At the beginning of 2022, it is almost a variety of negative news and repeated tempering of the epidemic, and many friends with "big hearts" have begun to become anxious and have said that "Bengbu has lived". In the third year of the epidemic, everyone's emotions seem to have reached a tipping point.
However, the more exhausting the moment of crisis, the more you must wear the armor of health and safety and take good care of your life.
In addition to the physical and mental safety needs to be paid attention to in the physical world, after the public gradually adapts to digital work and lifestyle, many people may not have a concept of the new security threats in the digital world.
Therefore, in this article, we try to predict that the next security threat may increase, and hope that everyone can take action in advance to prevent problems before they occur and enhance their "antibodies" in the digital world.
Believe us, we are walking through a dark tunnel, having walked so far on foot, that the light at the end must be real. Where there is victory to speak of, holding on is everything.
Threat 1: Cyberattacks on a large scale
Cyber attacks are no stranger to businesses, government agencies, etc., and are often guarded by IT engineering personnel. And as many people move to long-term digital lives in the wake of the pandemic, it has also brought some new changes to cyberattacks.
First, the benefits of cyber attacks have increased significantly.
In many regions, the use of Internet services has more than doubled compared to before the epidemic, and online offices, video conferencing, online courses, mobile payments, etc. are also rapidly becoming widespread around the world. This has led to a sharp expansion of the mobile attack surface of hackers, and network attacks such as personal information leakage, mobile wallet electronic payment theft, threats and extortion, etc., have obtained greater benefits. In May 2021, a U.S. insurance giant paid a ransom of $40 million to the REvil extortion gang.
High-value, wide-ranging targets that provide greater returns for criminals who invest in the technology. It can be expected that the number of ransomware and mobile attacks will increase significantly.
(FSB detains hackers who sent ransomware viruses)
On the other hand, cyberattacks are becoming less difficult to scale.
Many enterprises and employees have not considered the situation of working from home for a long time, and most of the networked devices in the home are not configured by the enterprise, and the security level is different from that of the enterprise. As digitalization moves businesses to the cloud, large-scale attacks against cloud service providers (CSPs) begin to increase, with documents placed on the cloud holding large amounts of sensitive data from organizations that are shared by corporate employees for collaboration, and if there are no passwords or weak passwords used, the likelihood of being intercepted by hackers is greatly increased.
Kaspersky's security experts have shared that about 46 percent of cybersecurity incidents in 2019 were caused by careless employees. With the long-term implementation of working from home, the monitoring of vulnerabilities and threats has not been as timely as before, which makes the situation worse.
For example, the video conferencing software Zoom has been exposed to have a major flaw, allowing hackers to access the user's camera. There are also hackers who track conversations from microphones and then threaten to upload them to social media unless a ransom is paid and so on.
Panic is pointless, and going back to the past is a fantasy. Recognizing the reality, accepting the security risks brought about by large-scale remote work, and starting to re-establish security awareness, security mechanisms, and security barriers is the right thing to do.
For individuals, you can choose to disable microphones and cameras and turn them on only when necessary, which can effectively protect the privacy of working from home.
For enterprises and CSP service providers, new tools and security mechanisms are needed to test vulnerabilities, supervise access control, password management, endpoint encryption... In an increasingly risky environment, investing in antivirus, anti-malware, and security tools is meaningful and essential.
Threat two: online fraud with fake realism
Internet services, embedded in our daily lives in a natural, insensible way, have become essential tools, meaning that people must constantly learn on their own to improve their digital skills. At this time, many people who lack digital skills may become the hardest hit areas of online fraud.
Some traditional online fraud methods, such as men dressing up as women, pretending to be policemen, selling tea online, and fabricating lies such as your son in my hands, the anti-fraud app of the public security department has helped us to make science clear. But as Deepfake technology continues to evolve and is easily available through open source platforms, it's becoming increasingly difficult to distinguish between true and false information.
At present, this kind of deepfake forgery scam is still difficult to prevent.
In 2019, a hacker used AI voice clones to disguise the leader of the other side and defrauded $35 million from a bank manager in the UAE. In 2021, forged vaccination certificates (vaccine passports) became popular, these forged vaccination certificates not only carry the seal and signature of the vaccination center, but even affixed with vaccine number labels, which are almost indistinguishable from the real international yellow book (International Vaccination Certificate), and the group purchase price is 100-120 euros, which has greatly troubled the epidemic prevention and control in many countries.
Facial forgery techniques are also becoming more realistic, and ear edge imperfections that were previously used to identify are nearly eliminated. On the recent American version of TikTok, Deepfake was used to copy Tom Cruise's face to himself and generate a video, which also caused a viral spread and fooled many people. It may seem like entertainment, but once it is used to discredit public figures or to impersonate others in video calls to raise funds, it will lead to widespread distrust of audio and video content, which is a social hazard in itself.
If surfers may be deceived and unable to distinguish between real videos and fake videos, then it is obviously difficult for the elderly and new network groups to rely entirely on themselves to avoid this risk.
Overall, known deepfake forgery technique attacks include ghost fraud (where criminals steal the identity of the deceased for fraud), identity imitation (as in the previously mentioned voice cloning case), and virtual identity fraud (where criminals "create" new identities for themselves by combining information and images from multiple people).
Guarding against this type of cyber threat can be broadly divided into three levels:
First of all, individuals should maintain "zero trust" in all trading activities that occur on the network. That's right, before you're sure the other person is not a threat, you're sure it's threatening until it proves itself. Hany Farid, a professor at the University of California, Berkeley and a digital forensics expert, also called for doubting what you see, hear and read to be a very powerful weapon against Deepfakes.
Whether the other person is sending a message, or asking you to transfer money or share data by voice or even video, all require additional verification in other ways, such as sending an email again, leaving a message to your social media, and so on. There's no one way to guarantee you identify Deepfake, because technology is constantly advancing, and the key is to change your security awareness and use Zero Trust to increase the cost and difficulty of criminals. In general, these scam messages are sent automatically, and they may be self-defeating if they ask the other party to verify it a few more times.
Second, businesses and internet platforms have a responsibility for the technology necessary to counter the threat, censoring potentially forged identities and content. For example, some hackers use some personal information to open accounts and lend money to financial platforms, resulting in real people inexplicably carrying debts, and financial institutions will also suffer direct losses. At present, some top tech companies such as Microsoft and Facebook are developing automation software to tag Deepfake content, such as YouTube, which recently deleted the Deepfake video of Ukrainian President Volodymyr Zelensky.
Can only rely on the enterprise itself to improve the level of security, in the verification of identity information, the introduction of iris, DNA, veins and other biometric means, or the use of higher precision 3D face recognition, the development of AI algorithms to determine whether the picture data has PS forged traces and so on. In general, criminals are required to submit identity documents and selfies, and most are reluctant to use their own facial photos for fraud, which conflicts with forged identity documents, and this cross-verification can easily expose identity forgery.
The bottom-up solution is to use the human employees with fire eyes as the last line of defense to assist the work of security technology instruments, because machine vision is still not robust enough to recognize fraudulent behavior in paper ID cards. Once the lighting and environment change, the effect may not be ideal. Train human employees to gatekeep and form a powerful human-robot collaboration system with digital technology to counter the growing threat of Deepfake technology.
Threat Three: The Labor Dilemma in the Age of Gig Work
If the first two threats are real loss of property or information that can be circumvented through powerful policy and technological tools, one threat that may be quiet but nerve-wracking is the labor problems caused by the gig economy.
The gig economy, previously a buzzword, is driven by online platforms that hire employees on temporary contracts and in informal capacities. Uber, Airbnb, and India's Ola and Swiggy are among these models. After the epidemic, the uncertain external environment has promoted the expansion of the gig economy, and some stagnant or reduced industry employees may move to gig jobs, which has also cast a helpless shadow on the gig group. Previously, a domestic supermarket had temporarily accepted the delivery staff of other O2O platforms.
As the threat of the epidemic subsides, and remote work and digital homeless people become a trend, the number of gig workers may also usher in a large-scale increase, and expand from rental, distribution, driving and other fields to design, new media and other white-collar jobs.
(Proportion of employees working remotely in the EU)
This "distributed" new organizational structure does have greater flexibility, but there is also a "dark side", that is, enterprises have less guarantee obligations, and the anti-risk ability of the gig group is not as good as in the past, which in turn drives the redesign of the incentive system for remote collaboration.
At the same time, because they can work at any time, employees are easily overloaded and have to learn new skills to use digital devices, as well as the ability to handle multi-threaded tasks, balance their own stress and keep learning... These present new job challenges for the gig population. If you are a former programmer driving a ride-hailing car, or a designer who has changed to online orders, you need to work hard to adapt to the changes and properly consider your financial resilience and long-term protection planning.
For the government, in the face of the trend of gig economy and remote collaboration, improving the pace of learning and accelerating the introduction of corresponding policies and regulations may make gig workers in the storm a little less difficult.
In human history, the biggest breakthroughs have often come from the most destructive periods of crisis. Focusing on and transcending crises can ensure that we are freer and stronger in our post-pandemic digital future than ever before.
Those who can't kill us will definitely make us stronger and encourage us together.