threat actors swiftly created scam campaigns), but by using sophisticated and well-developed campaigns at carefully chosen times.

The cybersecurity community has lately become aware of numerous attempts to mimic informational applications, and that malicious activities can occur underneath a good-looking infection map or fictitious ‘infection radar’. In other words, such apps act as remote access trojans (RAT) in users’ devices. When a RAT is installed on a device, the threat actor is not only able to capture and manipulate sensitive data but can also perform a whole range of spying activities. Even though such campaigns have been observed worldwide, it seems that attempts to launch these kinds of attacks increase only in specific regions and only when that region experiences another surge of COVID-19 infections. In other words, threat campaigns directly correlate to the number of infections and public perception of the pandemic – when people are more anxious, threat actors increase their exploitation of the COVID-19 theme.

It is expected that as long as COVID-19 is eradicated in at least one region (as an epidemic) and until the general public becomes less anxious about the threat it poses, we will likely still see a variety of even more sophisticated cyber-threats using COVID-19 as a cover for performing malicious activities.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Commission Vice-President Rehn exaggerates Eurozone’s growth prospects

Industrial policy: recommendations to support Europe’s leadership in six strategic business areas

Number of MEPs to be reduced after EU elections in 2019

5 ways to break down the barriers for women to access leadership roles

A Sting Exclusive: “On the road to Japan-EU Economic Partnership Agreement”, by Ambassador Katakami of the Japanese Mission to the European Union

AI can help us unlock the world’s most complex operating system – the human body

5 amazing schools that will make you wish you were young again

Healthcare guidance apps to professional’s continued education?

The world needs a circular economy. Help us make it happen

Victims of terrorism remembered

Banks cannot die but can be fined

The next generation is key for a European renaissance

UN appeals for international support as flood waters rise in wake of second Mozambique cyclone

UN expert calls for international investigation into ‘evident murder’ of Jamal Khashoggi

‘The clock is ticking’ on meeting the Sustainable Development Goals, says UN deputy chief

A Monday to watch the final act of a Greek tragedy; will there be catharsis or more fear?

Syrian Constitutional Committee a ‘sign of hope’: UN envoy tells Security Council

Coronavirus: Commission stands ready to continue supporting EU’s agri-food sector

Norway is returning Easter Island artefacts to Chile (Will Britain ever return the marbles to Greece?)

MWC 2016 Live: Mobile ad industry still waiting for “revolution”

Brexit casts a shadow over the LSE – Deutsche Börse merger: a tracer of how or if brexit is to be implemented

MWC 2016 Live: Roshan CEO opens up on Afghanistan challenges

EU Commission announces Safe Harbour 2.0 and a wider Data protection reform

Commission sets moderate greenhouse gas reduction targets for 2030

From Russia with love: Brussels and Moscow close to an agreement on Ukraine’s gas supplies

Sudan Prime Minister survives attempted assassination

Monday’s Daily Brief: WFP mulls ‘last resort’ Yemen aid suspension, top peacekeeping awardee announced, abuzz over Bee Day, Ebola threat ‘very high’

EU-U.S. Privacy Shield: Second review shows improvements but a permanent Ombudsperson should be nominated by 28 February 2019

Why helping cross-border commuters is key to fighting COVID-19

Future EU-UK Partnership: European Commission takes first step to launch negotiations with the United Kingdom

Emotional control and introspectivity in times of pandemic

Why economic growth depends on closing the interview gap

The Khashoggi affair: A global complot staged behind closed doors


EU-Turkey relations: EU considers imposing sanctions while Turkey keeps violating Cyprus’ sovereignty

What if Trump wins the November election and Renzi loses the December referendum?

Nicaragua crisis: One year in, more than 60,000 have fled, seeking refuge

Trump after marginalizing G20 attacks Europe and China where it hurts, brandishes currency war

EU-Ukraine Summit: moving forward together in solidarity

MEPs to prioritise environment and climate action in next long-term budget

In Libya, Guterres ‘deeply concerned’ by risk of fresh military confrontation, urges restraint

UN forum to bring ‘big space data’ benefits to disaster response in Africa

The 5 lessons from New York Climate Week to help us combat deforestation

More than four in 10 women, live in fear of refusing partner’s sexual demands, new UN global study finds

Poverty and social exclusion skyrocket with austerity

3 ways to use digital identity systems in global supply chains

EU leads the torn away South Sudan to a new bloody civil war

Gender parity can boost economic growth. Here’s how

Technology can help solve the climate crisis – but it will need our help

An open letter from business to world leaders: “Be ambitious, and together we can address climate change”

Cyclone Idai: UNICEF warns of ‘race against time’ to protect children, prevent spread of disease in flood-ravaged Mozambique

EU-US trade war? EU calls for logic while Trump’s administration is a loose cannon in a dangerous lose-lose situation for global prosperity

This AI outperformed 20 corporate lawyers at legal work

We spend half our time at work in meetings – and that’s not necessarily a bad thing

Is history a new NATO weapons against Russia?

How three US cities are using data to end homelessness

2013, a Political Odyssey: What future for Italy?

The jobs forecast is unsettled. It’s time for a reskilling revolution

The European Parliament fails to really restrict the rating agencies

UPDATED: Thousands flee fighting around Libyan capital as Guterres condemns escalation, urges ‘immediate halt’ to all military operations

More Stings?


Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s