Right now in April, the short term view for cybersecurity involves securing remote working infrastructures while responding to skyrocketing Covid-19 phishing lures. Essentially, doing what it takes to keep the organisation going, while staying safe and healthy.
But as always in cyber, having an eye on the mid-to-long term is so important. Covid-19 is a major global event that could – in time – sit alongside the likes of the global financial crisis, 9/11 and even the breakup of the Soviet Union in shaping the geopolitical landscape.
Geopolitical change is a primary driver for nation-state and criminal cyber programmes. From IP theft through to Information Warfare, it’s worth understanding how these potential implications may unfold.
Accelerating IP theft to fuel growth
The Covid-19 crisis will deal a heavy blow to the global economy, but particularly to those that have heavy economic growth requirements. China is just one example among many who fit this category – there are several who may accelerate IP theft programmes in order to boost state output in-line with expectations. The cyber theft of IP has historically been aimed at acquiring next generation technologies (eg renewables and mobile tech) or to leverage efficiencies in existing production techniques (eg steel).
Countries exiting Covid-19 first will be at an economic advantage, and will have more capacity to implement new IP into their economies. From a threat perspective it is worth tracking those countries as they emerge the crisis, while understanding their primary industries – particularly where state ownership exists.
Shifting balances of power will be accompanied by cyber activity
There is already a trade war between the US and China, with those in Beijing seeing the US attempting to derail Chinese growth, and Washington accusing China of unfair trading practices such as state subsidies. The superpower that accelerates out of Covid-19 fastest will be at an advantage in this continued conflict, potentially shifting the global power nucleus (or at least strengthening Chinese Pacific influence).
We can add to this the speculation that Russia and China may renege on import agreements in order to hit the US economy while it is down, while elsewhere we have already seen OPEC adding to the uncertainty by increasing oil supply when demand is at its lowest, causing a mass sell-off of global stock.
Furthermore, China and Russia have already despatched healthcare resources to the worst hit parts of the EU – a humanitarian gesture that is admirable while also consolidating influence and goodwill.
All of this together could have a substantial knock-on effect across the world, as countries scramble to the shifting landscape to secure supply chains, trading partners and their own regional influence and security. This kind of global positioning has long been accompanied by cyber espionage (intelligence gathering), as well as the gaining of offensive cyber-footholds in critical infrastructure to deploy a destructive attack in the event of conflict.
Is North Korea still relevant?
At this point it’s also worth considering North Korea, who possess one of the more aggressive nation-state cyber attack programs. Historically, cyber attacks from North Korea have been motivated in propping up the regime’s nuclear program with hard cash stolen from foreign banks. With trade reductions and a recession looming, this activity could be expected to intensify.
Offensive cyber campaigns from North Korea have also been deployed in the face of joint regional military exercises by the US and South Korea, or in response to sanctions. This time around, with no real health systems to speak of, the Covid-19 crisis may destabilise Kim Jong-Un’s position to the point that an international conflict is created with which to rally domestic support.
State-aligned hacktivism may increase
Historically, many nations ‘look the other way’ – or even indirectly support – hacktivist groups that target geopolitical rivals. A notable flashpoint from Covid-19 is the anti-US rhetoric coming out of Iran, with accusations related to continued sanctions and conspiracy theories surrounding international attempts to deliver aid. With Iranian hacktivism increasing after the assassination of Solemeni in January 2020, deteriorating relations due to Covid-19 may also drive cyber activity.
Other global tensions include US-Chinese relations which continue to be strained, particularly amid White House attempts to blame China for the global pandemic. With the Chinese responding by expelling US journalists, hacktivism may become another threat worth monitoring.
Criminal attacks on the rise
Economic downturns directly cause an increase in crime. Studies have shown that the average arrest rate for young people entering the labour market during a recession is 10% higher than in a healthy market, and that recessions have a substantial impact on initiating and forming criminal careers.
Furthermore, global redundancies at scale will see an increase in skilled and experienced technical people struggling to put food on the table – leaving crime as a potential way out. With cybercrime being relatively risk free, and many elements of an attack chain already being provided ‘as a service’ to low-level criminals, it may become an opportunity too tempting to ignore for many.
Sophisticated, organised crime groups may see a global economic slump as a period where organisations under-invest in cyber security. As attack capability increases, defenders may fall even further behind, leaving increasingly easy opportunities to steal money, data, or hold the business to ransom. On the other hand, it might be that we also see a reduction in ransom amounts, as criminals adapt to the level their victims are able to absorb.
The infrastructure of the internet
It is no secret that the US is leading the push against China’s attempt to deploy the connectivity backbone of global 5G networks, and so effectively ‘own’ the internet and its future roadmap. The offer of cheap (accusations persist of state-subsidized) Huawei and ZTE equipment to countries desperate to break out of a recessionary cycle caused by Covid-19 may tip this balance back towards China. Countries where US influence wanes further as health crisis continue, may also be more tempted to align with Chinese technology. In terms of cyber risk, experts disagree on what these developments actually mean, although the likely benefits to China probably lie more in owning and projecting technical influence, than in actual data theft (although this concern persists).
An opportunity for Information Warfare
A report last year from Oxford University revealed that at least 70 countries are currently using computational propaganda to manipulate public opinion on social media. Furthermore, foreign influence operations, primarily over Facebook and Twitter, have been attributed to offensive cyber capabilities from seven countries: China, India, Iran, Pakistan, Russia, Saudi Arabia and Venezuela.
With elections looming worldwide, we can expect the continued manipulation of online public opinion in attempts to divide and weaken the health and economic response to the Covid-19 crisis. While there is little that organizations can do here (other than social media owners), the onus here falls onto individuals to think critically, avoid fake news, and understand that much of the consensus seen online is manufactured by foreign bodies with their own agenda.
To conclude, it’s clear that Covid-19, and the post-crisis world, may present opportunities for cyber exploitation at all levels – nation state, organizational, and individual. For now, the message is stay safe, and stay afloat. But soon, we may be looking at cyber in a very different way.