Despite the current conflict in Ukraine, our modern society sees a lot fewer armed conflicts than 3-4 decades ago for instance. Most countries realize that it's better to "play nice" with others, rather than pull out their guns and risk the lives of their people for what usually amounts to little to no gain.
That said, it's not like there are no wars. Far from it. Regular wars are still waged all over the world and we've seen a few in recent history. But they are, luckily, a much rarer occurrence (and as someone from a country that went through nearly three months of bombing I say that gladly).
Wars today are waged in a different theater. Instead of machine guns and tanks, hackers now use viruses and cyber weapons and in our interconnected world, this may be even more dangerous.
We are, of course, talking about cyber warfare. So, what is this and how is it waged?
What is Cyber Warfare?
So what is cyber warfare exactly?
The best way to define cyber warfare is to say that it is a cyber attack or cyber attacks that specifically targets the civilian or government infrastructure of one country.
These cyber attacks can be carried out by one nation-state against another (for instance, Russia vs the United States, or the US vs China), but also by terrorist organizations or other non-state actors, who are usually under the payroll of a hostile country.
6 Types of Cyber Attacks and Cyber Threats
Cyber attacks and cyber threats can come in many forms and their danger is that they can be much less visible than, say bombs falling on your cities, or tanks rolling across your fields, but can be equally if not even more devastating to your economy, critical infrastructure and even morale.
Here we have 6 such cyber attacks and cyber warfare threats that one nation might deploy against another:
- Distributed Denial of Service (DDoS) Attack
These types of cyber attacks are not uncommon in the private sector, with the financial industry being one of its main targets. However, many countries today use it today as well to overwhelm another country's computer network and cause economic disruption.
A distributed denial of service, or DDoS attack, is an attack in which a cyber attacker or a group of cyber attackers floods the computer network with traffic, thus slowing down the target network to a crawl or even completely crashing it, rendering it unusable to legitimate users.
- Weaponized Operational Technology
Back in 2017, hackers based in North Korea perpetrated one of the biggest cyber attacks in history so far - the WannaCry attack.
The attack affected about 230,000 computers around the world, including the UK's National Health Service (NHS), as a third of its hospitals were affected, causing 92 million euros of damage.
Addressing the cyber attack, homeland security adviser at the White House at the time, Tom Bossert said:
After careful investigation, the US today publicly attributes the massive 'WannaCry' cyber attack to North Korea. The attack was widespread and cost billions and North Korea is directly responsible.
What the WannaCry attack showed is that bad guys are no longer attacking "just" the computer systems and the IT network, but that they will, also "go for" the operational technology (OT) network of other countries and these attacks can be even more devastating.
This is what's called "weaponized OT and it can affect the country's power grid, cause passenger vehicle malfunction and much more. In fact, these attacks are becoming so dangerous that Gartner predicts that by 2025, terrorist groups will be able to use weaponized OT to successfully harm or kill humans by 2025.
That's only three years from now, so you can see what threat to national security this is.
According to the senior research director at Gartner, Wam Voster:
In operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft. Inquiries with Gartner clients reveal that organizations in asset-intensive industries like manufacturing, resources and utilities struggle to define appropriate control frameworks.
Look, seeing a deepfake of Tom Cruise playing the guitar on TikTok might be funny, but when you consider the quite possible dangers of this technology and how it can be used in a cyber warfare scenario, it stops being funny and becomes more worrisome.
For instance, in 2018, the governor of São Paulo, Brazil, Joao Doria claimed that a video of him at an orgy was a deepfake (though it was never proven one way or another).
Deepfake is a combination of "deep learning" and "fake" and is typically an edited production of a person, including their video, image, or audio, that appears like something that person said or did, but they never really did.
Whether this particular case was true or not, you can see how deepfake technology can be used as a part of a cyber strategy, targeting politicians and government employees in the middle of a campaign (deepfakes of Donald Trump are all over the Internet for example) to ruin their reputation, or tricking managers and other senior officials with deepfake phone calls to transfer money to the hacker's account.
What was originally a tool to help companies and organizations test their IT security and detect weaknesses that can be exploited by cyber attackers, today penetration tools are also used by hackers as a cyber weapon of their own, attacking high-value targets, including the nation's digital infrastructure.
With the help of penetration tools, for instance, these same attackers can conduct cyber espionage, attack financial networks, or other critical infrastructures.
- Ransomware Gangs
A ransomware attack is a type of malicious software that locks and encrypts the victim's computer, which allows the attacker to demand a ransom before restoring access to the user.
- If you'd like to know more about this type of cyber attack and how to prevent it, we suggest reading this article on ransomware.
Today, such attacks no longer target just the private sector, but government computer systems as well and threat actors can block access to critical data, computer networks and more, while demanding billions in ransom.
Russian hackers are especially known for these types of cyber attacks, with 74% of all money from ransomware attacks going to them.
- Botnet and Spear Phishing Espionage
Not all cyber attacks are meant to cause direct damage. That is just one part of cyber warfare.
Hostile countries can also use cyber crime to conduct espionage or sabotage against their enemies.
One such example is using botnet and spear-phishing attacks to get to sensitive information, or leveraging insider threats to destroy or steal data.
How to Defend Against Cyber Warfare?
So how does a country defend against a coordinated cyber attack against it?
This is actually not that different from how an organization might do it and it includes:
- Understanding what the vulnerabilities and weak points of its computer systems and infrastructure are that attackers might go for.
- Testing different and unusual scenarios. Never expect the attack to be exactly the same as the one before it. This can help detect cyber attacks in their earliest stages as well as reduce the risks if the infrastructure has already been compromised.
- Collaboration between different government agencies and organizations in preventing, mitigating and responding to cyber threats.
- Better policies. Right now, the biggest danger of cyber warfare is that the world cannot quite come to an agreement on cyber weapons and their use. This puts cyber warfare in a state of legal limbo that an aggressor can use to its advantage.