State-sponsored security breaches: When nations wage cyberwar
State-sponsored security breaches: When nations wage cyberwar
State-sponsored security breaches: When nations wage cyberwar
- Author:
- June 2, 2023
Since 2015, there have been increasingly sophisticated and destructive cyberattacks against companies and critical infrastructures to cripple or disrupt their operations. While ransomware and hacking incidents are nothing new, they become more potent when they are backed by the resources of an entire country.
State-sponsored security breaches context
State-sponsored cyberattacks are rising, presenting a severe threat to the international community. These attacks involve data extortion through ransomware, intellectual property (IP) theft, and surveillance, and can cause widespread damage and tremendous costs. They are often used during peacetime when rules of engagement and international humanitarian law are not clearly outlined. As cybersecurity of high-profile targets have improved, hackers have turned to supply chain attacks that compromise software or hardware before installation. These activities are done to infiltrate data and manipulate IT hardware, operating systems, or services. In 2019, supply chain attacks increased by 78 percent.
In addition, state-sponsored cybercrimes against financial institutions are becoming common. According to Reuters, of the 94 cases of financial cyberattacks since 2007, 23 of them are believed to be from nation-states like Iran, Russia, China, and North Korea. In general, state-sponsored security breaches and cyberattacks have three main goals: to identify and exploit vulnerabilities in critical infrastructures (e.g., manufacturing and electricity), gather military intelligence, and steal or manipulate company data. One of the recent high-profile incidences is the 2020 Russia-sponsored attack on software company SolarWinds, which exposed thousands of its clients, including access to systems in Microsoft and, worse, the US federal government.
Disruptive impact
Critical infrastructure attacks have also gained headlines because of their immediate and long-lasting consequences. In April 2022, the US Cybersecurity and Infrastructure Security Agency (CISA), in partnership with cybersecurity authorities from the US, Australia, Canada, and the UK, warned that Russia might increase its critical infrastructure attacks as retaliation for economic sanctions imposed on the country for its 2022 invasion of Ukraine. CISA also identified Russian attempts (2022) to overwhelm systems through distributed denial-of-service (DDoS) and planting destructive malware against the Ukraine government and utility operators. While most of these attacks are state-sponsored, a growing number of independent cybercriminal groups have pledged their support for Russia’s invasion.
In June 2022, CISA also announced that state-sponsored cybercriminals from China were actively trying to infiltrate a network of information technology (IT) infrastructure, including public and private sectors. In particular, telecommunications companies are being targeted to control and disrupt Internet and network access, leading to security and data breaches. CISA said the unsecured and unpatched network devices are often the entry points of these attacks.
Meanwhile, government-backed cybercriminals are using a new method called “hybrid warfare,” which involves attacks on both physical and digital components. For example, in 2020, 40 percent of identified state-sponsored cyber assaults were on power plants, wastewater systems, and dams. To prevent such incidences, companies are encouraged to update their cybersecurity systems and immediately remove or isolate affected servers and infrastructures.
Wider implications of state-sponsored security breaches
Possible implications of state-sponsored security breaches may include:
- Increased political tensions between Russia-China and their allies and the West and its allies over the mounting utilitzation of cyber attacks and espionage.
- Increased public and private sector investments in cybersecurity solutions, including using AI systems to identify cyber vulnerabilities. Cybersecurity will continue to be an in-demand field within the labor market throughout the 2020s.
- Governments regularly launching bug bounty programs to encourage ethical hackers to identify potential breaches.
- Countries using cyber war to issue a warning, a retaliation, or to assert dominance.
- A growing number of state-sponsored cybercriminal groups and operations gaining public funds to access the latest technology, equipment, and the best security professionals.
Questions to consider
- How else do you think state-sponsored cyberattacks are going to affect international politics?
- What are the other implications of these attacks on societies?
Insight references
The following popular and institutional links were referenced for this insight: