cybersecure

NAME: AISHA KHAN

ID: 20221-33137
COURSE: CCA
FACULTY: MUHAMMAD RAMZAN
REPORT TITLE: CYBER SECURITY

INSTITUTE OF BUSINESS MANAGEMENT (IOBM)

ACKNOWLEDGEMENT

JAMES SHEPPERD:
ESET SECURITY EDITOR
ALZBETA KOVOLOVA:
1 | 12
 cybersecure

ESET SECURITY WRITER

ANDRE LAMEIRAS:
ESET SECURITY WRITER
RENE HOLT:
ESET SECURITY WRITER

2 | 12
 cybersecure

3 | 12
 cybersecure

TABLE OF CONTENT
1 INTRODUCTION....................................................................................................................................4
2 HYBRID WORK......................................................................................................................................5
2.1 TURNING BUSINESS PLATFORMS INTO PREFERRED SOCIAL SPACES................................................5
2.2 SECURING THE CONVENIENCE OF HYBRID LIFE...............................................................................6
2.3 INHERITING THE RISKS OF SUCCESS–A PATTERN.............................................................................6
3 HYBRID COMMERCE............................................................................................................................7
3.1 BLURRING THE LINES BETWEEN BUSINESS AND PLEASURE.............................................................7
“SOCIAL” PAST ITS PEAK?.........................................................................................................................8
3.2 WORK TRICKLING INTO OUR SOCIAL LIVES......................................................................................8
3.3 DEMOCRATIZING BUSINESS TOOLS.................................................................................................9
4 HYBRID PLAY........................................................................................................................................9
4.1 LEVELING THE PLAYING FIELD IN ONLINE VIDEO GAMING AND BEYOND........................................9
4.2 THE GAMEPLAY ATTRACTION........................................................................................................10
4.3 VALORANT: GAINING POPULARITY IN A HYBRID WORLD..............................................................10
4.4 PROTECTING THE GAME WITH ANTI-CHEAT SOFTWARE...............................................................11
5 CONCLUSION.....................................................................................................................................11

CYBER SECURITY TRENDS 2023

4 | 12
 cybersecure

Securing our hybrid lives

1 INTRODUCTION

Living a hybrid life, counting benefits and costs ESET’s predicted trend for 2023 is that

the changes in human behavior online, expressed in both professional and personal

lives, will further blur the line between the physical world and our engineered virtual

worlds. As security professionals, we are confronting the implications of these changes

across the IT ecosystem, especially from cloud-powered apps to which we all

increasingly entrust our enjoyment, professional success, privacy, and security.

However, we got here (certainly helped along through COVID-19 lockdowns), we are

here now! And where is that exactly? Likely, even now we are logged in to our preferred

cloud-powered environment. We are talking about large-scale, cloud-enabled digital

environments like Discord, Slack, and Microsoft Teams. We could include many social

apps like Facebook, WhatsApp, LinkedIn, and Tinder, or even games like Fortnight and

VALORANT. There are too many to count, but they all forecast one reality: millions of IT

users forging their hybrid lives and recasting our definitions of security and privacy. This

super bloom of cloud-powered environments has brought unimagined opportunities to

create, collaborate, buy, sell, and play. Going beyond the scope of previous cloud-

based technologies, which first freed users from limitations associated with hardware

costs and long intervals between updates, today’s cloud-based environments bring

transformative hybrid opportunities. And while we have gone all in on what the cloud

can do for us, unforeseen dangers await.

5 | 12
 cybersecure

2 HYBRID WORK

2.1 TURNING BUSINESS PLATFORMS INTO PREFERRED SOCIAL SPACES

Together with Skype and Skype for Business, all were known entities before our “new

normal;” however, the shift to hybrid work, study, and play saw these platforms explode

in popularity. As cloud-based solutions, shared access and files, parallel workflows,

instant messaging, and more were all easily accessible. But all ups have their downs.

Anything that becomes widely popular also becomes attractive to attackers. This holds

true of cloud-based platforms too. Cloud-based cyberattacks accounted for 20% of all

cyberattacks in 2020. Because the popularity of cloud-powered services is not

wavering, neither is the interest of attackers. That the pandemic brought a new normal

to businesses, educational institutions, and our everyday lives is an understatement.

Many interactions, whether work-related or personal, moved online or at least gained a

virtual mirror. This virtual migration began alongside the pandemic when most people

and businesses first turned to tried-and-tested communications solutions, such as

Microsoft Teams, Slack, and Zoom, which merged rich communication functions with

collaboration and productivity tools to help compensate for lost in-person work.

2.2 SECURING THE CONVENIENCE OF HYBRID LIFE

Microsoft Teams, launched in 2017, is now the fastest-growing Microsoft app and go-to

communications tool. Teams have seen explosive growth from early in the pandemic.

The annual number of Teams users nearly doubled between 2020 and 2021, and in

2022, users numbered 270 million, most of whom are of working age (35-54 years old).

The choice of many, Teams has moved beyond its intended business setting and is now

commonly used in education and has gained a role in people’s personal lives. Also,

6 | 12
 cybersecure

early into the pandemic, hackers gathered more than 500,000 Zoom usernames and

passwords via an attack known as credential stuffing before putting the logins up for

grabs on the dark web. Another type of issue involved security vulnerabilities, including

one that affected the Zoom app for macOS and could have given hackers root access to

macOS desktops. Fast forward to early 2022, and Google’s Project Zero team revealed

a buffer overflow and an info leak vulnerability in Zoom that, before it was remedied,

could have allowed threat actors to monitor Zoom meetings. Some of these issues were

followed by reports of phishing and other social engineering attacks, which are known

for being the top vector for malware delivery.

2.3 INHERITING THE RISKS OF SUCCESS–A PATTERN

Similarly, the abovementioned productivity app, Slack, which claims to reduce the need

for emails by 32% and meetings by 27%, is also a victim of its success. This instant

messaging platform allows users to make voice calls, video chats, and send messages

and media files in private chat rooms or as part of a community (workspace). This app

reports over twelve million daily users while being compatible with all major operating

systems. According to one estimate, an average user is on the app for at least 10 hours

a week. However, Slack comes with its fair share of vulnerabilities and risks to users

too. A more recent vulnerability was reported in 2019. It allowed attackers to exploit a

vulnerability in Slack Desktop for Windows to alter where files sent through a Slack

channel are downloaded, allowing them to inject malware into the files or steal them.

This, of course, is not the first security issue, as major flaws were found as early as

2015. One of Slack ́ s more obvious downsides are its open communities feature,

7 | 12
 cybersecure

allowing large groups of people to connect. Like email, Slack has become a perfect

vector for phishing and spam.

3 HYBRID COMMERCE

3.1 BLURRING THE LINES BETWEEN BUSINESS AND PLEASURE

Although many enterprises and small and medium businesses (SMBs) take advantage

of solutions such as Slack or Microsoft Teams for collaborative work, these platforms

are still trying to figure out better ways to create meaningful interactions between staff

members. While these companies prioritize workflow, there is also a growing need to

reinforce social connections through a virtual company culture that enhances

engagement and a feeling of belonging among workers, both with those who work

remotely and those who work in hybrid mode. These virtual hallways are, in many ways,

a needed replacement for in-between discussions that typically happen by the copier or

in the office corridors.

“SOCIAL” PAST ITS PEAK?

In Q4 2021, well into the pandemic, Facebook saw its user numbers drop for the first

time in 18 years – losing half a million users. Though since rebounding, did this episode

signal that traditional social media platforms are past their apex? Since the internet went

“social” on the wave of Web 2.0 around 2004, social networks started mimicking the

everyday interactions of life: lists of friends with whom we could share photos, thoughts,

and other multimedia content. But while in real life you can meet one group of friends

one day and another the day after, on social media they were encouraged to mix.

Suddenly, it became acceptable for work colleagues to send friend requests and, very

8 | 12
 cybersecure

quickly, it became awkward not to accept. Google tried to solve this by launching

Google+, a social network that would divide the people you connect with into different

circles, just like in real life. But the idea did not have much success. Meanwhile, the

internet got so used to Facebook that, by 2015, the platform had reached 1.44 billion

users and acquired Instagram and WhatsApp.

3.2 WORK TRICKLING INTO OUR SOCIAL LIVES

Running a successful business may demand an “always on” status, but to be “always

on” is more than just sitting at your PC in the office. Clearly our work is no longer

confined there. Our work is in our pockets, on our phones, and just next to our personal

pictures. This concentration of data, data processing and creation tools (your camera

included), and communication tools, all in one, is a big shift in how we organize our

lives. Any app developer worth their salt knows this Telegram, a cloud-based instant

messaging service with over seven hundred million active users worldwide and with

apps for all devices, is also becoming an increasingly capable mobile workspace. The

app allows for the creation of groups and channels (like on Slack or Teams), file sharing

up to 4GB, and folders that prompt users to use their existing accounts to create a

dedicated space just for workflow, right there between the family and gaming chats. It

persistently pings users with notifications formwork, even during a vacation, if not turned

off.

3.3 DEMOCRATIZING BUSINESS TOOLS

Simultaneously, people were also starting small businesses on Facebook, initially taking

advantage of “buy and sell” groups and, from 2016, using the platform’s new

Marketplace. Freelancers started using personal pages to promote their work, teachers

9 | 12
 cybersecure

shared class notes, and small bookshops promoted their new arrivals. Everything was

possible without even having an official business account with pro features and complex

analytics; it was anyone’s game. By the end of 2020, it was already so common to do

business via these social media platforms that Facebook launched the Facebook

Business Suite app to allow small businesses to manage their content, messages, and

analytics for Facebook and Instagram in one place. And since November 2022, all

Facebook users can “repurpose” their personal profile into “professional mode”,

4 HYBRID PLAY

4.1 LEVELING THE PLAYING FIELD IN ONLINE VIDEO GAMING AND BEYOND

So far, we can see how the growth of cloud-powered apps like Telegram and Teams

has created mega communities out of their users. Many of these apps have opened the

door to personal self-expression and the types of risk-taking notoriously on social media

platforms. Oversharing, connecting with strangers, clickbait, and phishing are now part

of our work, and social and gaming lives; the lines are far too blurred in our hybrid lives

for the risks to disappear. But what about the free server space in the cloud, where

millions of gamers, educators, and students are participating in a brave new world of

digital possibility and risk? In Discord’s now well-established platform, we find a kind of

“natural selection” manipulated by moderators and bots, and an “evolution” happening

in real time as communities adapt to new members’ expectations for performance, fun,

profitability, gameplay, fairness, and security.

10 | 12
 cybersecure

4.2 THE GAMEPLAY ATTRACTION

VALORANT is attractive because it demands accountability. If a player dodges the

queue, goes Away from Keyboard (AFK), or commits friendly fire, the game may impose

a penalty of a timeout or a loss of points. Repeated offenses merit increasing penalties.

The game also demands fairness. Players can go up against each other in Competitive

matches only if they are of similar rank and skill. Smurfing, where experienced players

go on a killing spree of amateurs to boost their stats, is limited by requiring Account

Level 20 to play competitively. Finally, VALORANT promotes skill and teamwork. As

novices, players hone their aim, the different Agents.’

special abilities, and their familiarity with the game maps. But as more experienced

players, who each have a similarly elevated level of aim, teamwork and strategy

become increasingly critical to winning mat security.

4.3 VALORANT: GAINING POPULARITY IN A HYBRID WORLD

For some businesses, 2020 brought lockdowns that triggered a renewed look at the

cloud as a transformation needed for business continuity. But for others, like Riot

Games, who had already been using the cloud as the

core enabler for their business model, plans rolled ahead with Riot Games releasing

VALORANT, a free-to-play online multiplayer first-person shooter. Two years later,

around 700,000 fans are playing this game daily, and a million have joined the official

VALORANT Discord server– making it the most popular server since August 2022.

Does the rapid growth of VALORANT’s popularity indicate uniquely attractive

gameplay? If yes, how has VALORANT approached the perennial problem of cheating?

11 | 12
 cybersecure

Finally, how will this approach affect other parts of our hybrid, cloud-enabled world, and

is there a link?

4.4 PROTECTING THE GAME WITH ANTI-CHEAT SOFTWARE

All this effort to promote fair, competitive gameplay is safeguarded by requiring players

to run the anti-cheat software Vanguard at the same time as VALORANT. Vanguard

uses a kernel-mode driver to identify vulnerable drivers on the gamer’s computer and

either block them from running or prevent VALORANT from running. Since this driver

runs when the computer boots up, it can detect attempts to load cheats prior to starting

the game. Vanguard also has a user-mode client application that monitors gameplay for

the use of cheats such as ambits.

5 CONCLUSION

With multiple cloud-powered apps in both our hands and pockets, we have crossed a

threshold – one that is taking us to a new dimension of how we work, socialize, and

play. However, we are not just passive spectators caught up in a web of virtual

environments, but active participants who create our own communities and influence

the shapes of others. Escaping this hybrid life is almost unimaginable, leaving only one

option:

striking forth boldly ... but with caution. We have seen a slew of security issues affecting

business apps like Teams, Zoom, and Slack. Even though remedied, we should not

think these types of issues have been tidied up and are of no further concern. The

hybrid workplace we live in is imbued with the power of metamorphosis. What began as

12 | 12
 cybersecure

work apps have transformed into social communication platforms, meaning that a whole

new vector for security and privacy risks has penetrated this landscape.

By running through these popular cloud-powered apps, platforms, environments,

and games, we hope to have shown how deeply we have become entrenched in our

hybrid lives. Although fusion can improve our human and social experience, it is a

reminder that well-defined limits can help ensure we continue to enjoy the benefits via a

continued focus on privacy and security, just like we do in the physical world.

13 | 12