COVID-19 has changed the way the world operates, the way we communicate, the mode of doing business and the functioning of governments resulting in an increased reliance over digital technologies and remote working[1]. One effect of this massive digital adoption was an increase in cyberattacks, which demonstrates the urgency and the need of a secure and reliable cyberspace. We, as member of the CONCORDIA project, have analyzed how COVID-19 is impacting the current cyberdomains studied in the project, from device/IoT to user, via network, system, data, and application domains.

Device/IoT Domain

During the pandemic, IoT device adoption had a substantial boost. After businesses started reopening, touchless and contactless devices such as body temperature cameras and touchless point of sales have become a necessity. Such devices suffer from the same weaknesses of other IoT devices, which are further exacerbated by the strict relation with safety and leakages in working environments. In addition, remote work resulted in many personal devices connected to the corporate networks through less protected home networks. This scenario offers new possibilities for an attacker to indirectly threaten the corporate networks. New threats to the IoT/device domain emerged during the pandemic, including:

• Inadequate design and planning or incorrect adaptation in critical scenarios: the absence or the inadequacy of an emergency reaction plan or adaptation strategy, in a scenario where new IoT devices and technologies have been quickly adopted to react to crisis.
• Lack of control on safety implications: the strong implications of IoT devices on safety are often not properly considered.
• Lack of strong cyber hygiene practices: the need of good skills for the personnel interacting with digital technologies, whhich is even more critical in ubiquitous IoT.

Network Domain

The network domain is one of the most affected by COVID-19, and experienced a radical change in terms of traffic and boundaries. For example, many remote employers are connected from their home network to the corporate network through a Virtual Private Network (VPN), therefore enlarging, to some extent, the perimeter of the corporate network. Home networks are not under the control of the organizations but still they need to be protected. We have seen a spike in cyberthreats affecting networks, exploiting telework technologies and remote tools. These threats have a very strong impact both on security operations and business processes, because the reliability of the network is a mandatory requirement for remote working. Therefore, building a reliable network at the basis of smart working, e-learning and electronic services is nowadays a must. The new threats to the network domain that emerged during the pandemic include:

• Exploitation of vulnerabilities in services and remote tools: the ever-increasing attacks exploiting vulnerabilities in VPNs and remote work software, which are not as protected as the company infrastructures.
• Physical attacks: the physical attacks to network equipment, often driven by misinformation around networking technologies, in particular 5G.

System Domain

The increasing number of remote workers resulted in the migration of traditional IT systems towards virtualized infrastructures, for instance solutions for desktop virtualization. Often, they have been rolled out in a haste without paying attention to crucial security details (e.g., configuration hardening and endpoint protection), and therefore exposing sensitive information to potential attackers. The new threats to the system domain that emerged during the pandemic include:

• Phishing: sophisticated and targeted social engineering attacks, taking advantage of the uncertainty of the current situation, where attacks can pose as trusted, healthcare-related, sources.
• Lack of awareness: the underestimation of cybersecurity threats; organizations and personnel are subjected to higher stress due to business problems thus making it even more difficult to prioritize cybersecurity.
• Personal cloud service adoption: the rapid move of individuals to cloud web-based services, which have proven to be unable to deliver an adequate level of protection and scalability.
• Cloud sprawl: the unawareness and the immaturity of the migration to cloud services, whose implications are not completely understood (e.g., shared responsibility).

Data Domain

Correct and robust data management is more critical than ever, as COVID-19 accelerated the distribution of computation to homes and the periphery. Moreover, the pandemic acted as a multiplier of the effects of existing threats such as social engineering, Distributed Denial of Service (DDoS), ransomware, child sexual abuse material, to name but a few. Data compromise becomes key to any attacks and is amplified by increasingly effective social engineering; the latter builds on the Cybercrime as a Service (CaaS), where facilitators offer their knowledge on the dark web. The new threats to the data domain that emerged during the pandemic include:

• Information leakage/sharing due to hostile home network: the exfiltration of data, exploited by attackers, made possible by erroneous data sharing and information leakage, due to work in less protected environments.
• Conversation eavesdropping/hijacking: the risks of conversation eavesdropping and hijacking due to the reliance on videoconferencing tools and their poor security countermeasures.[2]
• Unreliable data: the increasing difficulty in distinguishing between reliable and unreliable data, a situation exacerbated by the huge about of information we are overloaded by (especially about the pandemic), and by cybercriminals that are actively exploiting and contributing to this situation.

Application Domain

During the pandemic, we have also seen an ever-increasing usage of ransomware, phishing and scamming, which all go beyond a mere technical aspect and demand strong awareness on the user side. Two kinds of applications have become central during the pandemic: contact-tracing apps and remote collaboration software. Contact-tracing apps have, to some extent, polarized the debate and faced harsh criticisms, which, in the case of decentralized approaches, are mostly unjustified. On the other side, videoconferencing and remote collaboration software, such as Microsoft Teams, Skype or Zoom, have seen an unprecedented spike of usage that exhibited weak communication protection and posed significant stress to the networks. The new threats to the application domain that emerged during the pandemic include:

• Inadequate design: the ineffectiveness of application design, which do not adequately plan for non-functional aspects. Put simply, security, safety, privacy, and compliance, to name but a few, should be considered in the very first phases of software design.
• Supply-chain security: the security of all the components involved in the realization of an application. We all know that the strength of a chain is the strength of its weakest component; for application/product there is no difference.[3]
• Skill shortage: the need for skilled personnel designing safe and secure systems and applications.

Users Domain

The last domain of interest in CONCORDIA is the user domain. Differently from other domains, no new user-specific threats have emerged during the pandemic. Instead, COVID-19 has amplified existing threats, and cybercriminals have exploited the state of fear, uncertainty and doubts that many of us have and are still experiencing. Again, awareness is a fundamental point.

Gaps and Challenges

Other than threats, within CONCORDIA, we identified also the new gaps and challenges posed by the pandemic. On one hand, the complexity of the new normality we are living in resulted in additional gaps and challenges. On the other hand, some of the existing gaps have been exacerbated by the current situation. The following table highlights and briefly describes the most important cybersecurity gaps and challenges in the era of COVID-19 and the domains they affect.

Conclusions

We are all aware that COVID-19 has changed our way of living and introduced a new norm that increasingly rely on digital technologies. This new normality has also become a fertile ground for cybercriminals which have immediately found new ways to threaten our (digital) life. So, the development of a secure, safe, and trustworthy cyberspace is now a critical and pressing need. One of the main goals of CONCORDIA is to build this secure, resilient and trusted ecosystem in EU, supporting EU digital sovereignty. The first step towards this goal is identifying the threats, the gaps and the challenges affecting such ecosystem. We have highlighted here how COVID-19 has changed this triple. First, an ever-increasing reliance on networked and remote technologies, which are often not mature enough especially if the migration towards such technologies has been done in hurry without adequate planning. Second, the centrality of data, which is the final goal of any attacks and whose protection is more challenging due to the fuzzy nature of new IT boundaries. Last but not least, the need for advanced users’ awareness, to get the best out of this technological transition and to cope with new sophisticated threats.

References

1. ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated, Targeted, Widespread and Undetected, https://www.enisa.europa.eu/news/enisa-news/enisa-threat-landscape-2020
2. For example, Microsoft has announced the introduction of end-to-end encryption in 1-to-1 calls by the first half of 2021. Source: https://www.zdnet.com/article/microsoft-to-add-new-shared-channels-encryption-for-calls-webinar-features-to-teams/.
3. The famous “Solar Winds Attack” is in fact an attack exploiting the supply-chain (in)security. Source: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html.

(By Marco Anisetti, Claudio A. Ardagna, Nicola Bena, Ernesto Damiani, Jadran Sessa Università degli Studi di Milano)