By Hilary Schmidt, International Banker
The last few years have seen a rapid increase in the number of global cyberattacks. Whether smaller virus attacks through emails or massive distributed denial-of-service (DDoS) assaults against government entities, cyber-warfare has become a preferred method of belligerence for many seeking to impose large-scale harm on their targets. And with cyberspace expanding at such a rapid pace, the online realm is providing a fertile environment in which to unleash attacks—prompting governments to prioritise cybersecurity solutions, reshaping entire countries’ national-security apparatuses to anticipate and deal with such threats effectively.
The ongoing conflict between Russia and Ukraine provides a timely example of such warfare being carried out in practice at present, with reports emerging of repeated cyberattacks and disinformation targeting Ukraine. “Ukrainian, be afraid and prepare for the worst. All your personal data has been uploaded to the web,” was the message published by hackers on January 14 after they targeted several high-profile government websites. A spokesman for the Ukraine Ministry of Foreign Affairs Tweeted in response, “As a result of a massive hacking attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down. Our specialists are already working on restoring the work of IT systems.”
And one day later, Microsoft reported that it had found evidence of “a destructive malware operation targeting multiple organizations in Ukraine”, which first appeared on victims’ systems in Ukraine on January 13, 2022. “This may end up being the first declared hostility where cyberspace operations are a part of an integrated offensive military invasion,” Jonathan Reiber, the former chief strategy officer for cyber policy in the US Office of the Secretary of Defense (OSD) during the administration of President Barack Obama, recently told the US political-news publication Politico. “We could see a coordinated campaign of cyberspace operations targeting the Ukrainian government’s senior leader communications, military critical infrastructure and communications, and aspects of Ukrainian national critical infrastructure, to include the energy, manufacturing, and media sectors.”
Reiber, who currently serves as the senior director for cybersecurity strategy and policy at cybersecurity company AttackIQ, also added that such a coordinated campaign could go well beyond what Russia has inflicted on Ukraine previously.
Some of the common forms of cyber-warfare being executed at present include:
- Denial-of-service (DoS) or distributed denial of service (DDoS) attacks: DoS and DDos attacks attempt to shut down servers or networks, usually by either overwhelming them with traffic or feeding them data that causes them to crash, thus rendering them inoperable to users. DoS and DDoS attacks usually target larger-scale entities, such as government agencies, banks and big media firms, often with major bandwidth attacks whilst also infecting them with malware and/or spyware to steal sensitive data.
According to the “Microsoft Digital Defense Report” published in October 2021, the average daily number of attack mitigations in the first half of 2021 increased by 25 percent over what the tech giant had observed in the latter months of 2020, while the average attack bandwidth per public IP (internet protocol) increased by 30 percent. “As of July 2021, the average attack size in 2021 (325 Gbps) was 25% larger than in 2020 (250 Gbps),” the report stated, with Microsoft’s DDoS Protection team also continuing to see that most attacks were of short duration, with 75.35 percent being 30 minutes or less and 87.60 percent one hour or less, similar to what it had observed in 2020.
The report also noted that Europe, Asia and the United States remained the biggest hotspots for DDoS attacks due to the higher concentrations of financial services and gaming industries located in those regions. And as far as the locations of DDoS attackers, Russia, Romania, Turkey, Indonesia, Vietnam and the Philippines were the top sources, mainly due to the abundance of “DDoS attack-for-hire services” in those countries.
- Espionage: Espionage refers to the procurement of classified information through unauthorised means. In this context, the methodology involves the internet and the computer networks of the target, again typically sizeable entities such as government organisations.
The “Microsoft Digital Defense Report” acknowledged that espionage and, more specifically, intelligence collection had been far more commonly observed cyber-attack methods than destructive attacks. For instance, in July 2021, the US, along with its allies and partners, published a statement in which it attributed malicious cyber-activity and irresponsible state behaviour to the People’s Republic of China (PRC). The statement attributed “with a high degree of confidence that malicious cyber actors affiliated with PRC’s MSS [Ministry of State Security] conducted cyber espionage operations” that utilised vulnerabilities in the Microsoft Exchange Server.
“Before Microsoft released its security updates, MSS-affiliated cyber operators exploited these vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims,” according to the statement. “We have raised our concerns about both this incident and the PRC’s broader malicious cyber activity with senior PRC Government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace.”
- Malware: Malware is malicious software that has destructive impacts on a computer or network, some of the most common being viruses, trojan horses and spyware. This software is designed to execute harmful operations, such as stealing data, spying on users’ online behaviour and destroying valuable computing resources, all without the users’ acknowledgement or consent. “Windows PowerShell launched by malicious processes with suspicious commands or encoded values was the most common behaviour Microsoft observed from malware in recent months,” the “Microsoft Digital Defense Report” stated. “The next most common were attempts by malware to rename payloads to mimic system processes or replace them entirely, and using malware to collect data such as credentials from browser caches.” Search-engine results and advertising were also mentioned in the report as an increasingly effective means of inflicting malware on unsuspecting users, “both via abusing legitimate search engine optimisation strategies and by utilising existing infections to install browser extensions to modify search results and to surface illicit material attacker content”.
And Microsoft also made special mention of a newer type of “fileless” malware that derives most of its components from system processes or legitimate tools already on a device, thus making it more of a challenge to detect and/or remove as more than a single file needs to be removed. “To combat these kinds of behaviours it is imperative that security teams within organisations review their incident response and malware removal processes to include sufficient forensics to ensure common malware persistence mechanisms have been fully remediated after clean-up by an antivirus solution,” the report recommended.
According to a 2021 report by Mordor Intelligence, the cyber-warfare market was valued at $39.80 billion in 2020 and is expected to reach $103.77 billion by 2026 at a compound annual growth rate (CAGR) of 16.84 percent over the forecast period. “International organizations and governments have become focused on cybersecurity due to increased security challenges posed by or within cyberspace,” the report stated. “This has raised several concerns to national security, driving the need for robust security solutions. Therefore, the government, military, and other agencies are engaged in protecting its digital infrastructure and devices connected to the internet to deter cyberattacks.”
Some continue to refrain from classifying such acts as warfare, despite attackers’ clear intentions to sow chaos, inflict economic and reputational damage, and ultimately potentially threaten the livelihoods of civilians. Either way, governments will have to remain on top of this insidious, ever-evolving threat, which some believe will inevitably lead to the loss of life.
“We have seen attacks on hospitals, transportation systems and even schools leaving hospitals paralyzed, cities without electricity and students’ grades showing up as F’s. However, what many people have a hard time imagining are the effects of a hacker setting their sights on critical infrastructure like power plants or dams,” Emil Sayegh, chief executive officer of data security and regulatory compliance firm Ntirety, wrote in a Forbes article published on January 6. “Threats will become all too real when an upcoming attack results in disruption and death. It’s not a pretty picture, but the actions of world leaders have indicated that cybersecurity is the front line in a global cyberwar and casualties are just a logical hop away.”