The long and short term view has always been a requirement for those working in cybersecurity. Right now, the short term involves securing remote working infrastructures, while also responding to skyrocketing COVID-19 phishing lures. Essentially, fighting fires just to keep the organization going, while staying safe and healthy.
However, we cannot forget the long term. COVID-19 is a major global event that could – in time – sit alongside the likes of the global financial crisis, 9/11 and even the breakup of the Soviet Union in shaping the geopolitical landscape.
Geopolitical change is a primary driver for nation-state and criminal cyber programs. From IP theft through to Information Warfare, it’s worth understanding how these potential implications may unfold, some of which are addressed here.
Accelerating IP theft to fuel growth
The COVID-19 crisis will deal a heavy blow to the global economy, but particularly to those that have heavy economic growth requirements, like China. There are many countries who fit this category, who may be accelerating IP theft programs in order to boost the expected state output.
The cyber theft of IP has historically been aimed at acquiring next generation technologies (like renewables and mobile tech) or to leverage efficiencies in existing production techniques (like steel).
The countries exiting COVID-19 first will be at an obvious economic advantage, and will have more capacity to implement new IP into their economies. It is worth tracking those countries from a threat perspective as they emerge the crisis (while understanding their primary industries) particularly where state ownership is prevalent.
Shifting balances of power will be accompanied by cyber activity
There is already a trade war between the U.S. and China, with those in Beijing seeing the U.S. attempting to derail Chinese growth, and Washington accusing China of unfair trading practices such as state subsidies. The country that can accelerate out of COVID-19 fastest will be at an advantage in this continued conflict, potentially shifting the global power nucleus (or at least strengthening Chinese influence in the Pacific).
We can add to this the speculation that Russia and China may renege on import agreements in order to hit the U.S. economy while it is down, while elsewhere we have already seen in OPEC, which only adds to the uncertainty by increasing oil supply when demand is at its lowest, causing a mass sell-off of global stock.
China and Russia have also dispatched healthcare resources to the worst hit parts of the EU – a humanitarian gesture that is admirable, which leads to consolidating influence and goodwill.
All of this together could have a substantial effect across the world, as countries scramble to the shifting landscape to secure supply chains, trading partners, and their own regional influence and security. This kind of global positioning has long been accompanied by cyber espionage (intelligence gathering), as well as the gaining of offensive cyber-footholds in critical infrastructure. This intelligence can lead to a large advantage in deploying a destructive attack in the event of conflict.
At this point it’s also worth considering North Korea, who possess one of the more aggressive nation-state cyber-attack programs. Historically, cyber attacks from North Korea have been motivated in propping up the regime’s nuclear program with hard cash stolen from foreign banks. With trade reductions and a recession looming, this activity could be expected to intensify.
Offensive cyber campaigns from North Korea have also been deployed in the face of joint regional military exercises by the US and South Korea, or in response to sanctions. This time around, with no real health systems to speak of, the COVID-19 crisis may destabilize Kim Jong-Un’s position to the point that an international conflict is created with which to rally domestic support.
State-aligned hacktivism may increase
Historically, many nations ‘look the other way’ – or even indirectly support – hacktivist groups who target geopolitical rivals. A notable moment from COVID-19 is the anti-U.S. rhetoric coming out of Iran. These accusations range from continued sanctions to conspiracy theories surrounding international attempts to deliver aid.
With Iranian hacktivism increasing after the assassination of Soleimani in January 2020, deteriorating relations due to COVID-19 may also drive cyber activity.
Other global tensions include US-Chinese relations which continue to be strained, particularly amid White House attempts to blame China for the global pandemic. With the Chinese responding by expelling US journalists, hacktivism from the region may become another threat worth monitoring.
Criminal attacks on the rise
Economic downturns directly cause an increase in crime. Studies have shown that the average arrest rate for young people entering the labor market during a recession is 10% higher than in a healthy market, and that recessions have a substantial impact on initiating and forming criminal careers.
In addition, global redundancies at scale will see an increase in skilled and experienced technical people struggling to put food on the table – leaving crime as a potential way out. With cybercrime being relatively risk free, and many elements of an attack chain already being provided ‘as a service’ to low-level criminals, it may become an opportunity too tempting to ignore for many.
Sophisticated, organised crime groups may see a global economic slump as a period where organisations under-invest in cyber security. As attack capability increases, defenders may fall even further behind, leaving increasingly easy opportunities to steal money, data, or hold the business to ransom. On the other hand, it might be that we also see a reduction in ransom amounts, as criminals adapt to the level their victims are able to absorb.
The infrastructure of the internet
It is no secret that the US is leading the push against China’s attempt to deploy the connectivity backbone of global 5G networks, and so effectively ‘own’ the internet and its future roadmap. The offer of cheap (accusations persist of state-subsidized) Huawei and ZTE equipment to countries desperate to break out of a recessionary cycle caused by COVID-19 may tip this balance back towards China. Countries where US influence wanes further as health crisis continue, may also be more tempted to align with Chinese technology. In terms of cyber risk, experts disagree on what these developments actually mean, although the likely benefits to China probably lie more in owning and projecting technical influence, than in actual data theft (although this concern persists).
An opportunity for Information Warfare
A report last year from Oxford University revealed that at least 70 countries are currently using computational propaganda to manipulate public opinion on social media. Furthermore, foreign influence operations, primarily over Facebook and Twitter, have been attributed to offensive cyber capabilities from seven countries: China, India, Iran, Pakistan, Russia, Saudi Arabia and Venezuela.
With elections looming worldwide, we can expect the continued manipulation of online public opinion in attempts to divide and weaken the health and economic response to the COVID-19 crisis. While there is little that organizations can do here (other than social media owners), the onus here falls onto individuals to think critically, avoid fake news, and understand that much of the consensus seen online is manufactured by foreign bodies with their own agenda.
To conclude, it’s clear that COVID-19, and the post-crisis world, may present opportunities for cyber exploitation at all levels: nation-state, organizational, and individual. For now, the message is stay safe, and stay afloat. But soon, we may be looking at cyber in a very different way.