The act of cyberwarfare sounds like another Hollywood blockbuster movie. Yet, it is reality and a big concern for the digital world of today and the future.
Based on several incidents from the past, the growing sophistication and aggressiveness of nation-state actors, acts of cyberwarfare could heavily impact countries around the globe.
What do we see on this topic and why you should care?
There is indeed an understanding that the Lazarus Group (North Korea) might have conducted activities linked to China, which can be considered state-sponsored. This is only one example of how geopolitical factors can drive the cyber landscape. China and North Korea can be considered allies, how difficult and complicated the relationship may be. It is believed that North Korean hackers are often sent to China for their education, also because connectivity in North Korea is limited.
Cyber proxies (or state-sponsored groups) can aid in national objectives and can be quite valuable in political warfare. They operate outside conventional war but within the sphere of influence of the nation state sponsoring them. This is done with the understanding that the conducted illegal activities will be tolerated- as they support the national objectives of that nation state. Another factor with the use of cyber proxies in plausible deniability. The nation state that may be targeted by a cyber proxy might be able to attribute an attack to a specific actor, but they will encounter difficulty in providing that there might be an existing link between the actor and the nation state sponsoring the attack.
It can indeed be true that the incriminated states are using the statements from reports as an argument to intensify their campaigns. In one of the reports that we researched, originating from Russia, this behaviour can be seen and they do discredit Western countries here. But, this is not really seen as a disinformation technique, but could be seen as a justification tactic to justify their operations targeting Western countries.
The use of any form of offensive capabilities within the cyber realm, conducted by non-government entities, groups or individuals is restricted within the law and regulations of almost all Western countries. This differs highly from the postures that the majority of non-Western countries take, where you do see nation state sponsored groups.
North Korea was addressed in the presentation as the first nation state that we highlighted. If you dropped in later, please see the recording of the webinar for our information on North Korea.
Based on our research from multiple sources, there is no full certainty where the threat actor originates from. What we do see is that in online posts by suspected members of the Snatch Team, they write in the original Russian language. For more information on the Snatch ransomware and the Snatch Team. See Sophos research.
Quantum computing might be a potential threat to the way we view cyber security. With continuous technological advancements, it may be possible for computers to break encryption keys in the future. If, at some point in time, a quantum computer can break modern day cryptography, it can leave communications and big data sets insecure. In the context of cyberwarfare, this might be used for intelligence gathering or espionage.
At this moment, this is still hypothetical and a worst-case scenario. Today, the current existing quantum computers do not have the processing capabilities to be such a threat. If quantum computers should be used in the future by any nation state or malicious organization in this manner, drastic and major technological advancements will be required.
According to research, the United States is the most targeted country. Depending on the source and the cyber offensive capabilities taking place, other Western countries are also often targeted by the nation actors highlighted in the presentation. What we see is that geopolitical drivers can establish a shift in the nation state most targeted; think of the war in Ukraine, where the number of cyber-attacks showed an uprise, especially between Russia and Ukraine and the countries showing their support towards either of them.
When researching cyber offensive and defensive capabilities, Israel is most often on the list as a powerful nation state in the realm of cyber. Israel is strong in both offensive and defensive cyber-power. On the offensive side, their main strategic motive is espionage and information theft. On the other hand, Israel faces many cyber-attacks targeting them, which is why they develop strong defensive capabilities and are often successful in mitigating attacks. There are not many known APT’s originating from Israel, but the activities that we do know about are often sophisticated and highly successful. A strength in their cyber-strategy is that there is a close and outstanding cooperation between government agencies, the private industry and the academic sector. This means that they have many resources and capabilities to provide both offensive and defensive cyber-power in a strategic and sophisticated manner.
We do not speak about Israel in this webinar, mainly due to time constraints. The nation states we do mention are chosen based on their mentions in the reports we studied as part of our research.