In many ways, the internet has altered how we perceive and engage with the world. Sadly, this modification does not apply to acts during peacetime. This evolution also affects how conflicts are fought. Traditional physical warfare has grown to encompass cyber warfare since every nation-state is connected to and dependent upon the internet.
However, unlike traditional combat, cyber warfare is more challenging to describe. The cause? Although it may assist conventional warfare in achieving such goals, cyber warfare is not about acquiring physical territory or moving troops and equipment; instead, it is about gathering intelligence, making money, harming digital and physical infrastructure, obstructing communications, and stealing intellectual property. Furthermore, since cyberwarfare is virtual and doesn’t entail or need any form of overt declaration of war, it’s frequently exceedingly challenging to identify the specific state actor who committed the crime. Many cyberattacks fall into a grey region below the line of total war because there are no recognized international regulations.
What are the goals of cyberwarfare?
According to the Cybersecurity and Infrastructure Security Agency, cyberwarfare aims to “weaken, disrupt, or destroy” another country. Cyberwarfare programmes aim to accomplish many aims that may threaten national interests. These dangers extend from disinformation to espionage, severe disruption, significant infrastructure disturbance, and loss of life among the populace of the targeted country.
Cyber warfare and cyber espionage are sometimes used since they are comparable. The largest distinction is that whereas the main objective of a cyberespionage attack is for the attacker to remain undetected for as long as possible to acquire intelligence, the main aim of a cyberwarfare attack is to disrupt the activities of a nation-state. The two exercises are frequently combined. Cyber espionage, for instance, can gather intelligence that aids a nation-state in getting ready to start a real or virtual conflict.
Nation-States On The Attack
Attacks on the military, corporations, and infrastructure are related to nation-state threats. Since the offenders always try to avoid detection and place the blame on unaffiliated cyber gangs, foreign governments, or hacktivists, it might be challenging to pin them down.
The Undercover Nature of Cyber Warfare
The complicated and ongoing physical conflict between Russia and Ukraine, which the Kremlin refers to as a “special military operation,” serves as an example of the effectiveness of these restrictions in preventing Russian cyberattacks and highlighting the covert nature of cyber warfare. In reality, Russia has been attacking Ukraine online for a long time. Operation Armageddon began in 2013 and was the first significant attack on Ukraine. More Russian cyberattacks followed, including several on the Ukrainian voting system in 2014 and the world’s first successful cyberattack on a power grid in 2016, which caused service interruptions for as many as 6 hours for 230,000 customers in Ukraine.
Since then, Ukraine has responded to Russian cyberattacks with a barrage of cyber offensives that began, as far as we know, in 2016. The Surkov Leaks in 2016 were a significant outcome of these counterattacks. 2,337 email communications and hundreds of files were exfiltrated, revealing Russia’s plans to invade Crimea and incite separatist violence in Donbas.
2022 Conflict
It’s also questionable whether Russian cyber security personnel were involved in the Kremlin’s original war planning for the 2022 fight; as a result, they might have been preoccupied with disinformation efforts and unable to launch any substantial infrastructure strikes. The final argument is that Russia’s cyberwarfare capabilities could not be as developed as previously thought, which would reduce the impact of Russian cyberattacks.
These limitations explain why, at least for the time being, cyber warfare is distinct from conventional warfare and has nothing in common with the science fiction-like picture favoured by the media. Furthermore, nation-states are reluctant to launch comprehensive cyberattacks for strategic reasons. The enemy will eventually reverse-engineer the attack and learn how to defend against it and utilize it for their objectives; therefore, state actors don’t want to use their most powerful tools and techniques unless they have to.
The most valuable of these tools are the zero-day exploits, which are known to have been created by cyber security organizations like the U.S. National Security Agency, the U.K. Government Communications Headquarters, and the Special Communications and Information Service of the Federal Protective Service of the Russian Federation as well as acquired for millions of dollars.
Unit 26165
Unit 26165 is a group that operates deep within Russia’s cyberwarfare infrastructure. Within the GRU’s signals intelligence division, a unit is a specialized unit. The group is committed to actively using “spear-phishing” emails and other computer intrusion attacks to target military, political, governmental, and non-governmental groups. Internationally operating agents from Unit 26165 have conducted hacking activities using techniques like onsite attacks against the Wi-Fi networks of target companies.
Current Cyber Warfare by Nation-states Demonstrates It’s Been Used For
Disinformation and Propaganda: Russia’s social media-based disinformation campaigns for the 2016 U.S. presidential election demonstrate how digital attacks may be employed against ethereal targets, such as trust in social and conventional media and confidence in the fairness of elections.
Cyber Espionage: Cyber espionage, which is carried out continuously by nation-states to learn about the strengths and weaknesses of any state, friendly or hostile, is not warfare per se. There are numerous documented instances where a state-sponsored cyber espionage outfit has been suspected of conducting or occasionally proven to have conducted cyber espionage operations against other nations. For example, the U.S. National Security Agency secretly recorded almost all mobile phone conversations in the Bahamas without the consent of the Bahamian government. Similar operations were carried out in Kenya, the Philippines, Afghanistan, Mexico, and the United States.
Cyber Terrorism: The use of non-state actors (paid by a state actor) to launch cyberattacks with the intention of causing physical, political, psychosocial, economic, or other harm is known as cyberterrorism. The intention is to sow seeds of fear and mistrust that will either weaken or destroy infrastructure and government or politically significant operations.
Cyber-sabotage: Using cyber assaults to compromise government computer systems can aid conventional combat operations. For instance, state-sponsored or military-sponsored assaults may target military databases to gather details on troop movements and the deployment of weapons and equipment. These attacks can potentially compromise digital networks, disrupt official government communications, allow for the theft of crucial intelligence, and endanger national security.
Denial-of-service (DoS) Attacks: DoS attacks stop legitimate users from using a website by bombarding it with fictitious requests and making it respond to them. Critical activities and systems can be interfered with, and sensitive websites can be made inaccessible to people, members of the armed forces and security forces, or research organizations.
Only one significant cyberwarfare assault by the U.S. has ever been acknowledged: Operation Glowing Symphony, the NSA’s cyber security offensive team’s 2016 campaign against ISIS/ISIL. The Darknet Diaries podcast’s Episode 50: Operation Glowing Symphony goes into great detail on this. This episode provides insight into the operational and administrative challenges faced by a government agency mounting a significant cyberattack while also operating within the bounds of international law, the need to employ force strategically, and the political challenges of a nation-state engaging in cyber security operations against an adversary like ISIS.
In cyber warfare, nation-state actors or agents use sophisticated and covert hacking techniques to further their or other countries’ economic, political, or military objectives. Digital attacks aren’t as spectacular as science fiction, and the media have made them out to be, and they might never be. Despite this, cyber warfare, as it has been practised, is hazardous, and any adverse effects on commerce or everyday life might be significant.
Businesses At Risk
Nation-state attacks are typically viewed as highly sophisticated technological hacks. However, they can also have much simpler designs. Perhaps technology isn’t even involved. Social engineering is a frequently utilized technique to compromise corporate networks. Social engineering uses human weaknesses by persuading employees to click malicious links and download malware, always resulting in security breaches.
For instance, nation-states frequently utilize direct email spear-phishing assaults to compromise infrastructure assets. An employee clicks on a legitimate-looking email, and the virus is spread. That virus might not be instantly identified, making it much more challenging to protect against. It can remain dormant until activated by an external agency or event.
These assaults can have a variety of objectives, but they typically aim to steal trade secrets, humiliate corporate executives, and alter, delete, or ransom data.
A few high-profile examples include:
After the release of the movie “The Interview,” which gave a poor impression of Kim Jong Un, there was an attack on Sony Pictures. Hackers working for the North Korean government are blamed for the attack. The FBI uncovered code, encryption algorithms, and data deletion techniques comparable to other malware operations by North Koreans.
According to Reuters, a significant U.S. information technology company called SolarWinds was the target of a cyberattack that expanded to its clients and went unnoticed for months. Foreign hackers could utilize the hack to spy on private organizations like the prestigious cybersecurity firm FireEye and the upper levels of the U.S. Government, including the Department of Homeland Security and Treasury Department. Some top U.S. officials suspect the foreign hackers are from Russia.
More than 100,000 mail servers were affected by the Microsoft Exchange zero-day hack.
How Can You Improve your Cyber Defense Posture
To understand your capabilities and put additional safeguards in place to defend against nation-state assaults, a rigorous review and improvement of your present cybersecurity defences, including your people, procedures, and technology, will be required.
To secure your network and safeguard resources and data, you should generally seek a layered defence model that incorporates various security controls at multiple levels, with several defences cooperating within each. Consider the following.
Keep people at the heart of your defence plans
Although people are frequently the weakest link in cybersecurity, they may also be valuable if given the proper training in threat detection, avoidance, and mitigation. Remind staff to exercise caution; update training materials and advice sheets about common dangers like phishing, ransomware, and weak passwords; and build training programmes around specific, current threats. All staff members, including those who work remotely, should receive training and any outside contractors (and subcontractors). Employees with privileged access to I.T. assets should receive additional, specialized role-based training.
Review your basics
Many of the conventional guidelines for good cyber hygiene apply here: Data encryption, VPN use, firewall configuration that is appropriate, updated malware and intrusion prevention software, and strict password requirements. All users should be required to use multifactor authentication for all I.T. resources, including company leadership.
Keep track of all hardware and software assets
Keep track of all hardware and software assets as remote, and hybrid work continues, and ensure you secure access to your environment. To provide enough capacity for remote workers and reduce security threats, test VPNs, videoconferencing, and collaboration solutions. Examine the privacy and security features of any cloud-based remote collaboration solutions used for data access, storage, and sharing.
Tighten access across systems
Ensure privileged access is tightly restricted and tracked for all I.T. resources, including security tools. According to the concept of least privilege, access should be granted: Limit the applications that employees can access to those necessary for them to do their jobs.
Look outside your walls
Supply companies, business partners, and other third parties with access to your systems and data should all undergo security due diligence.
Implement solutions or third-party services to monitor and log network behaviour 24/7, and alert your team to any security events and incidents.
Don’t overlook security alerts
Take the time to carefully analyze what is happening when your tools alert you to a problem. Know how to use the controls you’ve bought to their best potential.
Make cybersecurity an ongoing process
Utilize tools to manage patches and do routine maintenance remotely. Make sure you evaluate the security effect of any modifications to essential programmes.