Blog A3Sec

Cyberwar

Written by Nacho García Egea, Technical Director Spain | 10 August, 2022

State of the art

In this article we analyze the state of the art of cyberwarfare - warfare in cyberspace or cybernetics as the fifth domain of conventional warfare, along with land, sea, air and space.

The new models of information management that already go beyond the conventional perimeter of corporations, cloud or hybrid cloud, open the range to increase the risk and impact of cyber-threats and amplify the exposure of companies, critical infrastructures and governments against attacks.

Nobody doubts when the physical war has begun, but .... what about the cyberwar?

Hundreds of denial-of-service attacks, fake news and even targeted malware have been detected for weeks now. If we look back and analyze the evolution of cyber attacks in 2021, campaigns against Ukrainian critical infrastructures were already detected and threat intelligence analysis pointed to Russia, although the perpetrators identified themselves as Ukrainian Resistance or surrounding areas.

Was Ukraine prepared, and do we the free world feel prepared for such wars?

Situation analysis

The geopolitical situation and the latest events in cyberspace make us reflect and review the different cyber-attack techniques used.

The main focus identified has been on disinformation, the main target of dictatorial governments to spread their campaigns, the following types are identified: false flag attacks, distraction of the adversary, denial of services and any type of disinformation attack (fake news, face swap...etc.).

These are only the attacks that have a direct impact on the information component; there are others that are more technically offensive, such as those detected in the Russia-Ukraine conflict, such as malware-wipers, DDOS and defacements.

  • Malware-Wipers: these are responsible for deleting information from the computers they attack, deleting all data. They have a potentially destructive effect in the long term. It is a previously prepared malware and hides in supposed Ransomware as if it were a wolf in sheep's clothing, encrypting the information and asking for ransom, although in the end it deletes the data.

  • DDOS: these are distributed attacks aimed at attacking the availability of the websites of different organizations and companies. It is being the daily bread in the cybernetic conflict.

  • Defacements: in this attack, information is removed from the website or the information that appears is changed. It is a basic disinformation tactic that can mislead the general public into thinking that false information is reliable. And that false information can spread quickly. It is one of the oldest war tactics and is called obfuscation, when actors in a war inundate the civilian population with misleading information. Its effect is largely psychological, but very effective. The difficulty of knowing what is true and what is not.

The identification of such threats in critical Ukrainian governmental targets and in allied countries activates a smokescreen against other information theft and sabotage attacks on critical infrastructure.

 

Conclusion

Reflecting on the events that are taking place, the recommendation is to increase our level of alertness both for our users, with more recurrent awareness campaigns, and for our technical teams, relying on simulations and real exercises to improve our resilience in the face of threats.

As a final detail, we can highlight the latest information received in recent weeks from international cybersecurity threat detection centers, which have identified a record increase in threats focused on critical sectors -government, banking and healthcare-.

We need to continue to prepare and improve our cyber defenses.

"Great results can be achieved with small efforts."
Sun Tzu- 'The Art of War'.