By Kumar Ritesh, Founder and CEO, CYFIRMA
Over the past two decades, businesses, governments, and the public have all witnessed unprecedented growth in the digital economy. From the design of critical infrastructure to the sale and purchase of a simple pen, all this can be done on a digital platform. But every evolution has a parallel, and this is true for digitization. Threat actors and their attack surfaces have evolved, expanded, and are now replacing the traditional combat war with a new approach – the Cyber Warfare.
Since the turn of the 21st century, the world has seen a shift from traditional combat to cyber warfare. One of the main factors for this shift is the fact that digitization has now become part of the very fabric of growth for organizations, and with it, the increased attack vectors.
According to IDG ‘s 2018 Digital Business Survey, 89% of organizations have already adopted or are pursuing a digital-first strategy. Of the 7 percent of respondents who fully implemented this strategy, almost one-third (32%) said that digital transformation has already helped their organization achieve an average increase of 23 percent in revenue growth.
Governments have become increasingly aware that digitization and its advanced networks are now the driving force of a country’s economy. From the financial sector, including banking services, to sectors such as transport, power, and utilities, everything is digitally controlled and monitored by computers. Intelligence agencies are particularly focused on cyberattacks on businesses that control key and critical infrastructures such as nuclear installations, defense services, hospitals, and air traffic.
State-sponsored hackers have found a preference for corporate espionage, the exfiltration of intellectual property to narrow the technological gap with competing nations, the stealing of PII and CII data for financial gain, and defaming adversaries to further socio-political agendas.
Hackers have explored new attack surfaces as industry and country IT systems have remained vulnerable with poorly configured and outdated programs and applications. Weak applications or networks become a test field for hackers as they carry out advanced persistent threat (APT) attacks, first establishing long-term connections, then understanding the architecture of the targeted organization, and finally starting to mine sensitive data such as PII, official documents, agreements, compliance data, etc. The Anthem APT attack, which compromised almost 80 million customers PII data, is a popular example of such an attack.
It is now of utmost importance for governments and businesses to adopt a predictive approach to protecting their reputation, ensuring business continuity and protecting national interests. However, this can only be achieved by going deep into the hacker trenches to gain real-time cyber threat visibility. To this end, we need a platform that can discover evolving threats, decode, and segregate valuable cyber threat insights from the vast amount of data available.
In order to beat hackers in their own game, cyber intelligence is needed for businesses to take action against unseen threats. Having a platform that allows one to predict a cyberattack is needed more than ever before. And there’s one that fits the bill – CYFIRMA’s DeCYFIR.
Using DeCYFIR, CYFIRMA researchers analyzed data sources across deep/dark web, hacker forums and closed communities, and uncovered the following cyber-war threat scenarios.
- Trade wars fueling cybercrime and cyber-warfare
The ongoing trade war between two of the world’s largest economies – the US and China – has already created a geopolitical strain. The US has long accused China of unfair trade and theft of intellectual property. The race for political and technological supremacy has now fueled cyber warfare.
- Geopolitical conflicts between neighboring countries
Relations between Japan and South Korea, China, and India, China, and Australia have deteriorated rapidly over wartime issues and bilateral trade differences.
War hysteria, historical differences, and geopolitical supremacy will lead state-sponsored hackers to push their cyberattack threshold to a limit. Social hacktivists, political parties, and large corporations will be drawn to cybercrime as a means of achieving business and political objectives, fueling the expansion of the hackers-for-hire economy.
- Enhanced versions of previously used malware and attack vectors
Hackers have started to refurbish and use enhanced versions of previously used malware and attack vectors.
One such example is the BlackEnergy malware in Ukraine. Recently, this malware has been upgraded (now known as BlackEnergy 3) and sold on the dark web. It now adds the SSH keys of the attacker to the victim’s machine in a list of authorized key files, which then trusts the attacker’s key to secure communication. Similarly, CYFIRMA’s threat intelligence algorithm caught a suspected Vietnamese state-sponsored group, OceanLotus, exploiting old vulnerabilities and using existing malware to attack opinion leaders, influencers, banks, media houses, real estate agencies, and foreign companies across a number of countries , including China, Laos , Thailand, and Cambodia.
- Emerging and Elastic Attack Surface
New technologies such as 5 G Internet of Things ( IoT), autonomous critical infrastructure, artificial intelligence, industry 4.0, cryptocurrency, cloud, virtual reality ( VR), augmented reality ( AR), drones and many more have also increased the attack surface.
CYFIRMA ‘s intelligence research has revealed new attack vectors such as identity theft, fraudulent transactions, asset theft, impersonation, malicious code injection, on-boarding and off-boarding of accounts and fictitious applications that cyber criminals could use to attack financial institutions, cryptocurrency exchanges, trading platforms and retail organisations.
- Cyber-criminals will engineer public opinion
Cyber-criminals are actively involved in changing the social and economic configuration of society by influencing public opinion, including tampering with state elections. CYFIRMA’s threat intelligence revealed the escalating interests of hackers towards national apparatuses such as government policy-making agencies, rating agencies, and other organizations that can influence decision-making. The overall objective is to bring about social stratification and division.
The fact that cyber warfare is not physical compared to traditional combat warfare does not mean that it can be less harmful. We have already seen evidence of monetary and physical disruption that could cause businesses, governments and civilians alike, such as the Sony Pictures hack, the Ukrainian BlackEnergy attack on SCADA and Stuxnet. Government, businesses, and civilians all need to be protected from cyber-war chaos, and CYFIRMA’s DeCYFIR provides early threat detection and containment.
DeCYFIR is a cloud-based AI (Artificial Intelligence) and ML (Machine Learning) platform for cybersecurity and threat intelligence.
DeCYFIR consists of a number of key modules – Threat Visibility and Intelligence, Cyber Situational Analytics, Cyber Incident Analytics and Cyber Education.
DeCYFIR ‘s intelligence-centric model prepares the organization in the event that it is caught in the middle of a crossfire. By decoding threats and applying threat intelligence, cyber operations can shift from proactive to predictive.
Visit CYFIRMA.com to learn how CYFIRMA can help you decode threats.
About the Author
CYFIRMA Chairman and CEO, Kumar Ritesh, has 2+ decades of global cybersecurity leadership experience across all facets of the cybersecurity industry.
He spent the first half of his career as the head of a cyber-intelligence agency, gaining first-hand cyber threats and risks insights on a global scale before transitioning into the commercial arena as a senior executive for multi-national corporations IBM and PwC. Ritesh was also the global cybersecurity leader for one of the world’s largest mining companies, BHP Billiton.
A highly dynamic executive who successfully blends technology expertise with business acumen, Ritesh has a strong track record of developing successful cybersecurity strategies, products, policies, standards, and solutions, in addition to running complex cybersecurity programs.
He has developed prototypes for data loss prevention, social profile risk assessment, web content assessment management, intelligence-led cyber risk management, and adaptive cyberthreat intelligence tools. Ritesh is also the co-inventor of two patented technologies for phishing fraud detection and protocol-aware PCB architectures.
Through his blogs and public speaking engagements, Kumar educates companies on cyber security risks, solutions and trends.
Headquartered in Singapore and Tokyo, CYFIRMA is a leading threat discovery and cybersecurity platform company. Its cloud-based AI and ML-powered cyber intelligence analytics platform helps organizations proactively identify potential threats at the planning stage of cyberattacks, offers deep insights into their cyber landscape, and amplifies preparedness by keeping the organization’s cybersecurity posture up-to-date, resilient, and ready against upcoming attacks.
CYFIRMA works with many Fortune 500 companies. The company has offices and teams located in Singapore, Japan and India.