Webcast: Cyberwarfare, is it a real threat?

• It is believed that the Lazarus Group has acted as a proxy actor for Chinese state-sponsored attacks. How do these alliances (per se) influence the geopolitical cyber landscape?

There is indeed an understanding that the Lazarus Group (North Korea) might have conducted activities linked to China, which can be considered state-sponsored. This is only one example of how geopolitical factors can drive the cyber landscape. China and North Korea can be considered allies, how difficult and complicated the relationship may be. It is believed that North Korean hackers are often sent to China for their education, also because connectivity in North Korea is limited.

Cyber proxies (or state-sponsored groups) can aid in national objectives and can be quite valuable in political warfare. They operate outside conventional war but within the sphere of influence of the nation state sponsoring them. This is done with the understanding that the conducted illegal activities will be tolerated- as they support the national objectives of that nation state. Another factor with the use of cyber proxies in plausible deniability. The nation state that may be targeted by a cyber proxy might be able to attribute an attack to a specific actor, but they will encounter difficulty in providing that there might be an existing link between the actor and the nation state sponsoring the attack.

• Thanks, it's interesting to see that the reports come mainly from the West. I imagine that the incriminated states are using this argument to intensify their campaign and say that the West wants to discredit their country even more with these reports. This is another example of the disinformation technique, I guess?

It can indeed be true that the incriminated states are using the statements from reports as an argument to intensify their campaigns. In one of the reports that we researched, originating from Russia, this behaviour can be seen and they do discredit Western countries here. But, this is not really seen as a disinformation technique, but could be seen as a justification tactic to justify their operations targeting Western countries. 

• We see in the different organisations you share that some offensive groups are clearly supporting nation state interest. What about the legal context in western countries to adopt similar postures? Is this legal? Is this as organised as described? Thanks

The use of any form of offensive capabilities within the cyber realm, conducted by non-government entities, groups or individuals is restricted within the law and regulations of almost all Western countries. This differs highly from the postures that the majority of non-Western countries take, where you do see nation state sponsored groups.

• What about N. Korea?

North Korea was addressed in the presentation as the first nation state that we highlighted. If you dropped in later, please see the recording of the webinar for our information on North Korea.

• A recent cyber-attack that is topical at the moment locally was against the South African Department of Defense. Not sure if this had made global headlines, but I’ve seen articles that a group called Snatch claimed responsibility for the attack. Do you have any idea if they are linked to a specific nation state? Or a specific country?

Based on our research from multiple sources, there is no full certainty where the threat actor originates from. What we do see is that in online posts by suspected members of the Snatch Team, they write in the original Russian language. For more information on the Snatch ransomware and the Snatch Team. See Sophos research.

• What is your view on quantum computing?

Quantum computing might be a potential threat to the way we view cyber security. With continuous technological advancements, it may be possible for computers to break encryption keys in the future. If, at some point in time, a quantum computer can break modern day cryptography, it can leave communications and big data sets insecure. In the context of cyberwarfare, this might be used for intelligence gathering or espionage.

At this moment, this is still hypothetical and a worst-case scenario. Today, the current existing quantum computers do not have the processing capabilities to be such a threat. If quantum computers should be used in the future by any nation state or malicious organization in this manner, drastic and major technological advancements will be required.

• Which are the countries that are most impacted i.e. are the target of highest level of attack from the identified nation actors?

According to research, the United States is the most targeted country. Depending on the source and the cyber offensive capabilities taking place, other Western countries are also often targeted by the nation actors highlighted in the presentation. What we see is that geopolitical drivers can establish a shift in the nation state most targeted; think of the war in Ukraine, where the number of cyber-attacks showed an uprise, especially between Russia and Ukraine and the countries showing their support towards either of them.

• Could you please elaborate the role of Israel, because they are also known as very advanced in cybersecurity activities?

When researching cyber offensive and defensive capabilities, Israel is most often on the list as a powerful nation state in the realm of cyber. Israel is strong in both offensive and defensive cyber-power. On the offensive side, their main strategic motive is espionage and information theft. On the other hand, Israel faces many cyber-attacks targeting them, which is why they develop strong defensive capabilities and are often successful in mitigating attacks. There are not many known APT’s originating from Israel, but the activities that we do know about are often sophisticated and highly successful. A strength in their cyber-strategy is that there is a close and outstanding cooperation between government agencies, the private industry and the academic sector. This means that they have many resources and capabilities to provide both offensive and defensive cyber-power in a strategic and sophisticated manner.

We do not speak about Israel in this webinar, mainly due to time constraints. The nation states we do mention are chosen based on their mentions in the reports we studied as part of our research.