Introduction
In the beginning, there was Stuxnet. The year was 2010, and the world had not yet encountered a cyberweapon. Stuxnet, a computer worm unleashed on Siemens systems deployed in Iran’s uranium facilities, successfully slowed down and significantly damaged the centrifuges used to separate elements in the uranium gas. Infecting the Programmable Logic Controllers (PLCs), the worm worked surreptitiously over many weeks to sabotage the state-of-the-art equipment. Estimated to have damaged as many as 1,000 centrifuges, the worm was quickly labeled the world’s first cyberweapon.
Stuxnet’s furtive nature made it hard to detect, going to the extent of sending out fake signals to hide its presence and surreptitious activity. Completely new as malware, it provided no known signatures.
Growing Presence
Attributed to the US and Israel, eager to have Iran align with nuclear program disarmament decisions, Stuxnet marked the start of state-sponsored cyberterrorism, till then an unheard type of warfare.
Cyberpolicy (1) defines it as government-backed hacking in the form of digital incursion that works to promote a nation’s interest at home or abroad. This could take the form of crashing a website critical of the state or crippling the financial systems of an entire country. A10 Networks (2) calls it a sophisticated and covert hacking by nation-state actors or their proxies to support economic, political, or real-world warfare goals.
Not about money as was the case of traditional cybercrime, cyber warfare emerged as a threat in the face of fears of indulging mutually-assured nuclear holocaust.
Today, attacks by state-sponsored actors are targeting not just government facilities, nuclear, and military bases as well as dissidents, political parties, and private companies with public connections. State-sponsored hacker groups generally referred to as Advanced Persistent Threats (APTs), are assigned a number or follow a naming convention where different states (countries) go by the names of animals. Iran’s calling card for example is a kitten.
Why Cyberwarfare?
Because they use digital channels and internet interconnectivity, cyber warfare is relatively easy to implement, hard to detect, and consequently easy to deny. Proving a nation is behind the attack can be very hard. Additionally, the attacks can be perpetrated at a much lower cost than conventional warfare. It is for these reasons that rogue nations are increasingly resorting to cyber warfare as a means to attain objectives which range from:
- Espionage on technologies, chemical installations and defense facilities, political circles, corporate secrets, etc.
- Spreading misinformation with a view to sabotage elections, sway public opinion, establish dissidence, etc.
- Testing the readiness of adversary systems prior to another much larger attack
Cyber warfare is now considered a potent addition to the arsenal of a rogue nation. Working in combination with conventional military operations, they serve as potent forces capable of sowing unrest in political and public arenas. Russia’s ongoing war against Ukraine serves as a classic example of this hybrid type of warfare.
Devastating effect
The role allegedly played by Russia in arguably altering the course of the 2016 US presidential election is now well known. Though Russia has denied it, it was widely regarded that the operation, codenamed Project Lakhta and directly ordered by the Russian president himself, also infiltrated information systems of political parties, campaign committees and key stakeholders. Going further, Russia’s Internet Research Agency (IRA) created thousands of social media accounts of fictitious American citizens, with a view to alter the course of the elections. The cybercrime was supported by a campaign fronted by Russian oligarchs involving pecuniary considerations.
Today, rogue nations continue to indulge in cyberwarfare. China and North Korea are both known to have elaborate cyberwarfare setups and have successfully spied on or infiltrated US setups.
Staving off the Threat
State-sponsored cyberwarfare is backed by unlimited resources and extremely well-organized methods, so stopping them is a literal non-starter. However, hope lies in:
- taking adequate precautions to block and identify fraudulent emails
- closing down vulnerabilities and software security gaps to pre-empt zero-today attacks
- detect and remediate damages inflicted by malware
- setting up a zero-trust architecture
- adopting a robust security posture and information system policies, and
- conducting regular sessions on security awareness
Forbes (3) in an article suggests organizations should have:
- the necessary intelligence to know what their attack surface looks like. Today, much larger than in earlier years thanks to big data, attack surfaces necessitate security intelligence that will provide insight into threats
- a robust budget for threat intelligence, and forensic-hunting capabilities
- CISOs must have at their disposal an advanced incident-response function with full functionality and knowledge of their networks in advance
Conclusion
Adam Hunt of the Forbes Technology Council adequately summarizes the magnitude of the threat in his article. Referring to the state-sponsored hack on SolarWinds that crippled in excess of 30,000 public and private companies using the SolarWinds software Orion, he says ‘Rather than taking an on-the-fly approach, I advise investing in and honing your incident response infrastructure before an attack happens — because SolarWinds will not be the last mass-scale supply-chain attack. It’s a harbinger of things to come!’
Aurora Systems Consulting Inc. provides comprehensive cybersecurity services. Contact us at sales@aurorait.com or +1 888 282 0696 for more information.
