Cyberwarfare refers to cyberattacks against an enemy state. The perpetrator may be affiliated with either an organization or government, and the target could be another government, critical infrastructure, or even a private business.
The potential for cyberwarfare had long been postulated. However, it became a reality in 2007 when a series of distributed denial-of-service (DDoS) attacks targeted Estonian websites (more on that later). Since then, cyberwarfare has been blamed for a blackout in Ukraine, the destruction of nuclear enrichment centrifuges in Iran, and much more.
With increasing concerns about cyberwarfare, it’s essential to understand the tactics, how an attack may impact your business, and how to protect your environment.
Since digital technology is still relatively young, terms continue to evolve. You may see “cybersecurity” stylized as “cyber security,” “cyberattack” as “cyber attack,” “cyberwarfare” as “cyber warfare,” and “cyberwar” as “cyber war.” However, the meaning remains the same. That said, there is a distinct difference between “cyberwarfare” and “cyberwar,” despite some sources using them interchangeably. Cyberwarfare is a set of techniques used in a cyberwar. Think of it as the difference between a few bottles of whiskey and a full bar.
The motivation and objectives of wars vary, and the same is true of cyberwarfare. Attacks may aim to do any of the following:
If a hostile force gained control of military systems or networks, it could steal information, disable key systems, insert disinformation, and more. Not only does this present the possibility of debilitating a nation’s military forces, but an attack could also leverage a nation’s own resources against it. For instance, a hacker could retarget a missile after launch.
Nations rely on a vast array of critical infrastructure. From the internet to the power grid to financial networks, an attack against one of these critical systems could weaken the target country and jeopardize its leader’s political standing.
Research is valuable. Whether it’s medical research, vaccine formulations, or weapons information, the latest research by an adversary can be an appealing target for cyberwarfare. This could be done by nations looking to monitor an enemy’s progress or use the information for their own benefit.
States may use a ransomware attack or other methods to make money while harming enemies.
Hacktivism is a form of cyberwarfare that leverages attacks to promote an ideology. This may mean spreading propaganda, exposing secrets, or sabotaging an opponent. In some instances, hacktivists are also labeled “cyberterrorists.”
The face of the battlefield has evolved over several millennia, and cyberwarfare is poised to be the next era. China, Iran, Israel, North Korea, Russia, the United States, and the United Kingdom are thought to have active cyberwarfare programs and cyber capabilities. Cyberwarfare has many advantages over conventional warfare, so nations are likely to rely on it increasingly.
Can be launched from any distance: A cyberattack can be launched instantaneously from any distance. That means there is no obvious buildup of forces, so the attacker can catch the target off guard.
Hard to trace: The most sophisticated cyberattacks are virtually impossible to trace, reducing the likelihood of retaliation.
Can bypass traditional defenses: Many countries have spent the last hundred years amassing an arsenal of traditional warfare weapons and fortifying their defenses. A cyberattack effectively bypasses these deterrents, allowing even countries with minimal military power to launch attacks against superpowers.
Cyberwarfare can take several forms:
Realistically speaking, cyber espionage is probably happening on a regular basis between world powers. Espionage may include spying and stealing secrets via botnets, spear phishing, and other techniques.
Hostile governments may seek to subvert their adversaries by disrupting critical infrastructure and industries, such as energy, water, communications, and transportation.
Cyber propaganda leverages social media, fake news websites, and other forms of electronic media in an attempt to sway public opinion through psychological warfare. Propaganda efforts may spread lies, expose unfavorable facts, and erode trust.
Adenial-of-service (DoS) attack floods a target network, server, or service with traffic to overload the system and potentially force the resource to go offline.
A reliable electrical grid is critical to national security. In 2009, reports emerged that Chinese and Russian hackers (and potentially other foreign agents) had already infiltrated the U.S. grid and installed software that could cause disruptions. While the veracity of the reports is debated, experts don’t doubt the possibility of an attack on the electric grid. In fact, concerns arose about the security of the power grid again in 2022; this time, the primary concern was threats by domestic extremists.
Economic disruption attacks are often classified as cybercrimes rather than cyberwarfare since they target companies. However, if there is a political or military motive, they can also be considered cyberwarfare. Disruption attacks against widespread systems, such as payment platforms, banking systems, and stock markets, may be especially devastating.
While the identified types of cyberwarfare are scary enough on their own, we also can’t rule out a previously unidentified type of attack. The unexpected nature of such an attack could leave the victim unprepared, setting the stage for a physical attack or hybrid war.
Identifying cyberwarfare attacks is complicated. What qualifies as cyberwarfare is still debated, and it isn’t always possible to identify the true origin of an attack. That said, there have been several incidents and organizations believed to be linked to cyberwarfare.
The Bronze Soldier cyberattacks are thought to be the first instances of cyberwarfare. In 2007, tensions between Russia and Estonia were high after the Estonian government moved a Soviet-era statue, the Bronze Soldier, from the center of the capital city Tallinn to a military cemetery. Over the next few months, many Estonian websites faced DDoS attacks. Circumstantial evidence suggested the attacks were orchestrated by Russia, but the Russian government never claimed credit.
In 2009, the Stuxnet worm attacked the Iranian nuclear program, reportedly damaging or destroying a significant number of centrifuges by speeding them up or changing the pressure to weaken the hardware. Stuxnet’s advanced engineering led experts to conclude that it was designed by a nation-state sponsor. It is widely believed that Stuxnet was created by the U.S. National Security Agency (NSA), the Central Intelligence Agency (CIA), and Israeli intelligence to set back Iran’s nuclear weapons program.
In 2014, hackers stole and leaked emails and unreleased films from Sony Pictures, then wiped thousands of computers. The FBI quickly pinned the attacks on North Korea, citing that IP addresses tied them to the North Korean government. The motive was thought to be preventing the release of “The Interview,” which contained a negative portrayal of North Korean leader Kim Jong Un. That said, some still doubt North Korea’s involvement, meaning it may have been a false flag attack.
Fancy Bear, also known as APT28 and Strontium, is a group of Russian hackers purported to have ties to Russian military intelligence. The group has been accused of several acts of cyberwarfare, including attacks on the Ukrainian artillery, Norwegian parliament, the Democratic National Committee (DNC), COVID-19 vaccine firms, Ukrainian media organizations, and more.
Sandworm, also known as Unit 74455 and Iridium, is an alleged Russian cybermilitary unit that experts suspect has perpetrated several high-profile attacks. In 2015, Sandworm was blamed for using BlackEnergy industrial control system malware in an attack on Ukraine’s power grid. Over 200,000 consumers lost power for up to 6 hours, marking the first known instance of a successful cyberattack against a power grid. The group is also believed to be behind the 2017 NotPetya malware attack that affected the U.S. and Ukraine, interference efforts in the 2017 French elections, the 2018 Olympics cyberattack, and more.
In the buildup to and aftermath of Russia’s February 2022 invasion of Ukraine, Sandworm is thought to have orchestrated attacks on the Ukrainian power grid and malware campaigns.
Businesses may be the targets of any cyberattack, including cyberwarfare. This may be more likely for companies in critical infrastructure sectors, such as communications, energy, the defense industrial base, emergency services, banking, and agriculture. However, any business could fall victim depending on the hostile government’s aims.
The business effects of cyberwarfare are similar to what you might face in the event of any cyberattack:
Stolen data (including personally identifiable information, intellectual property, financial records, etc.)
Disruption of business
Every year, an estimated $600 billion is lost due to cybercrime. That’s almost 1% of global GDP. While this may seem high, it is actually a conservative estimate. With cybercrimes believed to be unreported, the actual financial impact may be far higher.
Fortifying your security posture is the key to reducing the likelihood of a successful cyberwarfare attack or other cybercrime. Here are a few methods to help protect your business:
Risk assessments, penetration testing, red team/blue team exercises, and other tests and simulations allow you to assess your overall security and look at your environment from the perspective of attackers. Assessments and simulations expose potential weaknesses so that you can correct them before malicious actors find them.
While antivirus solutions may not prevent 100% of attacks, they’re a start. Antivirus software scans devices for cyber threats, including malware and viruses, and quarantines files that appear malicious. Think of antivirus software as your home security system. While it prevents most access and alerts to some intruders, clever or particularly persistent actors could still find a way around it.
Implementing policies and procedures may not be the most exciting part of anyone’s job, but it can be one of the most important. A well-crafted IT policy should include policies on passwords, multi-factor authentication, data protection, incident response, and other factors that could make or break your security posture.
In 2022, 36% of employees surveyed said they were pretty certain or very certain they’d inadvertently compromised security in the last year. Providing comprehensive cybersecurity training can make your employees more aware of potential concerns and teach them how to respond.
A cyberattack can incapacitate your business by cutting off access to critical data and applications. If you have secure backups, you can get back on track more quickly if your systems are compromised.
Updates often aim to address known vulnerabilities before hackers have the opportunity to exploit them. Unfortunately, this also alerts cybercriminals to flaws, and they frequently scramble to exploit them with zero-day attacks before businesses deploy patches. Effective patch management is essential for maintaining your security posture.
Protecting against cyberwarfare and other digital threats requires a multifaceted approach. Keeping your machines up to date with PDQ Deploy and Inventory is one of the easiest ways to fortify your security posture. Everything else is more complicated, but we’ve got your back. Follow the PDQ blog and YouTube channel for the latest tips, tricks, and an occasional rant.
Part writer, part sysadmin fangirl, Meredith gets her kicks diving into the depths of IT lore. When she's not spending quality time behind a computer screen, she's probably curled up under a blanket, silently contemplating the efficacy of napping.