There have been many wars across the world since the beginning of time. Most of these wars were physical, boots on the ground, firefights. Taking a few glances at the news tells you that we are moving into the territory of World War III. For instance, just over the Fourth of July weekend, we saw the largest ransomware attack in history. The Kaseya Ransomware attack affected over 1500 businesses and over 1 million locked machines. However, this won’t be a weapons war. It is a cybersecurity war.
Marshall McLuhan said, “World War III is a guerrilla information war with no division between military and civilian participation,” in his 1970 book Culture is Our Business. Of course, he alluded more to propaganda and cultural wars. However, with the rise in cybersecurity attacks over the last few years, it easily applies to a cyberwar as well.
Russia has long been in the spotlight for cyberattacks and misinformation campaigns, yet the war became twice as big with July 20th’s statement from Secretary of State Antony J. Blinken that China’s Ministry of State Security “has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.”
What Is Cyber Warfare?
Cyberwarfare is difficult to pin an exact definition to, but the generally accepted definition is using cyberattacks against a nation that will cause it significant harm. This can, in fact, include physical warfare, loss of life, or disruption of essential computer systems.
Here are some examples of a cybersecurity war tactic:
- Phishing, viruses, or malware that attack and take down critical infrastructure
- DDoS attacks that stop legitimate users from accessing devices or networks
- Stealing critical data from governments, businesses, or institutions
- Cyber espionage that steals information and compromises national security and stability
- Ransomware that holds data hostage
- Lastly, any propaganda or campaigns used to spread disinformation that leads to chaos
Types of Cyber Warfare Attacks
There are three main types of cyber warfare attacks during a cybersecurity war.
Recently, cybercriminals have attacked governments through their critical infrastructures, such as transportation systems, power grids, banking systems, dams, water supplies, and hospitals. The increase in usage of the internet has made industries like manufacturing even more susceptible to attacks.
From the perspective of national security, hacking into digital infrastructure can inflict damage on vital modern services. For instance, an attack on the energy grid could massively impact industrial, commercial, and private sectors. This was seen in an attack on Ukraine where an operator’s computer at an electrical substation was hacked. The hacker took over and took the substation offline which left thousands of people without power.
Any cyberattack used to sabotage government systems can support conventional war efforts. These attacks can then stop government officials from communicating, enable intelligence theft, threaten national security, and contaminate digital systems. For example, a hacker may target military databases to get information on troop locations, along with the equipment and weapons they are using. An example of such as weapon is Stuxnet. Professionals uncovered this malicious computer worm in 2010 that targets supervisory control and data acquisition systems. It is indeed believed that it is responsible for causing substantial damage to Iran’s nuclear program.
Whenever someone hacks into a computer system and steals data, it is considered data theft. They can then use this data to incite scandals or chaos, destroy the data, or hold the data for ransom. The Office of Personnel Management (OPM) hack is an example of this. In 2015 the OPM was hacked and the hackers got access to many background checks and security clearance files of former, current, and prospective federal employees. The data also included forms that had intimate details of these employee’s personal life.
Major Cyber Warfare Attacks During a Cybersecurity War
Cyberwarfare attacks are happening all the time, but there have been a few recently that have been especially troubling.
In 2019 the company SolarWinds was attacked by a group linked to the Russian government. They compromised the software and used it to send a malicious update. This then ended up affecting around 18,000 organizations. Some of the customers who noticed effects:
- US State Department
- US Treasury Department
- Department of Homeland Security
- US Commerce Department
- US Department of Energy
- Lastly, VMware
Another hacking group from China was attacking SolarWinds simultaneously. These hackers, called Spiral, took advantage of a hole in the Orion software. They used the hole to install a malicious web shell called Supernova. It was then placed on the network of customers who used SolarWinds as a network management tool.
Accellion is a firewall vendor that suffered a cybersecurity attack in December 2020. They knew there were vulnerabilities in one of their network’s equipment offerings, and they were quietly releasing patches to fix them. However, their patches came a little too late.
There have been dozens of companies and government organizations worldwide who have admitted to having been breached due to the vulnerabilities. Many of these companies and organizations are facing extortion. The ransomware group, Clop, is threatening to release the data they gathered if the companies and organizations don’t pay the ransom.
Experts found the vulnerabilities in the File Transfer Appliance (FTA). It consists of a dedicated computer used to move large and sensitive files within a network. Normally, a hacker has to work to find sensitive files within a network, but that isn’t the case here. By nature of FTA, the files pre-identified as sensitive. This made it extremely easy for the hackers. While other cybersecurity attacks appear to focus on espionage, this attack was motivated by making a profit.
The major companies and organizations affected were:
- Reserve Bank of New Zealand
- Australian Securities and Investment Commission
- Washington State
- University of Colorado
- Jones Day
- Shell Oil
- Lastly, Flagstar Bank
FTA was already at the end of its life, and Accellion was planning to stop supporting it by the end of April 2021. They worked on moving all of its customers to their new product, Kiteworks.
Investigators say that the attacks were so damaging because they were being exploited extremely quickly, and Accellion was not being forthcoming enough about the risks of using FTA. The attacks resulted in multiple lawsuits against Accellion.
Hafnium Microsoft Attack
Hafnium is a cyberattack group based out of China. They were involved in four Zero-Day attacks on Microsoft Exchange on-premises servers. In these attacks, the hacker used vulnerabilities to access on-premises Exchange servers, giving them access to the email accounts. This then gave them the opportunity to install additional malware to facilitate long-term access to victim environments. They did this by deploying web shells on the servers they compromised. This allows them to steal data and perform more malicious actions.
There were approximately 60,000 systems that were vulnerable to this attack. When Hafnium knew a patch was coming, they indiscriminately compromised over 30,000 systems. After the patch release, dozens of groups used public exploits to deploy ransomware, malware, and crypto miners. Some just took advantage and vandalized systems. The European Banking Authority and Acer noticed the effects.
Learn More About the Cybersecurity War
Since much of the world exists online, there are always going to be people trying to exploit weaknesses. There are small-scale cyber-attacks frequently, and larger-scale attacks seem to be becoming more common as well. As mentioned, the Kaseya attack just happened, and it is likely not the last. Therefore, it is imperative that companies and organizations learn from these attacks and better protect their data.
There is no longer a difference between civilian and military targets, everyday we see more and more businesses struck by advanced nation state actors. It is no longer enough to just hope for the best with bare minimum cybersecurity. Agile IT is a cybersecurity forward Microsoft partner with deep history in the defense industrial base. If you want to defend your organization with the best cybersecurity frameworks in the world, contact us to find out more.