Cyberwarfare refers to cyberattacks against an enemy state. The perpetrator may be affiliated with either an organization or government, and the target could be another government, critical infrastructure, or even a private business.
The potential for cyberwarfare had long been postulated. However, it became a reality in 2007 when a series of distributed denial-of-service (DDoS) attacks targeted Estonian websites (more on that later). Since then, cyberwarfare has been blamed for a blackout in Ukraine, the destruction of nuclear enrichment centrifuges in Iran, and much more.
With increasing concerns about cyberwarfare, it’s essential to understand the tactics, how an attack may impact your business, how to prepare your employees and how to protect your environment.
Since digital technology is still relatively young, terms continue to evolve. You may see “cybersecurity” stylized as “cyber security,” “cyberattack” as “cyber attack,” “cyberwarfare” as “cyber warfare,” and “cyberwar” as “cyber war.” However, the meaning remains the same. That said, there is a distinct difference between “cyberwarfare” and “cyberwar,” despite some sources using them interchangeably. Cyberwarfare is a set of techniques used in a cyberwar. Think of it as the difference between a few bottles of whiskey and a full bar.
What does cyberwarfare try to accomplish?
The motivation and objectives of wars vary, and the same is true of cyberwarfare. Attacks may aim to do any of the following:
Interfere with the military
If a hostile force gained control of military systems or networks, it could steal information, disable key systems, insert disinformation, and more. Not only does this present the possibility of debilitating a nation’s military forces, but an attack could also leverage a nation’s own resources against it. For instance, a hacker could retarget a missile after launch.
Disrupt civil infrastructure
Nations rely on a vast array of critical infrastructure. From the internet to the power grid to financial networks, an attack against one of these critical systems could weaken the target country and jeopardize its leader’s political standing.
Steal research
Research is valuable. Whether it’s medical research, vaccine formulations, or weapons information, the latest research by an adversary can be an appealing target for cyberwarfare. This could be done by nations looking to monitor an enemy’s progress or use the information for their own benefit.
Generate income
States may use a ransomware attack or other methods to make money while harming enemies.
Promote an ideology
Hacktivism is a form of cyberwarfare that leverages attacks to promote an ideology. This may mean spreading propaganda, exposing secrets, or sabotaging an opponent. In some instances, hacktivists are also labeled “cyberterrorists.”
Why do governments invest in cyberwarfare?
The face of the battlefield has evolved over several millennia, and cyberwarfare is poised to be the next era. China, Iran, Israel, North Korea, Russia, the United States, and the United Kingdom are thought to have active cyberwarfare programs and cyber capabilities. Cyberwarfare has many advantages over conventional warfare, so nations are likely to rely on it increasingly.
Can be launched from any distance: A cyberattack can be launched instantaneously from any distance. That means there is no obvious buildup of forces, so the attacker can catch the target off guard.
Hard to trace: The most sophisticated cyberattacks are virtually impossible to trace, reducing the likelihood of retaliation.
Can bypass traditional defenses: Many countries have spent the last hundred years amassing an arsenal of traditional warfare weapons and fortifying their defenses. A cyberattack effectively bypasses these deterrents, allowing even countries with minimal military power to launch attacks against superpowers.
What are the types of cyberwarfare?
Cyberwarfare can take several forms:
Espionage
Realistically speaking, cyber espionage is probably happening on a regular basis between world powers. Espionage may include spying and stealing secrets via botnets, spear phishing, and other techniques.
Sabotage
Hostile governments may seek to subvert their adversaries by disrupting critical infrastructure and industries, such as energy, water, communications, and transportation.
Propaganda
Cyber propaganda leverages social media, fake news websites, and other forms of electronic media in an attempt to sway public opinion through psychological warfare. Propaganda efforts may spread lies, expose unfavorable facts, and erode trust.
DoS attack
A denial-of-service (DoS) attack floods a target network, server, or service with traffic to overload the system and potentially force the resource to go offline.
Power grid attack
A reliable electrical grid is critical to national security. In 2009, reports emerged that Chinese and Russian hackers (and potentially other foreign agents) had already infiltrated the U.S. grid and installed software that could cause disruptions. While the veracity of the reports is debated, experts don’t doubt the possibility of an attack on the electric grid. In fact, concerns arose about the security of the power grid again in 2022; this time, the primary concern was threats by domestic extremists.
Economic disruption attack
Economic disruption attacks are often classified as cybercrimes rather than cyberwarfare since they target companies. However, if there is a political or military motive, they can also be considered cyberwarfare. Disruption attacks against widespread systems, such as payment platforms, banking systems, and stock markets, may be especially devastating.
Surprise attack
While the identified types of cyberwarfare are scary enough on their own, we also can’t rule out a previously unidentified type of attack. The unexpected nature of such an attack could leave the victim unprepared, setting the stage for a physical attack or hybrid war.
5 examples of cyberwarfare
Identifying cyberwarfare attacks is complicated. What qualifies as cyberwarfare is still debated, and it isn’t always possible to identify the true origin of an attack. That said, there have been several incidents and organizations believed to be linked to cyberwarfare.
Bronze Soldier
The Bronze Soldier cyberattacks are thought to be the first instances of cyberwarfare. In 2007, tensions between Russia and Estonia were high after the Estonian government moved a Soviet-era statue, the Bronze Soldier, from the center of the capital city Tallinn to a military cemetery. Over the next few months, many Estonian websites faced DDoS attacks. Circumstantial evidence suggested the attacks were orchestrated by Russia, but the Russian government never claimed credit.
Stuxnet
In 2009, the Stuxnet worm attacked the Iranian nuclear program, reportedly damaging or destroying a significant number of centrifuges by speeding them up or changing the pressure to weaken the hardware. Stuxnet’s advanced engineering led experts to conclude that it was designed by a nation-state sponsor. It is widely believed that Stuxnet was created by the U.S. National Security Agency (NSA), the Central Intelligence Agency (CIA), and Israeli intelligence to set back Iran’s nuclear weapons program.
Sony Pictures hack
In 2014, hackers stole and leaked emails and unreleased films from Sony Pictures, then wiped thousands of computers. The FBI quickly pinned the attacks on North Korea, citing that IP addresses tied them to the North Korean government. The motive was thought to be preventing the release of “The Interview,” which contained a negative portrayal of North Korean leader Kim Jong Un. That said, some still doubt North Korea’s involvement, meaning it may have been a false flag attack.
Fancy Bear
Fancy Bear, also known as APT28 and Strontium, is a group of Russian hackers purported to have ties to Russian military intelligence. The group has been accused of several acts of cyberwarfare, including attacks on the Ukrainian artillery, Norwegian parliament, the Democratic National Committee (DNC), COVID-19 vaccine firms, Ukrainian media organizations, and more.
Sandworm
Sandworm, also known as Unit 74455 and Iridium, is an alleged Russian cybermilitary unit that experts suspect has perpetrated several high-profile attacks. In 2015, Sandworm was blamed for using BlackEnergy industrial control system malware in an attack on Ukraine’s power grid. Over 200,000 consumers lost power for up to 6 hours, marking the first known instance of a successful cyberattack against a power grid. The group is also believed to be behind the 2017 NotPetya malware attack that affected the U.S. and Ukraine, interference efforts in the 2017 French elections, the 2018 Olympics cyberattack, and more.
In the buildup to and aftermath of Russia’s February 2022 invasion of Ukraine, Sandworm is thought to have orchestrated attacks on the Ukrainian power grid and malware campaigns.
How can cyberwarfare impact businesses?
Businesses may be the targets of any cyberattack, including cyberwarfare. This may be more likely for companies in critical infrastructure sectors, such as communications, energy, the defense industrial base, emergency services, banking, and agriculture. However, any business could fall victim depending on the hostile government’s aims.
The business effects of cyberwarfare are similar to what you might face in the event of any cyberattack:
Lost income
Stolen data (including personally identifiable information, intellectual property, financial records, etc.)
Increased expenses
Disruption of business
Reputational damage
What are the impacts of cybercrimes on the economy?
Every year, an estimated $600 billion is lost due to cybercrime. That’s almost 1% of global GDP. While this may seem high, it is actually a conservative estimate. With cybercrimes believed to be unreported, the actual financial impact may be far higher.
How do you protect your business from cyber threats?
Fortifying your security posture is the key to reducing the likelihood of a successful cyberwarfare attack or other cybercrime. Here are a few methods to help protect your business:
Conduct risk assessments and simulations
Risk assessments, penetration testing, red team/blue team exercises, and other tests and simulations allow you to assess your overall security and look at your environment from the perspective of attackers. Assessments and simulations expose potential weaknesses so that you can correct them before malicious actors find them.
Use a quality antivirus software
While antivirus solutions may not prevent 100% of attacks, they’re a start. Antivirus software scans devices for cyber threats, including malware and viruses, and quarantines files that appear malicious. Think of antivirus software as your home security system. While it prevents most access and alerts to some intruders, clever or particularly persistent actors could still find a way around it.
Establish clear policies and procedures
Implementing policies and procedures may not be the most exciting part of anyone’s job, but it can be one of the most important. A well-crafted IT policy should include policies on passwords, multi-factor authentication, data protection, incident response, and other factors that could make or break your security posture.
Train your employees
In 2022, 36% of employees surveyed said they were pretty certain or very certain they’d inadvertently compromised security in the last year. Providing comprehensive cybersecurity training can make your employees more aware of potential concerns and teach them how to respond.
Back up data
A cyberattack can incapacitate your business by cutting off access to critical data and applications. If you have secure backups, you can get back on track more quickly if your systems are compromised.
Install updates regularly
Updates often aim to address known vulnerabilities before hackers have the opportunity to exploit them. Unfortunately, this also alerts cybercriminals to flaws, and they frequently scramble to exploit them with zero-day attacks before businesses deploy patches. Effective patch management is essential for maintaining your security posture.
Protecting against cyberwarfare and other digital threats requires a multifaceted approach. Keeping your machines up to date with PDQ Deploy and Inventory is one of the easiest ways to fortify your security posture. Everything else is more complicated, but we’ve got your back. Follow the PDQ blog and YouTube channel for the latest tips, tricks, and an occasional rant.