Significant Growth In State-Sponsored Cyber Attacks

Warfare has entered a new era where attacks are no longer physical but digital, in which nations may deliver cyber attacks with the intent to damage or destroy another’s IT infrastructure.   

While the popular perception of hackers are lone wolves operating in isolation, it’s increasingly common for cyber attacks to have a state-sponsored element, with countries taking to the Internet to wage covert, undercover warfare on others. Whilst the threat of cyber attack was identified by the World Economic Forum in its annual Global Risks Report, they also identified the diminishing willingness to act cooperatively against global challenges. It seems the threat of cyber warfare will not be going away any time soon.

A state-sponsored cyber attack usually has one of three objectives:

  • Probing for and exploiting national infrastructure vulnerabilities.
  • Gathering intelligence.
  • Exploiting money from systems and people.

Some APTs are military or intelligence units under formal state direction, while others are independent hackers operating with tacit government backing.

America First

One of the most sophisticated APTs, the Equation Group, is widely believed to be run by the US National Security Agency, while the Stuxnet worm, believed to be a joint Israeli-American attack against Iran’s nuclear programme, was able to damage uranium enrichment centrifuges in 2010. 

In March 2021 the head of US Cyber Command testified that the organisation had conducted more than two dozen operations to confront foreign threats ahead of the 2020 US elections, including eleven forward hunt operations in nine different countries.  

North Korean Cyberwar Exploits

In February this year the US Department of Justice unsealed an indictment against three members of North Korean military intelligence, accusing them of being members of the Lazarus Group.  The indictment details a long list of crimes in addition to the Sony hack and WannaCry. The Lazarus Group has pulled off audacious thefts from banks around the world, hacking into their systems and sending money into accounts it controls. 

The Lazarus Group is considered an Advanced Persistent Threat (APT), the term given to hacker groups that operate with state backing. Security companies give them names, numbers or both: Lazarus is APT38, while APT37 is another North Korean group that focuses on attacking South Korea.

Nobody knows how North Korea trains its elite hackers. Parts of the WannaCry worm showed signs of being written in Chinese, which could suggest that China helps, or could just be a coincidence. Some North Koreans likely study in the West, too, using South Korean identities and passports.

North Korea is far from alone in sponsoring hacking, but other states have different priorities.

Chinese Espionage

China has the most known APTs, and its state-sponsored hacking tends to focus on espionage, both government and corporate, rather than theft. Recently, Microsoft accused China’s Hafnium APT of breaking into the email servers of 250,000 organisations since the beginning of the year, including the European Banking Authority and Norway’s parliament. 

Russian Expertise In Cyberwar

Russia's state-sponsored hackers are accused of numerous cyber attacks aimed at diminishing western elections, hacking into key infrastructure and releasing confidential information into the public domain. Most famous of all is  APT29, better known as Cozy Bear, was revealed as the perpetrator of a sophisticated hack attack of software company SolarWinds in December. 

By installing a hidden backdoor in SolarWinds’ products, hackers were able to gain access to dozens of government agencies and companies that used the compromised tools.

The louder, brasher cousin APT28, known as Fancy Bear, was behind the hacks on the Democratic National Committee and Hillary Clinton’s presidential election campaign.

Iranian Shape Shifters

Iranian APTs conduct espionage on military organisations in the Middle East and beyond, trying to steal weapons plans and occasionally sabotaging infrastructure. Iran was accused of trying to poison Israel’s water last April by hacking into a water plant and boosting the levels of chlorine.

APTs from at least three of these countries were caught hacking vaccine research facilities last year, either to steal data or sabotage development efforts, however, it’s not only non-western states that run APTs against their opponents.

Ultimately, cyber attacks are a means, not an end. Some APTs are conducting classic espionage and want our data. Some are seeking to sow discord and damage their opponents’ political systems.

How Should The World Respond ? 

The US government has started treating APT groups like common criminals, naming and indicting their members, and arresting them, even if they’re uniformed officers of a country’s armed forces. In Britain, Prime Minister Boris Johnson has created a National Cyber Force in 2020, pulling experts from MI6, GCHQ and the Ministry of Defence together into a single command.

The UK  Integrated Review of security, defence, development and foreign policy, published recently, envisions the National Cyber Force working ‘to impose costs on our adversaries, deny their ability to harm UK interests, and make the UK 'a more difficult operating environment’.

Given the growing threat of cyber warfare, there have been calls for a ‘cyber Geneva Convention’ to oversee the use of cyber weapons around the world. Just as it took the horrors of World War II to bring about the Geneva Convention, it will perhaps take a catastrophic cyber breach to encourage the world to cooperate sufficiently to bring about a cyber specific version.

WEF:     Spectator:       CSIS:       EC Council:       Cyber News:       Quostar:

You Might Also Read: 

Cyber Warfare Creates Ghosts In Our Machines:

 

« Maritime Cyber Security Has Missing Parts
Easy-to-Guess Passwords Are Risky »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

Roke Manor Research

Roke Manor Research

Roke Manor Research is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

ECESM

ECESM

The ECESM project has been designed to enhance overall cyber security posture of Montenegro by accelerating the availability of educational and training resources.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

Conference Index

Conference Index

Conference Index provides an indexed listing of upcoming meetings, seminars, congresses, workshops, summits and symposiums across a wide range of subjects including Cybersecurity.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

ThreatModeler

ThreatModeler

ThreatModeler is an automated threat modeling solution that fortifies an enterprise’s Software Development Lifecycle by identifying, predicting and defining threats.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP) is the Swedish industry association for Swedish incubators and science parks.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

SubRosa Cyber Solutions

SubRosa Cyber Solutions

SubRosa Cyber Solutions solves its clients’ most tenacious information security, risk and compliance challenges through a multitude of information technology services and expertise.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.