Pandemi ve Siber Güvenlik Etkisi: Covid-19 Sonrası Dijital Dünya

In this article where we examine the relationship between the pandemic and cyber security, we will see that viruses affect not only our daily lives but also our digital worlds. The new type of coronavirus (COVID-19) epidemic has caused great damage to economic, social, and political structures. In addition, digitalization and virtualization trends have become more visible throughout the epidemic in line with the measures taken such as social distancing and curfews. Employees who had the opportunity were largely forced to work remotely. All conferences, meetings, and meetings have shifted to a virtual environment. But while doing all this, were our systems truly reliable, resilient, and resistant to attacks? Theft of private information such as patient information from hospitals and security vulnerabilities in video-conferencing applications actually led to the rediscovery of cyber security. As a matter of fact, while the epidemic continued at full speed, cyber attackers tried every way to obtain data by damaging the confidentiality, integrity, and availability of data [1].

All these developments show that changing business processes, culture, and technological advances need to be reviewed within the framework of cyber security measures. Rapid changes caused by COVID-19 have led many companies to digitize their workforce. After this rapid change, many companies have taken temporary protection measures against cyber vulnerabilities. However, cybercriminals, aware of these workarounds, have already begun to look for ways to challenge cybersecurity policies and cause them to be violated [2].

According to the analysis of some security companies, the new type of coronavirus has had a significant impact on information security. The attackers did not hesitate to use the chaos, infodemic, and social crisis brought to the fore by the pandemic to their advantage. According to research by some companies, when cyber attack incidents during the epidemic are analyzed, attackers tend to use two main methods: malicious e-mail attacks and attacks on users’ credentials[3].

How Has COVID-19 Increased Cyber Risks?

As social events, roaming, and travel restrictions increase, attackers have increased their activities in the digital world. With the closure of schools, education and company meetings continued online using digital tools. Additionally, in their spare time at home, people shopped online, read books, and socialized. Activities concentrated in the digital field have created great pressure and stress on cyber security rules and operations.

Emerging Vulnerabilities

Working from home

The pandemic, along with the increase in working from home, paved the way for cyber attacks. The rapid transition has further increased cybersecurity challenges. For example, insecure data transfer and weakening of risk mitigation measures came to the fore among those who did not use a VPN. With greater access, telecommuters have created more risk for their companies. Some precautions should be taken while continuing to use such workarounds. Chief among these is that teams harden systems and test VPNs and other tools. In addition, employees need to review their access policies so that they can connect to critical infrastructures securely.

Social Engineering

Social engineering, which has wide coverage in the literature, has gained more importance with the COVID-19 pandemic. Attackers continue to trick real users into stealing information, and money, or gaining access to systems. For example, attackers took advantage of working-from-home conditions and called companies’ support lines, trying to gain access to confidential information and systems by introducing themselves as employees through techniques such as “text phishing” and “voice phishing”.

Attackers use poorly secured websites to deliver their malware. New websites and domains have been created to fight the epidemic or share information. Attackers can find weak points on these new websites and spread their malware to users through driver downloads. For example, in one case, a cyber attacker targeted a public institution.

Attackers can embed their malware in a document about epidemic measures and send it as if it were an official communiqué. Once installed in environments that download such malicious applications, they can steal the user’s confidential data such as credit card information and Bitcoin wallet keys.

The Number of Cyber Threats Increased During the Pandemic

During the pandemic, cyber threats created great pressure, especially on the public sector. For example, a hospital in Europe shut down its IT network, suspending operations. It also encountered a cyberattack that forced it to move patients requiring care to another facility. Another example is a government department’s website being encrypted by ransomware. Subsequently, the authorities were prevented from sharing information and accessing the files.

Epidemic, Digitalization, and Four Lessons to Learn

Understanding Lateral Movements

In the online world, attackers primarily choose targets with low value and weak protection. This means they aim to acquire more valuable assets by exploiting the targets’ weaknesses and expanding into higher layers. So why do attackers choose to follow this type of path? It is not easy to provide protection to all endpoints of networks. An attacker initially starts from a location or account with relatively weak security protection. Although the network is extensive, it does not require as much lateral movement from one place to another as one might think. This means that social networks encourage “lateral movement,” which is actually one of an attacker’s most effective tools. In the fight against cyber attacks, it is important to prevent malicious lateral movements. Monitoring these can be a very important step in ensuring cybersecurity.

Detecting, Framing, and Preventing Disease

We can associate cyber attacks with the new type of coronavirus. We can start by understanding why the number of tests performed by countries is important in the fight against the epidemic. Countries can see where the disease is and prevent it by resorting to aggressive testing. The real world and the digital environment are similar in this regard.

It is of great importance to know in which regions the “infection” and “anomalies” occur in the digital environment. Target area detection is of great importance so that we can intervene with them immediately. For real-world diseases, we use contact tracing. It is important to identify the people around a person who tested positive and whether they were infected with the virus or not to control the epidemic. However, this rule works in a much different and more difficult way in the digital environment. The reason for this is that computers communicate in many different and variable directions on a network. We can think of this as a person flying from one city to another every day. In an online crisis, “How did this disease get here and where is it going next?” Unfortunately, there is no simple answer we can find to the question.

To find the answer, security teams need to map the network well in advance of an attack. This involves understanding the organization’s normal flow of information through all access routes. It is not easy to analyze behavior in the digital world. However, there are automation and algorithms that will challenge human thinking and better analyze the answers to such questions.

Slowing the Crisis

The stay-at-home order implemented to prevent the spread of the disease has reduced the pressure on our medical systems. Similarly, slowing down the attack in a digital environment can provide great benefits to us. We know that not every attacker and attack detected in the digital world can be stopped. However, it is important to evaluate opportunities such as slowing down these attacks and quarantining them.

Hygiene is Important

The oft-repeated advice in combating the COVID-19 pandemic is always the same: “Wash your hands.” This measure has actually been seen as the first line of defense in the fight against all endemics and pandemics for years. This precaution can be repeated in almost the same way in the digital environment: “Cyber hygiene is important”. When it comes to hygiene in the digital field, it can be understood as paying attention to issues such as what is in your networks, whether your devices are configured securely, the setup of your network, whether the changes affect the security part of the system, and the management of changes [4].

As a result, the measures and best practices taken to combat the epidemic need to be understood correctly in the digital world. All of these can provide us with important outputs in terms of ensuring cyber security. As the epidemic continues, cyber attackers will continue to update their plans to steal our information. This makes it necessary to detect, monitor, and respond to attacks, as well as to maintain the resilience of systems and structures [5].