Pages

25 December 2021

Cyber Warfare: What To Expect in 2022

C.J. Haughey

Cyberwarfare is not a future threat—it’s a clear and present danger. While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality.

Digital transformation has brought great convenience to consumers with mobile apps and e-commerce. And the evolution of the cloud and shift to remote work environments are a boon for productivity and performance. But for criminals and political activists, the modern internet offers a highway for furthering their cause, whether it be financial gain, government influence or political instability.

Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Website Defacing

Website defacement is a low-level form of cyber crime that often targets small sites with poor security and a lack of maintenance. While young amateur hackers without serious ill intentions are often the perpetrators, the propaganda around such incidents is a concerning trend for international relations.

Teenage pro-Iranian hackers claimed responsibility for defacing a website in 2020, leaving their social media handles alongside protest messages. In the past, organizations based in China and Taiwan conducted reciprocal defacing attacks for several years, adding fuel to the fire of an already volatile relationship. When complex political issues enter the picture, the significance of “minor” website defacing shouldn’t be underestimated.
Distributed Denial of Service (DDoS) Attacks

DDoS attacks use multiple computers to overwhelm an IT security system with a flood of information from many sources at the same time. Hackers can use this approach to trip the system and distract security teams from a more sinister breach, like the infiltration of ransomware.

This type of attack is increasingly common in the private sector, especially in the finance industry. And midway through 2021, over 200 organizations across Belgium were hit with DDoS attacks, including the government and parliament websites.

Cyberwarfare of this kind can come from either individual citizens, organized groups or even nation-state operators. Cybersecurity experts are watching the evolution of DDoS attacks closely, monitoring their sources and how they impact both organizations and nations as a whole.

Mikko Hyppönen, the chief research officer of F-Secure, has been helping authorities to fight cybercrime for over 30 years. “In the 1990s, I wouldn’t have believed that national governments, intelligence agencies and the armed forces were developing and deploying malware against other countries. The notion would have sounded like science fiction to me,” he admits. “But it’s obvious in hindsight. It makes perfect sense. Cyber tools are excellent weapons. They’re efficient, affordable and deniable.”
Ransomware Gangs

Ransomware is a type of malware—malicious software—that blocks access to computer files, data or programs until the victim pays the attacker. Typically, cybercriminals offer an ultimatum: pay the ransom to get a decryption code to unlock their IT systems or lose everything forever.

This growing problem has gone far beyond attacks on individuals to incidents of companies having to pay millions to the gangs extorting them. From pipelines to hospitals, ransomware attacks were bigger than ever in 2021. And while these attacks typically have clear financial motivations for the bad actors, the same tactics can be used as part of a diverse array of attacks as part of a full cyberwarfare campaign.
The Growth of Cryptocurrency

Cybercriminals have made cryptocurrency their preferred payment method for ransomware attacks and “hacking for hire” businesses. It can be traded anonymously, which is perfect for criminals. Also, considering the vast sums in play, it would be almost impossible for victims to pay with any other legitimate currency on short notice.

In July of 2021, affiliates of the Russia-based ransomware gang REvil were exploiting unknown vulnerabilities in IT management software at small public-sector bodies, credit unions and schools across the United States. The attack hit hundreds of US companies, and the group demanded $70 million in Bitcoin.

The Colonial Pipeline attack is the most notorious example of this style of ransom attempt. Bloomberg reported that the FBI claims to have recouped most of the ransom from the Russian group allegedly to blame for the attack.

Here are a few other examples of cybersecurity issues involving cryptocurrency:

Cryptojacking: Hackers trick people into clicking a malicious link in an email. Once the malware executes in the victim’s browser, it loads cryptomining code on the system. Many hackers abused a JavaScript code available on Coinhive to mine Monero coins on their victim’s computers. However, since the site was shut down in 2019, incidents of cryptojacking have tumbled.

Non-Fungible Tokens: NFTs enjoyed a boom in interest in 2021, with many new investors entering the burgeoning market. OpenSea is the world’s largest NFT marketplace, with transaction volume topping $3.4 billion in August 2021. A study from Check Point Research identified critical security flaws in OpenSea, which could leave user accounts and cryptocurrency wallets susceptible to theft if hackers created malicious NFTs. Thankfully, OpenSea moved quickly to fix the issues and tighten security protocols around buying and selling NFTs.

Stolen crypto wallets: In August 2021, hackers stole $600m in the biggest hack ever in the decentralized finance space. Remarkably, after exploiting a vulnerability in the Poly Network’s system, the hacker has since returned all the tokens to the platform. After the attack, the now semi-famous “Mr. Whitehat” claimed he stole the funds to keep them safe, putting the coins in a “trusted account” to highlight the bug before someone else took them. Unfortunately, not all hacks have a happy ending like this one.

Demanding ransom payment in cryptocurrency isn’t the only way cybercriminals use the decentralized finance industry to their advantage. As digital currencies and neobanks challenge traditional paradigms in banking, new avenues for financial crime become a problem for us all. Even with increased scrutiny of cryptocurrency, we can expect more issues like these to come up throughout 2022.

Weaponized Operational Technology (OT) Environments

According to Gartner, cybercriminals are expected to weaponize operational technology (OT) environments to harm or kill humans by 2025. Hackers can already shut down critical hardware or software to lock people out of programs and assets or render vital services unusable.

Tarah Wheeler is a Cybersecurity Fellow from the Kennedy School of Government at Harvard University. She asserts that cyber warfare examples like the notorious WannaCry ransomware attack should be classified as war crimes. The attack from hackers based in North Korea initially hit the US before taking down the National Health Service (NHS) in the UK and telecommunications company Telefonica.

Suddenly, emergency rooms shut down and patients could not get cancer treatments. Some data is still missing. Wheeler says, “If it wasn’t for a 23-year-old finding a kill switch for the attack, we don’t know how many people could have died as a result.”

Attacks like that on the Colonial Pipeline and the attempt to poison the water supply in Florida prove how vulnerable our interconnected world is in the cloud age. Future wars are sure to include cyberwarfare operations where hackers hijack drones and autonomous vehicles to misdirect or abuse them.

Penetration Attacks

Penetration tools are the driving force that underpins many sophisticated ransomware attacks. Ironically, these tools were designed to help companies test their security posture and identify weaknesses.

Now, hackers use the tools to target organizations with high-value data, such as those in national defense or finance. Advanced persistent threat (APT) attacks leverage concentrated penetration methods to eventually gain network access and then remain inside undetected while the perpetrators steal data.

In March 2021, a cyber attack on the University of the Highlands and Islands (UHI) forced the institution to close all 13 of its colleges and facilities for a day. The investigation found that the attackers used Cobalt Strike, a penetration testing toolkit that security researchers commonly use for legitimate purposes.

This type of cyber crime is such a problem that the market for pentesting is set to exceed $3 billion by 2027. As hackers continue to customize the tools, we can expect more data exfiltration and extortion attacks in 2022.
Deepfake Technology

Deepfakes— a portmanteau of “deep learning” and “fake”— are an edited production containing images, video, audio and text content that makes it appear someone has said or done something they never actually said or did.

As artificial intelligence and deep learning technology become more advanced and accessible, it’s easy for people to create and use deepfakes for illegitimate gains. In 2020, a Hong Kong bank manager was tricked by a deepfake phone call, as he believed he was talking to a familiar voice—a company director. The manager promptly authorized the request to make $35 million in transfers, with additional fake emails between the director and a lawyer making the scam more believable.

Criminals could use voice cloning and deepfakes to carry out large-scale thefts on banks or manipulate stock markets, potentially triggering mass panic in financial markets and the wider public sphere. In March 2021, the FBI predicted that malicious actors will leverage synthetic content like deepfakes and voice cloning for foreign influence operations within the next 12-18 months.

Why 2022 Is a Make-or-Break Year in Cybersecurity

In February 2020, Amazon prevented the largest distributed denial of service (DDoS) attack in history. At that time, e-commerce security experts declared the attack as “a warning we should not ignore”. But as we move into 2022, it is not only e-commerce security that we must think about. Political unrest between many superpowers has already got some media outlets making predictions of a “Cyber Cold War”.

In October 2021, the US held a forum with 30 countries to form a global Counter-Ransomware Initiative. The online meeting hosted by the White House National Security Council is the first significant step toward forging a unified defensive front and law enforcement collaboration on major cybersecurity issues, such as the illicit use of cryptocurrency.

Final Thoughts

Imagine switching on the news in the morning to hear reports of a massive coordinated cyber attack against your country. Hackers have infiltrated the highest levels of government and critical infrastructure, taking out banks, energy. utilities, transportation hubs and hospitals.

While it may seem far-fetched, this scenario is entirely possible today. As technology advances and political unrest continues to fray international relations—particularly between powerful countries—enterprises need to do more to protect their systems from attack.

Combat in cyberspace is unpredictable and hard to track. But every incident provides lessons for security teams. OpenSea and Poly Network were fortunate as people pointed out their vulnerabilities before a real disaster struck. Government organizations might not be so lucky.

Want to learn more about cyberwarfare? Check out our Threat Research resources to read the latest cybersecurity threat research on vulnerabilities, threat actors, malware and more from the experts at IBM Security X-Force.

No comments:

Post a Comment