Which Countries Are Ready For Cyberwar?

Uploaded on 2017-09-18 in FREE TO VIEW, GOVERNMENT-Defence, NEWS-Cybersecurity News

According to US intelligence chiefs, more than 30 countries  are developing offensive cyber-attack capabilities, although most of these government hacking programmes are shrouded in secrecy.

The US intelligence briefing lists Russia, China, Iran, and North Korea as the major "cyber threat actors" to worry about. Russia has a " highly advanced offensive cyber program" and has "conducted damaging and/or disruptive cyber-attacks including attacks on critical infrastructure networks", it warns.

China has also "selectively used cyber-attacks against foreign targets" and continues to "integrate and streamline its cyber operations and capabilities", said the report, which also said Iran has already used its cyber capabilities directly against the US with a distributed denial of service attacks targeting the US financial sector in 2012-3.

The report also notes that when it comes to North Korea: "Pyongyang remains capable of launching disruptive or destructive cyber-attacks to support its political objectives."

US Cyber-Warfare Capabilities

However, it's likely that the US has the most significant cyber-defence and cyber-attack capabilities. Speaking last year, President Obama said: "we're moving into a new era here, where a number of countries have significant capacities. And  frankly we've got more capacity than anybody, both offensively and defensively."

Much of this capability comes from US Cyber Command, led by Admiral Rogers who also leads the NSA, which has a dual mission: to protect US Department of Defence networks but also to conduct "full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries".

Cyber Command is made up of a number of what it calls Cyber Mission Force teams. The Cyber National Mission Force teams defend the US by monitoring adversary activity, blocking attacks, and maneuvering to defeat them.

Cyber Combat Mission Force teams conduct military cyber operations to support military commanders, while the Cyber Protection Force teams defend the Department of Defense information networks.

By the end of fiscal year 2018, the goal is for the force to grow to nearly  6,200 and for all 133 teams to be fully operational. The US is believed to have used various forms of cyber weapons against the Iranian nuclear programme, the North Korean missile tests and the so-called Islamic State, with mixed results.

Reflecting the increased priority the US is putting on cyberwarfare capabilities in August 2017 President Donald Trump upgraded Cyber Command to the  status of a Unified Combatant Command, which puts on the same level as groups such as the US Pacific Command and US Central Command.

At the same time the Department of Defense said it was also considering separating Cyber Command from the NSA: Admiral Rogers currently heads both organisations and they share staff and resources.

Other US agencies like the CIA and NSA have cyber-espionage capabilities and have in the past been involved with building cyber-weapons, such as the famous Stuxnet worm.

The UK has also publicly stated that is working on cyber defence and will strike back if attacked.  

What do Cyber Weapons look like?

The tools of cyber-warfare can vary from the incredibly sophisticated to the utterly basic. It depends on the effect the attacker is trying to create. Many are part of the standard hacker toolkit, and a series of different tools could be used in concert as part of a cyber-attack.

For example, a Distributed Denial of Service (DDoS) attack was at the core of the attacks on Estonia in 2007.

Ransomware, which has been a constant source of trouble for businesses and consumers may also have been used not just to raise money but also to cause chaos.

There is some evidence to suggest that the recent Petya ransomware attack which originated in Ukraine but rapidly spread across the world may have  looked like ransomware but was being deployed to effectively destroy data by encrypting it with no possibility of unlocking it.

Other standard hacker techniques are likely to form part of a cyberattack; phishing emails to trick users into handing over passwords or other data which can allow attackers further access to networks, for example. Malware and viruses could form part of an attack like the Shamoon virus, which wiped the hard drives of 30,000 PCs at Saudi Aramco in 2012.

According to the Washington Post, after revelations about Russian meddling in the run up to the 2016 US Presidential elections, President Obama authorised the  planting cyber-weapons in Russia's infrastructure.

"The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race," the report said.

Cyber-Warfare and Zero-Day attack stockpiles

Zero-day vulnerabilities are bugs or flaws in code which can give attackers access to or control over systems, but which have not yet been discovered and fixed by software companies. These flaws are particularly prized because there will likely be no way to stop hackers exploiting them.
 
There is a thriving trade in zero-day exploits that allow hackers to sidestep security: very handy for nations looking to build unstoppable cyber weapons. It is believed that many nations have stock piles of zero day exploits to use for either cyber espionage or as part of elaborate cyber weapons. Zero day exploits formed a key part of the Stuxnet cyber-weapon.

One issue with cyber-weapons, particularly those using zero-day exploits is that, unlike a conventional bomb or missile, a cyber-weapon can be analysed and even potentially repurposed and re-used by the country or group it was used against.

One good example of this is shown by the WannaCry ransomware attack which caused chaos in May 2017. The ransomware proved so virulent because it was supercharged with a zero-day vulnerability which had been stockpiled by the NSA, presumably to use in cyber-espionage.

But the tool was somehow acquired by the Shadow Brokers hacking group which then leaked it online, after which the ransomware writers incorporated it into their software, making it vastly more powerful.

This risk of unexpected consequences means that cyber weapons and tools have to be handled, and deployed, with great care. There is also the further risk that thanks to the hyper-connected world we live in that these weapons can spread much also cause much greater chaos than planned, which is what may have happened in the case of the  Ukrainian Petya ransomware attack.

ZD Net

You Might Also Read

Cyberwar: A Guide:

Cyber Warfare Takes A New Turn:

« S. Africa’s Model For Cybesecurity
What Is The Stuxnet Worm? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

Electus Recruitment Solutions

Electus Recruitment Solutions

Electus is a leading recruitment specialist in the Engineering, Technology & Digital and Cyber & Security sectors.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.