The potential for a serious cyber attack is more likely than ever, yet the threat is only growing as more nations begin to adopt an offensive hacking strategy. Russia, China, Iran and North Korea have been seen for years as the leading nations to utilize state-backed cyber attack groups, but even India and Pakistan have employed hackers to engage in activities against each others’ infrastructure.

In recent years, Indian hackers have taken down Pakistani government sites, while Pakistani hackers have targeted the Indian power grid. Thus far, such attacks haven’t escalated to full-blown war, but security researchers warn that more nations are beginning to embrace offensive hacking – and the situation could get out of control.

According to Crowdstrike’s 2022 Global Threat Report, new countries are beginning to embrace offensive cyber operations and this includes nations that haven’t previously been seen to use cyber as a weapon. Hacking groups in Turkey and Colombia have been increasingly brazen.

One reason that offensive hacking could be on the rise is that a cyber-based campaign can be far easier to conduct than traditional espionage, and as a result there has been increased investment in the use of cyber as a potential weapon.

“There are a lot of countries out there that look at this and realize it’s cheaper, it’s easier and it’s got plausible deniability built into it,” Adam Meyers, senior vice president of intelligence at Crowdstrike, told ZDNet earlier this month. “That’s what’s happening – we’re seeing more countries have developed these programs and they’re going to get better at it over time.”

Everyone’s Hacking These Days

Turkey and Colombia may have been named in the Crowdstrike report, but researchers warn that increasingly many other nations are now embracing offensive hacking.

“Trying to ‘predict’ isn’t based on who’s engaging in active exploits. Everyone’s doing it,” warned Bryson Bort, CEO of cyber research firm SCYTHE.

“We only find out a ‘who’ based on what the news wants to cover,” Bort told ClearanceJobs via an email. “For example, Vietnam continues to engage in exploits even though they aren’t in the news every day. The real complication comes from third-party proxies, groups like organized crime working on behalf or directly with nation-states.”

The rise in state-sponsored cyber activity throughout the international community shouldn’t be a surprise either.

“The Web is a virtual space without the equivalent of borders, providing countries which have been historically marginalized on the world stage with an unprecedented opportunity to expand their sphere of political influence, gather intel, and attack strategic targets with little fear of retaliation,” said Chris Olson, CEO of The Media Trust, a digital security, trust and safety provider.

“When we look at data from the cyber operations tracker, mounting cyber initiatives from new players like Turkey and Colombia still pale in comparison to the ‘big players’ – China, Russia and Iran. But while it may take time to catch up, the former could be more dangerous in the long run: new cyber actors are more likely to experiment with diverse attack channels, like Web and App-based surfaces,” cautioned Olson.

“Organizations in the U.S. – and around the world – must be prepared for increased cyber aggression, no matter the source, and be wary of blind spots,” Olson told ClearanceJobs. “Right now, most digital infrastructure is wide open, lacking any built-in mechanisms for safety or trust. The sooner we fix that, the sooner we’ll be prepared for the future of cyber warfare.”

Force Multiplier

Cyber offers an advantage for many smaller nations that can’t afford traditional weapons or run large espionage programs. A few well-trained hackers can be far more effective than a team of “spies,” and even do more damage than traditional “kinetic” weapons.

“I expect any country that can do offensive hacking already does it; we are only talking about the countries where their hacking has been caught and sourced to the government,” said technology industry analyst Rob Enderle of the Enderle Group.

“The goal of most government hacking is information access, not damage, because damage can get out of hand and lead to war,” Enderle told ClearanceJobs. “Plus, the goal of the damage is to harm a country you are in conflict with, and manage, by nature, is visible so the country in conflict will always be suspected of such an attack. But the vast majority of hacks identified go unreported, and the security industry believes that most hacks overall go unfound. Only a minority of hacks are both found and reported. So the following country to be caught hacking would likely be either trying to damage a neighbor as a threat or one with an immature cyber hacking force.”

Yet, the barrier to entry for an offensive cyber warfare program is extremely low – even dangerously so.

“Return on investment goes beyond technical considerations since the availability of tools and techniques means that nation-state actors don’t have to start from scratch,” explained Bort. “With no real cost to getting caught, anyone can wake up, eat their country’s equivalent of Wheaties, and launch an operation, as long as they have Internet accessibility.”

Who Are the Targets?

The question might not be so much who is hacking as it is who are the targets? But the answer is just as ominous – any nation can be the target of a devastating cyber attack. As was seen last year, ransomware attacks shut down an oil pipeline in the United States and had the potential to disrupt food supplies after a meat processor was targeted in a ransomware attack.

As the attacks between India and Pakistan have also shown, it can bring down government website and impact the power grid. To date cyber attacks haven’t been truly devastating but it could simply be a matter of time.

“Everyone can be a potential target depending on the nation states’ interests, even private companies who used to think they were outside nation state interests and purview,” said Bort. “Effective threat modeling – for everyone – is the only way companies can adequately monitor for and mitigate risk.”

 

Related News

Peter Suciu is a freelance writer who covers business technology and cyber security. He currently lives in Michigan and can be reached at petersuciu@gmail.com.