I found out the hard way that cyberattacks aren’t relegated merely to high-profile businesses nor engaged in by shadowy foreign agents.
They can happen right here in your town or community. Warfare has changed much over the centuries and military colleges teach their students — usually top officer cadets, staff officers and those on the military career fasttrack to the top — on strategies using historical data and past wars and great generals.
The concept of weaponising cybersecurity to generate conflict is one that is new to modern warfare strategies. Cyberconflict is cyberattacks that have a background in international relations or bring about consequences that can escalate to a political and diplomatic level.
We talk about conflicts around the world as one level below outright war, e.g. confl icts in the Middle East, South America or Africa. Cyberattacks on trust are more worrying than those intended to produce physical effects.
Attackers find it easier, and perhaps more effective, to weaken the bonds of military alliance rather than go after fighter jets and military bases, or corrupt financial data rather than destroy banks’ computers. Especially if you’re able to leave no traces – welcome to the modern era of cyberwarfare.
Cyberattacks on trust and integrity have a much lower threshold, are harder to detect and deter, and can cascade subtly through interconnected systems into social media etc. Obscurifi cation of the facts is much easier using bots and social media.
Cyberconflict is more likely to arise for political, social, and economic reasons, rather than to physically destroy infrastructure. It’s more of a risk during significant political moments, such as voting times/elections, civil protests and unrest. Impulsive action, confused decision-making, or any crossed signals can trigger unanticipated and unwanted cyberattack escalations.
For example, cyberconflict escalated when the US killed Iran’s General Qassem Soleimani in early January 2020. The week, following Soleimani’s death, there were about 35 organisations attacked by cyber offensives “specifically traced” to Iran’s state-sponsored hacking groups.
About 45 per cent of those targets were in the US. Cyberconflict creates greater risk for corporate information and financial information to be stolen, as well as theft of money and disruption of trading stocks. The biggest things companies worry about is the damage to their reputation if this happens and the loss of trust their customers would have with them.
There are a lot of legal consequences businesses can face from this, too, such as fi nes and regulatory sanctions. When Iran/US tensions were high, there were genuine concerns that a state-sponsored attack might be mounted against critical infrastructure (energy, transportation, finance) but also that a raft of commercial organisations in the US would see concerted attacks on data and systems, to steal or destroy. With the elevation of these tensions, businesses and consumers need to prepare for cyber disruptions, suspicious emails, and network delays.
This can come in any form of a digital attempt to access private information (from individuals, companies, and government agencies). In January 2020, US state agencies experienced 10,000 attempted attacks from Iran per minute in the span of 48 hours.
If your company doesn’t already have a CISO, hire a fi rm that offers virtual CISO (vCISO) services. This is a high-level consultant that can speak to stakeholders about the real risk to your business. They also can advise on where you currently stand on cybersecurity and where you should be.
Beyond that, I can’t speak to what companies should be doing differently, as some already may be following a standard of best practices provided by NIST, ISO, GIAC, or the Centre for Internet Security. Some other things I recommend that most companies we’ve worked with don’t have, is a security information and events management (SIEM) or network threat monitoring software tools. Keep a regular check on your cyber resilience maturity matrix and get in experts who can assist you with setting this up and regularly monitoring it.
The more critical your information systems are to your core business, the higher in priority this should be on the executives and Board agendas.
Another big area that seems to be lacking is effective business continuity planning and response procedures.
Just take a look at what’s happening globally right now without a cyber event due to COVID-19. Companies need to ask themselves what would happen if key infrastructure like power or the internet itself was disrupted. Are your vendors and service providers addressing those concerns as well? CISOs, IT and cyber teams should constantly be thinking through their plans and response procedures for cyberattacks.
Vigilance should certainly be higher before planned political events (scheduled protests, elections, etc.). The best thing to do is remind everyone to exercise reasonable doubt with what they see online or receive in their email. If you have a network threat detection service, you should verify with your account representative or service provider that they are keeping up with real-time intelligence. The same goes for SIEM appliances or managed detection and response service providers. Freelance hacktivists are also key players in this space from a “bad” perspective.
Motivated by civil disobedience, hacktivists seek to spread ideologies and create total anarchy. They typically see themselves as vigilantes who use hacking to enact social justice and policy changes, but they employ the same malicious tools and tactics as typical hackers.
As I have continuously articulated in this opinion column – the biggest risk is people, the human factor. Whether it is intentional or accidental, the insider is the biggest threat because we have to give some trust to our staff.
The threat remains similar to what we’ve seen over the years—emails with malicious attachments or links. Commonly known as phishing — hackers writing these viruses are getting better at hiding from anti-virus scanners.
Some of these techniques include not doing anything if the malware believes it’s running in a sandbox—a virtual machine that executes and opens the attachments to see if it identifi es anything malicious. This means that there’s greater success in the distribution of malware.
With the technology that’s preventing and blocking malware being less than perfect, people are still the biggest risk for clicking on that link or opening an attachment. Cyberconfl icts — the attack on the Iranian nuclear program using Stuxnet and Flame malware, products of Western intelligence may be a good example of this.
Another example stems from Russia, Iran, North Korea and China and their alleged ongoing subtle cyberattacks against the US and its allies.
From a commercial business standpoint, hacktivism is a prime example of cyberconflict. I briefly mentioned hacktivism before, but it’s a mix of hacking and activism, where foreign hackers are using the internet to push political agendas or social change. Economic or industrial espionage is also very real.
Hackers target the theft of critical economic intelligence such as trade secrets and intellectual property in a number of areas (technology, finance, government policy and now COVID-19 research/vaccines/etc). The main result of these types of cyberconflict attacks has been increased geopolitical tensions, millions of dollars in losses, theft of sensitive intellectual property, and physical damage to industrial equipment.
Even more pervasive is the insertion of covert command and control elements into critical infrastructure information systems that may be activated in the escalation of cyberconflict into cyberwar.
To be clear, this includes the fi nancial sector as well – central banks, commercial banks, superannuation funds, anything that can cripple countries.
We do indeed live in an ever changing world and as 2020 draws to an end, a lot has changed and the dynamics of human life has been altered in unforeseen ways.
The COVID-19 pandemic and its impact on geopolitics, countries’ economies, international travel and people’s lives, underpinned by the reliance on technology to hold it all together – keeping us digitally connected.
As the futurist Roy Amara famously noted, “We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run”.
As always stay safe and secure in both the physical and cyber worlds and be blessed this weekend.
Ilaitia B. Tuisawau is a private cybersecurity consultant. The views expressed in this article are his and not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@cyberbati.com professionals
