What is cyber warfare?
We explain what cyber warfare is and why you need to pay attention to the threats posed
Sending soldiers into trenches and onto the frontline is no longer necessary as the hell of war is increasingly conducted online. This is called cyber warfare and it involves the use of technology to attack other nations, governments, and citizens by attacking their computer systems.
Although there's been no all-out "cyber warfare" between to nation-states to date, reports of state-sponsored attacks increase each year. Countries like Russia and China often appear in these news stories.
In June 2019, it was reported that US President Donald Trump opted for a cyber attack on Iranian missile systems as opposed to more conventional methods. The attack was a response to a takedown of a surveillance drone.
Unlike standard weapons of destruction, cyber warfare is harder to trace as elements like malware can be embedded into a system secretly. Often, state-sponsored attacks go unclaimed, leaving room for speculation. Then there are the occasions when hacking groups admit their crimes - problem is that they're never "officially" liked to a particular state.
Dying on the front line is almost a thing of the past as war online is fast becoming the norm for many disgruntled leaders around the world.
Is anyone under cyber warfare attack?
The answer, if you go by the dictionary definition, is an unequivocal yes. Along with most Western countries, there are concerted cyber attacks pretty much daily against government organisations and enterprises alike. But are we engaged in a cyberwar? Not according to the 'clear and unambiguous' attribution requirement.
We know that Russia and China are developing cyber weapons to use in any future cyber conflict, and the US, France and Israel are just as active as nation states leading the way in this endeavour. But that doesn't mean we can say any of these countries are using them, although we know they have the capability and have done so in the past. Stuxnet, for example, was a joint venture between Israel and the USA to destroy Iran's nuclear programme capability.
What weapons are used in cyber war?
Primarily, the weapons are not dissimilar to those we see being used in criminal attacks all the time. There botnets ready to launch distributed denial of service (DDoS) attacks that can cause widespread disruption to critical services or act as resource diverting smokescreen for other activity on the network or both. Social engineering and spear phishing techniques are also weaponised to introduce an attacker into the system of an adversary. The insider threat is a very real weapon in the cyber warfare armoury, with a mole able to introduce a threat directly to the network or exfiltrate highly sensitive or secret material.
Stuxnet, which was discovered in 2010, is a great example of how multiple layers of attack can be successfully used. Someone working within the Iranian nuclear power programme knowingly or unknowingly physically inserted a USB stick infected with the Stuxnet worm into an air-gapped system. The malware, which used multiple zero-day exploits, searched for specific software controlling centrifuges, and once located reprogrammed them to spin dangerously fast then slow, undetectably, for a period of several months. Eventually, the centrifuges broke, and more than 1,000 machines were effectively destroyed.
Although nobody has ever claimed responsibility for the attack, it's widely believed this cyber weapon was created as a joint effort by the Israeli and US military. Indeed, neither country has ever denied it and it's alleged that Stuxnet was played as part of a showreel at the retirement party of the head of the Israeli Defence Force (IDF).
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Other examples of cyber warfare
While Stuxnet is one of the best examples of cyber warfare in action, there are other significant events that can be attributed to state-level attacks.
One recent example comes from Russia - a country that has been accused of many and various state-level cyberattacks. Russia is accused of mounting multiple cyber attacks against Ukraine, including the BlackEnergy attack that cut the power to 700,000 homes in the country in 2015 and the NotPetya malware, which masqueraded as ransomware but was in reality designed purely to destroy the systems it infected.
North Korea, which has been generating headlines over its nuclear posturing and turbulent diplomatic relationship with the US, has also been active in cyberspace. According to researchers, the North Korean state has been linked to the prolific and dangerous hacking organisation codenamed HIDDEN COBRA, also known as the Lazarus Group. Both the Sony hack of 2014 and the hack of a Bangladeshi bank in 2016 were pinned on these hackers.
Cyber attacks and hybrid warfare
Increasingly, cyber attacks are being seen as an aspect of what's known as hybrid warfare.
As explained by The Conversation, the term hybrid warfare is somewhat ill-defined and has changed in meaning over the past ten years or so since it came into use. Increasingly, however, it's used to describe the typical cyber warfare practices laid out here with efforts to disrupt democratic processes.
For example, in the run-up to an election, "Group A" may engage in efforts to alter sentiment through channels like social media while simultaneously targeting the websites of its main competitors, "Group B" and "Group C", with DDoS attacks or cyber vandalism.
Often, it won't be Group A itself that engages in these activities, but instead it will outsource to companies that specialise in the spreading of disinformation and hackers for hire. This makes it more difficult to trace back.
This is a tactic also seen in state-sponsored cyber attacks, where countries claim an attack originates from "patriotic hackers" acting on their own terms without any persuasion or reward from the state.
Indeed, when it comes to nation states, we can see another aspect of hybrid cyberwarfare when cyber attacks are carried out alongside "kinetic attacks", which is to say traditional warfare tactics like bombs. This is similar to when, in the past, saboteurs would target critical infrastructure ahead of an invasion, only now the attacks can happen remotely.
The only cyber weapon that is perhaps even more dangerous and disruptive than the zero-day is the false flag. We know that, for example, the attack by the so-called 'Cyber Caliphate' claiming to be affiliated to ISIS on a US military database was a false flag operation by the Russian state-sponsored hacking group APT 28. Why does this matter? Because the US retaliated with kinetic attacks on cyber communication channels and drone strikes against human targets in Syria. Hearts and minds people...
Top 5 challenges of migrating applications to the cloud
Explore how VMware Cloud on AWS helps to address common cloud migration challengesDownload now
3 reasons why now is the time to rethink your network
Changing requirements call for new solutionsDownload now
All-flash buyer’s guide
Tips for evaluating Solid-State ArraysDownload now
Enabling enterprise machine and deep learning with intelligent storage
The power of AI can only be realised through efficient and performant delivery of dataDownload now