ESET predicts for 2023 that changes in human behavior online, expressed in professional and personal life, will further blur the boundary between the physical world and our invented virtual worlds. As security professionals, we face the implications of these changes across the entire IT ecosystem, especially cloud applications to which we increasingly entrust our entertainment, our professional success, our privacy. and our safety.
However we got here (certainly helped by the COVID-19 lockdowns), we are here now! But where is it exactly? It is likely that today we are connected to our favorite environment in the cloud. These are large-scale digital environments in the cloud, such as Discord, Slack and Microsoft Teams. We could include many social apps like Facebook, WhatsApp, LinkedIn and Tinder, or even games like Fortnite and VALORANT. There are too many to list, but all foresee the same reality: millions of users forging hybrid lives and revising our definition of security and privacy.
This blossoming of cloud environments offers unimaginable possibilities to create, collaborate, buy, sell and play. Going beyond the scope of previous cloud technologies, which first freed users from the limitations of hardware costs and long intervals between updates, today's cloud environments offer transformative hybrid possibilities. And while we've bet everything on what the cloud can do for us, unforeseen dangers lie ahead.
HYBRID LIVES IN THE CLOUD PROTECTED BY...?
The multifunctional immersive environments we have embraced in the cloud for work, play, education, data storage and our connected lifestyles not only offer great opportunities, but also attract cybercrime. The breadth of these continuously updated platforms, with millions of users connected simultaneously from desktop computers, mobile devices and connected objects (IoT), contributes to creating a huge shared surface of threat.
Some cloud environments, including the rawest of resources, namely free server space, have the ability to help create, host, and share vast amounts of personal data and intellectual property. , even with millions of other users. This wealth of human expression is at the same time a tempting wealth of data for everyone: ordinary citizens, entrepreneurs and even seasoned cybercriminals.
1 - HYBRID WORK: TRANSFORMING COMMERCIAL PLATFORMS INTO PREFERRED SOCIAL SPACES
Hybrid work and hybrid play are now merging into a hybrid lifestyle, but where is the line between the two? Is there even a limit?
To say that the pandemic has brought about a new normal in businesses, educational institutions and our daily lives, is an understatement. Many interactions, whether professional or personal, have moved entirely online or have become at least partially virtual. This virtual migration began at the same time as the pandemic, when most people and businesses turned to proven communication solutions, such as Microsoft Teams, Slack and Zoom, combining rich communication features with tools for collaboration and productivity to compensate for the loss of work by no one.
Along with Skype and Skype for Business, all of these platforms were known entities before our “new normal”. The shift to a hybrid system of work, study and play, however, has seen their popularity explode. Thanks to cloud solutions, access and shared files, parallel workflows and instant messaging have become easily accessible. But all ups have their downs.
Anything that becomes widely popular also becomes attractive to criminals. This also applies to cloud platforms. Cloud cyberattacks accounted for 20% of all cyberattacks in 2020. As the popularity of cloud services is not waning, attacker interest is not waning either. Let's look at three
platforms mentioned above to identify a trend: applications designed for work but transformed by general demand into a social communication platform.
ENSURING THE COMFORT OF THE HYBRID LIFESTYLE
Launched in 2017, Microsoft Teams is now the fastest growing Microsoft application and the communication tool of choice. Teams has seen explosive growth since the start of the pandemic. The annual number of Teams users nearly doubled between 2020 and 2021, and in 2022, its users number 270 million. Most of them are of working age (35-54). Chosen by many people, Teams has gone beyond the professional framework for which it was intended. It is now commonly used in education and has taken hold in people's personal lives. Microsoft Teams is a handy option among communication apps, but it's not without its risks. In 2021, a vulnerability was discovered in Teams that allowed malicious users to steal emails, messages, and files from OneDrive and SharePoint. More recently, in August 2022, another vulnerability was discovered, due to Teams storing access tokens in the clear on disk, making it easier to steal them when an attacker first manages to compromise the team's computer. 'a victim. For some, such weaknesses mean that cloud solutions are more vulnerable to attacks than on-premises solutions and therefore require a special layer of protection for the cloud. Zoom is another cloud video conferencing solution that has become popular in recent years. This peer-to-peer software platform has seen a huge boom during the pandemic as people have started working, socializing and attending events online.
Zoom seemed like the perfect option, as you didn't need an account to attend an event. A free version with limited functionality is also available.
proposed. Of course, the increased use of Zoom has drawn the attention of many malicious actors, and thus the platform has experienced several security breaches since 2020. At the start of the pandemic, more than 500 million usernames and passwords were leaked. One of the most serious security breaches concerns the account of former British Prime Minister Boris Johnson. The spring of 2020 turned out to be a disaster for Zoom's security. The security concerns did not end there, however.
Google's Project Zero team revealed buffer overflow and information leak vulnerabilities in Zoom, allowing malicious actors to monitor Zoom meetings. These issues were followed by phishing and social engineering attempts, with phishing being the main vector for cyberattacks and malware distribution.
INCREASED RISK DUE TO SUCCESS: A COMMON PROBLEM
Similarly, the productivity app Slack, which claims to reduce the need to resort to emails by 32% and meetings by 27%, is also a victim of its success. This instant messaging platform provides users with voice call and video chat functionality, sending messages and multimedia files in private chats or as part of a community (workspace). This application has more than 12 million daily users and is compatible with major operating systems. According to one estimate, an average user stays on the app for at least 10 hours a week. “Slack is used by over 100,000 organizations globally and offers a paid tier called Slack Connect, which includes secure messaging functionality used by over 10,000 organizations. Slack also has its share of vulnerabilities and risks for users. A recent vulnerability was reported in 2019.
It allowed attackers to exploit Slack Desktop for Windows to change the download destination of files sent through a Slack channel, ultimately allowing them to inject files with malware or steal them. This is of course not the first security issue, as major flaws were discovered as far back as 2015. One of Slack's most obvious drawbacks seems to be its open communities feature, which allows large groups of people to get in touch. As with email, Slack has become a perfect vector for phishing and spam.
2 - HYBRID TRADE: BLURRING THE BORDER BETWEEN WORK AND LEISURE
It is now acceptable to find a job on a dating application!
Although many enterprises and SMBs are leveraging solutions such as Slack or Microsoft Teams for collaboration, these platforms continue to seek better ways to create meaningful interactions between participants. These companies focus on workflows, but there is an increasing need to strengthen social ties through a virtual corporate culture that promotes employee engagement and a sense of belonging, whether who telecommute or those who work in hybrid mode. These virtual spaces are, in many ways, the necessary replacement for the discussions that usually take place near the coffee machine or in office hallways.
IS “SOCIAL” ALREADY ON DECLINE?
In the fourth quarter of 2021, when the pandemic was already well advanced, Facebook saw its user numbers drop for the first time in 18 years, losing around half a million users. Although the number has since rebounded, is this episode a harbinger that traditional social media platforms are past their prime?
Ever since the Internet became "social" with Web 2.0 around 2004, social networks have begun to mimic the daily interactions of life: lists of friends with whom we can share photos, thoughts and other content multimedia. But whereas in real life we may meet one group of friends one day and another the next, on social media these groups are bound to mingle. It suddenly became acceptable for co-workers to send matchmaking requests, and it very quickly became awkward not to accept them. Google tried to solve this problem by launching Google+, a social network that divides the people you connect with into different circles, just like in real life, but the idea didn't meet with much success.
Meanwhile, the internet has gotten so used to Facebook that in 2015 the platform hit 1.44 billion users, then acquired Instagram and WhatsApp. It quickly became “normal” for co-workers to exchange professional messages during and after working hours, connecting collaborators in a way that had not existed before. If this sounds positive, for example by contributing to the improvement of the corporate culture, it did not take long for employees to demand a "right to disconnect", because not everyone wants to receive SMS about work at dinner time or sharing vacation photos with her boss. And in the office, managers didn't want employees wasting time on social interactions. But it was too late.
DEMOCRATIZATION OF COMPANY TOOLS
Users have simultaneously created small businesses on Facebook, initially taking advantage of “buy and sell” groups, and since 2016 using Marketplace. Freelancers started using personal pages to promote their business, teachers shared their class notes, and small bookstores promoted new books. Everything was possible without even having an official business account with advanced features and complex analytics; it was open to everyone. At the end of 2020, it was already so common to do business through these social media platforms that Facebook launched the Facebook Business Suite app to allow small businesses to manage their content, messaging and analytics for Facebook and Instagram in one place. place. And since November 2022, all Facebook users can "redirect" their personal profile to "Professional Mode", a new feature designed to support new content creators by giving them access to analytics and monetization programs, including the possibility of receiving money directly from fans.
WORK IS INTERFERING INTO OUR SOCIAL LIFE
Running a successful business may require being “always on,” but being “always on” is more than just sitting at your computer in the office. It is clear that our work is no longer limited to this. Our work is in our pockets, on our phones, and right next to our personal photos. This concentration of data, creative tools (including your camera) and data processing, and communication tools, all in one, represents a major change for the organization of our lives. Any app developer worth their salt knows this.
Telegram, a cloud-based instant messaging service with over 700 million active users worldwide and apps running on all devices.
devices, is also becoming an increasingly capable mobile workspace. The application allows to create groups and channels (like on Slack or Teams), to share files up to 4 GB and folders which invite users to use their existing accounts to create a space dedicated to workflow, right between family talk and game talk. It constantly sends notifications to users from work, even while on vacation, when the feature is not disabled. While some users benefit from nascent right-to-disconnect legislation, everyone is affected by the data policies of their favorite cloud service.
Since this should be a concern for personal and work data, companies should at least use apps that encrypt data and only collect minimal data, and preferably use apps that store all messages and media locally on the user's device. At the same time, there are a host of other messaging apps being repurposed for business purposes that millions of people use: dating apps. Surprisingly, they are also used to create professional networks, find new clients, recruit or look for a job. In 2020, at the start of the pandemic, the dating app Bumble created the “Community Grants” profile, which looks a lot like the profile of a normal user. By swiping to the right, users are connected and invited to nominate a local SME that needs financial support due to the lockdowns. Bumble has pledged to choose 200 companies and award them up to $5,000 in grants. While its primary focus is dating, Bumble also features a Bizz mode that makes it easier for professionals to meet.
THE RISKS ASSOCIATED WITH THE MERGER OF PROFESSIONAL AND PERSONAL LIVES
Mixing work with social life is a growing trend. Tinder, for example, offers the ability to show ads. Many freelancers and small business owners can use their personal profile to entice new clients to swipe right. If a client turns into an appointment, even better! Being an entrepreneur seems to be a very trending feature. According to a Shopify survey released last year, from April 2020 to July 2021, Tinder saw a 25% increase in mentions of users' entrepreneurial experiences in their bios, which appears to be a feature that 71% of users value. of the app.
Although these apps do not allow commercial activities, a conversation with someone who describes themselves as a gym junkie can easily lead to the sale of a personal coaching service; a wine exporter may try to sell a few bottles; a coffee shop owner will be happy to connect with someone over coffee.
As long as it can be considered a creative solution, it can create real problems. Blurring the line between personal and professional use cases can have serious consequences. For example, a phishing attack on WhatsApp could lead to the download of malware that steals personal and work messages. Scammers on dating apps might be looking to obtain business information from someone whose goal is to network in order to sell products. Even in an environment professionally, sharing information online that is intended for friends but that colleagues may have access to, such as photos on Facebook or your presence on mobile apps such as Grindr or Happn, may attract unwanted attention or be used for purposes of harassment, doxing, or to gain an advantage
professional.
But there is more. Meta recently took disciplinary action against more than two dozen employees for allegedly abusing internal systems to take control of user accounts, in some cases in exchange for thousands of dollars. While this issue may not be widespread, there is no guarantee that it will not occur in other companies. And while the target may be a personal account, business information exchanged using that account may prove invaluable once in the hands of criminals.
Some collaborators can indeed be more interesting targets than others, because of the amount of data to which they have access. This can be an important factor when it comes to imposing more restrictive measures on the most exposed employees. But it can also be misleading because everyone in a company is connected, and it can be easier to extract information from someone who isn't seen as an obvious target. Back to this overlap between professional and personal spheres. With the cultural shifts we are experiencing in the way we communicate, work and live, we cannot ignore how our online and offline lives have merged, creating new risks that need to be avoided by establishing clear rules.
If companies expect their employees to be available at all times, they must be prepared to end the practice of using personal devices for work (BYOD) to ensure a clear separation between work and life. private. This means providing employees with dedicated work devices, not just laptops, but also smartphones. Companies ensure that they and their employees know the consequences of using the same device for work and private life.
Other priorities also stand out. Companies should stop providing configuration profiles that employees can install on their personal iOS devices to access their work email and other work platforms. It is also essential to put in place clear rules, in particular to discourage employees from using the same password for personal and professional accounts, and to require the use of multi-factor authentication.
The future is full of amazing technologies, collaboration tools, and more humanized online social experiences that will, however, continue to blur the thin line that separates the different spheres of life.
3 - HYBRID GAMING: EQUALIZING THE CHANCES IN ONLINE VIDEO GAMES AND BEYOND
Does VALORANT's approach to cheating mark a turning point in how we deal with the ongoing misappropriations that plague our hybrid world of work and play?
FIRST SOCIAL APPLICATIONS, NOW GAMES?
We can see so far how the growth of cloud apps such as Telegram and Teams has created mega-communities of users. Many of these apps have opened the door to a form of self-expression and the kinds of risk-taking that are famous on social media platforms. Oversharing, hooking up with strangers, clickbait and phishing have become an integral part of our professional, social and gaming lives; the boundaries are far too blurred in our hybrid lives for the risks to disappear.
But what about the free server space in the cloud, where millions of gamers, teachers and students participate in the best that digital has to offer, with the risks that entails? On the now well-established Discord platform, there is a kind of "natural selection" manipulated by moderators and bots, and "evolution" happening in real time as communities adapt to the expectations of new members, performance, pleasure, profitability, play, fairness and safety.
What is Discord?
Originally created as a communication platform for the gaming community, Discord offers any community a cloud server with text and voice channels, as well as screen sharing and file download features. Each community can set its own rules and moderate how members interact with each other. Discord even offers developers a programming interface to create bots and webhooks. Due to its rich collaboration features, hackers are increasingly hijacking Discord for malware distribution, data exfiltration, and command and control (C&C) communications.
To shed light on the changes taking place in gaming, let's see what members of one of the largest gaming communities on Discord have done in their hybrid lives: sharing their passion for VALORANT while fighting against the wave of cheating spreading across the gaming landscape.
VALORANT: HOW TO GAIN POPULARITY IN A HYBRID WORLD
For some companies, the year 2020 has been marked by lockdowns that have led them to consider the Cloud again as a transformation necessary for business continuity. But for others, like Riot Games, who were already using the Cloud as a core tool in their business model, plans continued with the release of VALORANT, a free-to-play online multiplayer FPS. Two years later, nearly 700,000 fans are playing the game daily, and one million people have joined the official VALORANT Discord server, which is now the most popular server since August 2022. The rapid growth in popularity of VALORANT is it the sign of a particularly attractive gameplay? If so, how has the perennial problem of cheating been addressed by VALORANT? Finally, how will this approach affect other parts of our hybrid and cloud world? Is there a link?
THE LURE OF GAMEPLAY
VALORANT is attractive because the game requires responsibility. When a player dodges the queue, walks away from their keyboard (AFK), or shoots a friend, the game may impose a penalty in the form of a break or loss of points. Repeat violations call for heavier penalties. The game also requires fairness.
Players can only compete in competitive matches if they are of similar level and skill. Smurfing, where experienced players kill amateurs to increase their stats, is limited to level 20 accounts and competitions.
Finally, VALORANT encourages skill and teamwork. As novices, players hone their targeting, the various special abilities of Agents, and their familiarity with the maps of the game. But as players gain experience, and acquire a similar level of targeting, teamwork and strategy are becoming more and more essential to winning matches.
GAME PROTECTION WITH ANTI-CHEATING SOFTWARE
All of these efforts to promote fair and competitive gaming are safeguarded by requiring players to use Vanguard anti-cheat software alongside VALORANT. Vanguard uses a kernel-mode driver to identify vulnerable drivers on the player's computer, and either block them from working or prevent VALORANT from working.
Because this driver runs at computer startup, it is able to detect attempts to load cheat software before the game starts. Vanguard also has a user-mode client application that monitors game play to detect the use of cheat software, including aimbots. Cheating is also addressed by the security features built into VALORANT.
For example, the game uses a fog of war system to prevent cheaters from seeing their opponents through walls. The punishment for cheating could go as far as a hardware ban on the cheater's computer.
Debate rages around this aggressive approach to implementing the technology and what gamers think of the implications for the operation of their PC. While some consider anti-cheat software to be spyware, an analysis of the Vanguard client application under the microscope of a detection and processing tool such as ESET Inspect reveals a different picture.
The ESET Inspect console only reports Vanguard injecting a thread into the virtual address space of the VALORANT process, allowing Vanguard to break into VALORANT. Considering the purpose of anti-cheating software, this is a highly suspicious action. Figure 1 shows the Vanguard client executable vgc.exe, which triggers a CodeInjection event affecting the game executable valorant.exe. Ultimately, the appeal of VALORANT is that it focuses on skill development, teamwork, and strategy to win matches; a goal that is secured by a robust approach against cheating and sabotage.
CASCADE OF EFFECTS IN A HYBRID WORLD
The shift from offline games to the era of online multiplayer games and e-sports has left behind the scourge of cheating. Cheaters are the bane of the esports world, just as malware is on the internet.
The parallel is indeed easy to draw because the development of cheat software requires the same tools and the same know-how as those used by malware developers and those looking for vulnerabilities. Some even consider the development of cheat software as an entry point to the development of malware.
This puts anti-cheat software in a role comparable to that of security software and, indeed, in the same role of confronting some of the same exploitation techniques used by malware authors. Combating the problem of cheating therefore has strong similarities to combating malware, which requires identifying and monitoring the techniques used to gain illicit advantage or control.
As we move forward in a world transformed by the continued move of traditionally offline activities to the cloud, holding cheaters and hackers accountable will be critical to ensuring that progress. Only in this way can the game, or any other hybrid activity in which we participate, retain its appeal.
CONCLUSION
With the multiple cloud applications we have in our hands and pockets, we have crossed a threshold that brings us to a new dimension in the way we work, socialize and play. We are, however, not just passive spectators caught in a web of virtual environments, but active participants who create our own communities and influence the shape of others.
Escaping from this hybrid life is almost unimaginable, leaving perhaps only one option: to leap boldly...and cautiously. After all, we've seen the slew of security issues that have plagued work apps like Teams, Zoom, and Slack. Even if this type of problem has been fixed, do not believe that it has disappeared and that there is no longer any reason to worry. The hybrid workplace we live in is imbued with the power of transformation.
What started out as work apps have morphed into social communication platforms, meaning a whole new vector of security and privacy risks has entered this landscape. With the establishment of companies towards the social sphere, these platforms have their work cut out for them. But they are not alone in this task. They represent a competing force in a melting pot of platforms. Another strength is popular communication apps such as Facebook, Telegram and Bumble. Originally social applications but, again, imbued with the power of metamorphosis.
We see them being redirected to business users, leading to both success and new cyber risks. All of these cloud-powered applications, platforms, and environments have created mega-communities of users, one of the largest being gamers. And where are the players? Probably on Discord servers discussing their favorite games.
But just as the fight against threats to our hybrid lives persists, so does the fight against cheating in games. It is a mirror phenomenon. Can the gaming community's response to cheating be instructive for our own hybrid world? Using anti-cheating software is one approach, but what are the implications of algorithmic monitoring of in-game behavior, relationships and habits? The same question potentially arises beyond games, regardless of the cloud environment to which we belong. By looking at these popular cloud-powered apps, platforms, environments, and games, we hope we've shown just how grounded we've become in our hybrid lives.
While this fusion enhances our human and social experience, it reminds us that well-defined boundaries can help us continue to enjoy its benefits by emphasizing privacy and security, as we do in the physical world.