Threat Intelligence

    Chaos Creates Even More Chaos: The Potential Post-Pandemic Cybersecurity Environment

    A layered cybersecurity strategy best protects against rising threats due to uncertainties created by remote and hybrid working.

    by Renatta Siewert
    gettyimages-932354274.png

    Key Points

    • Threat actors will exploit the chaos and uncertainty post-pandemic just as they have during the pandemic: by targeting remote workers in social isolation, a situation extending even into any kind of phased return-to-office or hybrid work environment.
    • The cybersecurity landscape is composed of opportunistic attacks, simple impersonation email attacks, targeted attacks, and brand fraud.
    • Cybersecurity is no longer just the responsibility of the IT department. A layered cybersecurity approach that articulates responsibility and awareness spanning all departments should be deeply embedded into business culture.

    “O brave new world!” It’s a line from Shakespeare (The Tempest, Act 5, Scene 1) that Aldous Huxley took to title his classic dystopian novel. Both authors use the phrase to characterize a radically changed way of life that creates considerable chaos.

    This is what we’re experiencing now: The global pandemic offers a brave new world for cybercriminals to capitalize on the chaos that has come to define everyday life at work and home.

    In one of the latest Mimecast threat intelligence reports to be presented at the upcoming Beyond 2021 virtual conference, The Potential Post-Pandemic Cybersecurity Environment,  Dr. Francis Gaffney points out how the chaos of COVID presents a brave new world of opportunity for threat actors.

    In particular, the surge of remote working greatly increases potential security vulnerabilities. Indeed, throughout the pandemic, Mimecast has seen a significant uptick in threats targeting people working remotely under long-term social isolation.

    Looking to what is likely in a post-pandemic world, we expect threat actors to further exploit uncertainties surrounding how and when people return to “normal working conditions,” at a time when “normal” is no longer what used to be normal.

    Whatever the scenario—a phased return to office, some sort of hybrid model, or continued remote working—the post-pandemic cybersecurity environment is fraught with potential for a variety of attack methodologies. Threat actors are highly likely to target home networks to exploit vulnerabilities that can be piggybacked into business networks.

    How can we be sure? Because we’ve reviewed the impact of previous threat campaigns conducted during similar chaotic conditions. These include when organizations return from a long leave period (e.g., Christmas/New Year, Ramadan) or move offices, as well as threats observed during the widespread adoption of insecure messaging and collaboration tools (e.g., Zoom, Microsoft Teams, Slack) for remote working during the pandemic. The situation is further complicated by parallel developments in potentially vulnerable technologies, including the internet of things (IoT) at both home and work, and the industrial internet of things (IIoT).

    The Brave New World Paradigm

    The past 18 months have seen extensive technological, sociological, political, environmental, ethical, and legal changes in behaviors and expectations. Many, if not most, may prove irreversible, combining to create a cybersecurity landscape that is more challenging and more sophisticated, with a likely increase in the range and volume of threats.

    Mimecast maps out this cybersecurity landscape as follows:

    • Opportunistic Attacks. By far, these are the largest in volume. Typically, opportunistic attacks employ emails to dupe targeted victims to click on links or otherwise engage them so as to download malware or direct them to a malicious URL.
    • Simple Impersonation Email Attacks. Threat actors use social media and legitimate work sites to impersonate employers, work colleagues and superiors, friends, and family so as to obtain private personal and work information, such as passwords.
    • Targeted Attacks. These are specifically designed to get past commodity malware scanners by using newly updated malware that is potentially not detectable with file signatures. Email remains the most used and successful means to deliver this malware by getting users to log on to what appears to be a legitimate work site, such as OneDrive.
    • Brand Fraud. With the shift to Software-as-a-Service (SaaS)-based services for both business and personal activities, users have become accustomed to receiving emails with status updates and requests for information. This has created an opportunity for threat actors to both harvest credentials for future attacks and deliver malware through emails that fraudulently appear to come from a trusted brand.

    How can organizations best respond to these growing threats?

    A Layering Response

    Traditionally, cyber defense was the responsibility of the IT department. But with the growth of remote working, and the likelihood of its continuance in the very least in a hybrid format, layered approach is warranted. This involves not only spreading cybersecurity awareness training to all departments and individuals in an organization, but also embedding it deeply into its culture.

    The awareness and responsibilities extends over these five layers:

    1. Hardware. Successful breaches aren’t always sophisticated. They take advantage of unsupervised workstations and laptops, misplaced thumb drives, and even confidential papers left lying around at a coffee shop. Administrators need to review and secure all physical assets and their locations, as well as domains, certificates, websites, third-party apps and components.
    2. Software. A range of key and significant vulnerabilities in software are related to VPNs. Over 80% of Internet-facing Exchange servers are vulnerable to threats. Upgrade unsupported operating systems (e.g., Windows 2007) and related applications; patch specific network vulnerabilities that are repeatedly attacked by threat actors.
    3. People. Social engineering to dupe people into clicking on a malicious link or divulging passwords remains a top tactic for threat actors. As more people are in remote work arrangements, they tend to be more relaxed about security. If and when there is a phased return to office work, particularly a hybrid model, the potential for confusion presents an ideal opportunity for impersonation campaigns and sophisticated spear-phishing.
    4. Policies and Processes. Put in place a cyber resilience/mitigation strategy that clearly articulates how to prevent bad actors from exploiting vulnerabilities. Institute security awareness training for all employees, and spell out dos and don’ts that relate to remote work and return to office processes.
    5. Partners and Supply Chain. One of the key elements of this pandemic is the uncertainty of a recovery timeline and when supply chain operations can resume operating at higher levels. This uncertainty coupled with reduced revenues may lead a number of businesses into financial difficulties. Consequently, there is a high likelihood that as these organizations seek financial assistance, they become targets for malicious campaigns. If these organizations are partners of yours, or part of your supply chain, you, too, become a target. Implement a zero-trust ethos in reviewing your partners and supply chain organizations. Keep them informed of current threats and corresponding mitigation. Review your service level agreements to ensure highest cybersecurity and data security practices are in place.

    The Bottom Line

    Threat actors always seek opportunities for exploiting chaos, confusion, and uncertainty to their advantage.Both the pandemic and post-pandemic times are characterized by chaos, confusion, and uncertainty.

    The proper response to combat this chaos and uncertainty is a multi-layered cybersecurity strategy that involves all employees, departments, and third parties becoming more aware and more vigilant of potential threats.

    For more on the future of messaging security and compliance, register to attend Beyond 2021, and join sessions on threat intelligence.  

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top