{"id":16810,"date":"2023-02-01T14:32:04","date_gmt":"2023-02-01T13:32:04","guid":{"rendered":"https:\/\/www.show.it\/cyber-insights-2023-the-geopolitical-effect\/"},"modified":"2023-02-01T14:32:04","modified_gmt":"2023-02-01T13:32:04","slug":"cyber-insights-2023-the-geopolitical-effect","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/cyber-insights-2023-the-geopolitical-effect\/","title":{"rendered":"Cyber Insights 2023: The Geopolitical Effect"},"content":{"rendered":"
\n
\n
\n

About SecurityWeek Cyber Insights |<\/strong> At the end of 2022,\u00a0SecurityWeek\u00a0liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today \u2013 and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs.<\/em><\/p>\n<\/div>\n<\/div>\n

\"Cyber<\/figure>\n<\/div>\n

SecurityWeek Cyber Insights 2023 | The Geopolitical Effect<\/strong> \u2013 Geopolitics describes the effect of geography on politics, and usually refers to the political relationship between nations. That relationship is always mirrored in cyber. The Russia\/Ukraine war that started in early 2022 has been mirrored by a major disturbance in cyber \u2013 and that disturbance will continue through 2023.<\/p>\n

The physical conflict has forced much of the world to take sides. The US, NATO, the EU, and their allies are providing major support \u2013 short of troops \u2013 to Ukraine. China, Iran, and North Korea are all supporting Russia. The cyber conflict is similar, largely conforming to the George W Bush \u2018axis of evil\u2019 (Iran, Iraq, and North Korea, with the popular addition of Russia and China) versus the US, EU, and their allies.<\/p>\n

Here we\u2019re going to discuss how the current state of global geopolitics might play out in cyber during 2023.<\/p>\n

Background<\/strong><\/h2>\n

\u201cRussia may well resort to increased cyber offensive actions as it contends with on-the-ground setbacks in Ukraine,\u201d comments Bob Ackerman, MD and founder of AllegisCyber. This has been considered likely throughout 2022, but as Russian military setbacks have increased toward the end of 2022, so the likelihood of increasingly aggressive Russian cyber activity will rise. Such offensive actions will not simply target Ukraine \u2013 they will be aimed at all countries seen to be supporting Ukraine.<\/p>\n

\u201cWhile we haven\u2019t seen those feared attacks materialize yet,\u201d says Christopher Budd, senior manager of threat research at Sophos, \u201cit would be premature to say that those risks have passed. In 2023, so long as the uncertainty of war exists, everyone should plan for the real possibility of unexpected, large-scale cyberattacks.\u201d<\/p>\n

Indeed, the mirror between the kinetic and cyberworlds suggests it is inevitable in 2023. Kevin Bocek, VP of security strategy and threat intelligence at Venafi, expects to see Russian cyber activity becoming more \u2018feral\u2019. \u201cWe\u2019re increasingly seeing its kinetic war tactics becoming more untamed, targeting energy and water infrastructure with missile strikes,\u201d he says. \u201cWe expect the same to apply to cyberwarfare.\u201d<\/p>\n

He is concerned that Russia\u2019s more feral activity will have the potential to spill over into other nations, \u201cas Russia becomes more daring, trying to win the war by any means, and Russia could look to use the conflict as a distraction as it targets other nations with cyberattacks.\u201d<\/p>\n

Malwarebytes believes that large-scale attacks will appear first in Ukraine, but be accompanied by attacks against European allies. \u201cIn recent weeks [Oct\/Nov 2022] Russia has been launching a barrage of missiles to cripple Ukraine\u2019s electricity infrastructure. We could expect that at some point availability of such weapons will run low and that the Kremlin will want to increase the cyber effort. We may see further successful malware attacks from the Sandworm group as we have seen previously with the blackouts caused by the BlackEnergy<\/a> malware,\u201d comments Jerome Segura, senior director of threat intelligence at Malwarebytes.<\/p>\n

While malware used to destroy or wipe systems is likely to be used against Ukraine,\u201d he adds, \u201cmore stealthy malware such as backdoors are likely to hit European allies as attempts to compromise key leaders, gather intelligence and possibly expose or extort via \u2018kompromat\u2019.\u201d<\/p>\n

In one sense, the Russia\/Ukraine conflict has taken the gloves off the lower-level cyberwarfare that has existed for years. You could say that 2023 may well prove to be a new era of bare-knuckle cyberwarfare. \u201cNation state cyber warfare will become more openly prevalent,\u201d suggests Chris Gray, AVP of security strategy at Deepwatch. \u201cThe Russia\/Ukraine conflict has taken away much of the \u2018cloak and dagger\u2019 aspects of this area and, in doing so, has also broadened the scope of available targets. Financial impact and the ability to increase chaos due to service interruption will increasingly grow over former levels.\u201d<\/p>\n

While we concentrate on Russia as the primary current protagonist in offensive cyber, we should not forget that Russian \u2018allies\u2019 will take advantage of the situation. \u201cChina is likely to expand the full spectrum of its cyber initiatives targeting economic, political, and military objectives,\u201d continues Ackerman. \u201cBit actors on the global stage may well exploit Great Power conflict and related global distractions to launch targeted regional cyberattacks,\u201d he added. Such as Iran targeting Israel.<\/p>\n

Difficulty in attribution will remain<\/strong><\/h2>\n

Increased nation-state cyber activity will become more obvious, but not necessarily legally attributable. The major powers will still seek to avoid direct retribution that could escalate into additional kinetic warfare. \u201cThe reality with nation-state attacks is you might never know you\u2019ve been hit by one until another country\u2019s intelligence agency actively identifies it,\u201d warns Andrew Barratt, VP at Coalfire. \u201cThe attribution of attacks to specific parties is a highly contentious area with a lot of room for error and deniability. What we really need is crossover from friendly military intelligence partners to support a reasonable conclusion.\u201d<\/p>\n

SecurityWeek<\/em> was told years ago by Luis Corrons, now security evangelist at Gen and co-chairman of the board at AMTSO, \u201cThe only people who really know what\u2019s going on are the intelligence agencies, who have close knowledge drawn from signals intelligence and covert agents.\u201d Historically, the intelligence agencies have been reluctant to make too many public accusations of attribution for fear that it might expose their sources.<\/p>\n

\n
\"Marcus
Marcus Fowler<\/figcaption><\/figure>\n<\/div>\n

Direct attribution from countries with mature intelligence agencies is likely to increase in 2023 \u2013 as will the strident denials coming from the perpetrators \u2013 but it will remain difficult. \u201cThe rapid expansion of non-state affiliated cyber actors including hobbyists, hacktivists, criminals, privateers, proxies, vigilantes, or cyber response reserve units, is unlike anything ever seen in traditional warfare,\u201d explains Marcus Fowler, CEO of Darktrace Federal. \u201cThe surge in \u2018vigilante\u2019 approaches to cyber-crime will continue to alter the course of modern warfare in 2023, introducing unprecedented adversaries and allies for nation-states.\u201d<\/p>\n

Zero-day stockpiles<\/strong><\/h2>\n

What remains largely unknown is the potential capability of unfettered cyberwarfare \u2013 all major nations have been stockpiling zero-days for years. \u201cI dare not speak of the unused kinetic powers available to the nation-states,\u201d comments Brian NeuHaus, CTO of Americas at Vectra AI, \u201cbut will digress to one which has only, I believe, been partially used. Cyberwarfare is still a real threat from a broader use of known TTPs, tools tactics procedures, and an unknown equity of zero-days just waiting for the right strategic moment to deploy against one\u2019s foes.\u201d\u00a0<\/p>\n

Zero-days are not used lightly, especially by nation-states. Once used, they instantly lose their value. The problem is that we have no knowledge of our adversaries\u2019 zero-day stockpiles, nor their ability to unleash widespread destructive capabilities against critical infrastructure. Their use is likely to be one of desperation \u2013 a cyber version of nuclear weapons with the potential to escalate into open kinetic conflict.\u00a0<\/p>\n

We must hope this day never comes, for it is worth remembering Putin\u2019s warning on the use of nuclear weapons: \u201cFor the planet, it will be a catastrophe. But for me as a citizen of the Russian Federation and the head of the Russian State, I must ask myself the question. What is the point of a world without Russia?\u201d<\/p>\n

Wiperware and other destructive attacks<\/strong><\/h2>\n

Our hope must therefore be that no nation-state feels so backed into a corner that it unleashes the full power of stockpiled zero-days against the opponent\u2019s critical infrastructure. That doesn\u2019t mean we can relax \u2013 the threat from what we could perhaps describe as conventional cyberweapons remains real and likely to increase through 2023. Wiperware is probably top of the list.<\/p>\n

\n
\"\"
Fleming Shi<\/figcaption><\/figure>\n<\/div>\n

\u201cRussia\u2019s invasion of Ukraine this year revealed the modern digital battlefield. Most notably, we have witnessed an increased use of wiperware, a form of destructive malware against Ukrainian organizations and critical infrastructure,\u201d comments Fleming Shi, CTO at Barracuda. \u201cThe frequency has dramatically increased as we saw WhisperGate<\/a>, CaddyWiper<\/a>, HermeticWiper, and others hitting the news since the war broke out.\u201d\u00a0<\/p>\n

Unlike the financial motivations and decryption potential of ransomware, wiperware is typically deployed by nation-state actors with the sole intent to damage and destroy an adversary\u2019s systems beyond recovery. \u201cIn addition,\u201d he added, in 2023, wiperware emanating from Russia will likely spill over into other countries as geopolitical tensions continue.\u201d<\/p>\n

Wiperware can easily be disguised as criminal ransomware with non-functioning decryption, adding deniability to destructive nation-state attacks. There are suspicions that WannaCry<\/a> was a version of this. \u201cGiven the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyberattacks, affecting both the government sector and key industries,\u201d says Ivan Kwiatkowski, senior security researcher at Kaspersky`s GReAT.\u00a0<\/p>\n

\u201cIt is likely that a portion of them will not be easily traceable to cyberattacks and will look like random accidents. The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for their real authors,\u201d he added. \u201cHigh-profile cyberattacks against civilian infrastructure, such as energy grids or public broadcasting, may also become targets, as well as underwater cables and fiber distribution hubs, which are challenging to defend.\u201d<\/p>\n

A particular target area for such attacks will likely be \u2018dual use\u2019 technologies; that is, those that serve both military and commercial purposes. \u201cSatellite technologies and other advanced communication platforms come under a higher level of focus. Both intellectual property theft and disruption of data delivery to governments and militaries around the world become a stronger focus,\u201d says Kurt Baumgartner, principal security researcher at Kaspersky.<\/p>\n

It is noticeable that the cyberattack against Viasat<\/a> by Russia just prior to the Russian invasion of Ukraine, designed to disrupt Ukrainian military communications, spilled out of the region to also affect some 9,000 European users. Russia seems to have \u2018got away with it\u2019 on this occasion, but it effectively remains a nation-state cyberattack against civilians outside of the war zone. We are not aware of any clandestine response from the West, but must wonder if the response would have been different if the spillover had directly affected US users.<\/p>\n

John Pescatore, director of emerging security trends at SANS Institute, endorses Baumgartner\u2019s view. \u201cThe war in Ukraine will have broader impacts on the commercial sector as operatives on both sides attack dual-use technologies (that is, services used by both the military and civilians) to take down communication and critical infrastructures systems.\u201d He expects to see more attacks in 2023 that will impact business internet connections, communication, and logistics systems.\u00a0<\/p>\n

\u201cIncreasing attacks on key dual-use technologies like cell towers, GPS, and commercial satellites \u2013 such as Star Link,\u201d he adds, \u201cwill damage connectivity and business operations for private sector companies that depend on these technologies, even if they are not directly targeted themselves.\u201d<\/p>\n

Beyond Russia<\/strong><\/h2>\n

While cyber eyes are trained on Russia, we should remember that it is not the West\u2019s only cyber adversary. China, Iran, and North Korea will all increase their activity through 2023 under cover of the European war. China will likely continue concentrating on espionage rather than destruction \u2013 although this may change if the separate geopolitical tensions over Taiwan escalate into kinetic activity.<\/p>\n

\u201cChina has high priority targets to meet in terms of economic and social development, made more pressing by continuing Covid outbreaks and a zero-tolerance stance on Covid,\u201d warns Mike McLellan, director of intelligence at Secureworks. \u201cChinese intelligence collection will remain both broad and deep, as the Chinese Communist Party will not accept failure on any of its key focus areas.\u201d<\/p>\n

This focus will be on upgrades to its manufacturing base, food stability, housing, energy supply, and natural resources. \u201cOrganizations operating in or supplying any of those areas, particularly high\u00adtech industries,\u201d he continues, \u201care potential targets of Chinese cyberespionage.\u201d<\/p>\n

But he adds, \u201cAs tensions continue to rise around Taiwan and the South China Sea, and China continues to drive forward with its Belt Road Initiative (BRI), a large proportion of China\u2019s cyber espionage apparatus will be regionally focused targeting governments and critical infrastructure projects, as well as dissidents and other individuals opposed to the Chinese state.\u201d<\/p>\n

Iran and North Korea are less concerned with maintaining any semblance of diplomacy with the US and EU. Iran may engage in more destructive cyberattacks, largely in the Middle East but potentially elsewhere. \u201cIran will exploit the blurring of state-sponsored activity with cybercrime, both against regional adversaries and more broadly,\u201d says McLellan.\u00a0<\/p>\n

The country will make use of offensive cyber operations under the guise of hacktivist and cybercrime personas to harass and intimidate regional adversaries, particularly Israel. This will probably extend beyond the Middle East with Iran merging state and criminal activity. Citing the IRGC-affiliated Cobalt Mirage<\/a> threat group, McLellan warns, \u201cIran will exploit this financially motivated activity as a plausible cover for state espionage or disruption operations, which can be dismissed as part of a \u2018cybercrime problem\u2019.\u201d<\/p>\n

\u201cWe\u2019re also seeing North Korea flexing its muscles by flying long range weapons over borders,\u201d adds Venafi\u2019s Bocek. If the mirror between kinetic and cyber activity holds true, we can expect North Korea to become more aggressive in cyber in 2023. Such cyber activity, adds Bocek, \u201cwill be replicated by North Korea as it looks to advance its economic and political goals.\u201d<\/p>\n

Summary<\/strong><\/h2>\n

A particular concern for 2023 and beyond is that the diplomatic seal may now be permanently broken. The Russia\/Ukraine war will eventually end \u2013 but tensions between the two countries and their allies will continue. Aggressive international cyber activity may never return to pre-war levels. \u201cNation-states will continue to cause each other digital problems amid the constant fight for power and status on the world stage,\u201d comments Zac Warren, chief security advisor for EMEA at Tanium.<\/p>\n

\u201cNations will come to the table to discuss norms; China, Russia and others will inhibit progress,\u201d warns Mike Hamilton, founder and CISO at Critical Insight. He has two specific predictions for 2023 that might take cyber relations beyond the point of no return. Firstly, he suggests, \u201cRussia will have its infrastructure disrupted as a demonstration of seriousness.\u201d Secondly, he adds, \u201cOperational technologies will be disrupted\/wiped, likely in the US water sector.\u201d<\/p>\n

If either of these incidents occur and can be reliably attributed to a foreign state, they will not be easily forgiven.<\/p>\n

As it is in the kinetic world, so it is in the digital. \u201cFor everything in the real world, there is a shadow on the Internet,\u201d says Sam Curry, CSO at Cybereason. \u201cMore-and-more, we are going to see the Internet as a primary forum for geopolitical activity. The classic diplomacy, information, military and economic (or \u2018DIME\u2019) options are seeing the rise of information options and a resurgence of military options from 2022. Going into 2023, it\u2019s to be hoped that diplomacy and economics rise to the fore, but for that to happen, the world would need to see an amenable-to-all-parties resolution to the Russia-Ukraine War or at least motion in that direction with a meaningful ceasefire; and detente in the South China Sea, which although a secondary area is another potential area of rising concern and clash of superpowers.\u201d<\/p>\n

\n
\n
\n

About SecurityWeek Cyber Insights |<\/strong> At the end of 2022,\u00a0SecurityWeek\u00a0liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today \u2013 and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs.<\/em><\/p>\n<\/div>\n<\/div>\n

\"Cyber<\/figure>\n<\/div>\n

Related<\/strong>: Wipers Are Widening: Here\u2019s Why That Matters<\/a><\/p>\n

Related<\/strong>: Economic Warfare: Attacks on C<\/a>I Part of Geopolitical Conflict<\/a><\/p>\n

Related<\/strong>: Security Pros Believe Cybersecurity Now Aligned With Cyberwar<\/a><\/p>\n

Related<\/strong>: U.S. Issues Fresh Warning Over Russian Cyber Threats<\/a><\/p>\n

The post Cyber Insights 2023: The Geopolitical Effect<\/a> appeared first on SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

About SecurityWeek Cyber Insights | At the end of 2022,\u00a0SecurityWeek\u00a0liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today \u2013 and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]<\/p>\n","protected":false},"author":2,"featured_media":16811,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[143,152,28,153,154,110,77,155,156],"tags":[],"class_list":["post-16810","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberinsights2023","category-cyberwar","category-cyberwarfare","category-geopolitical","category-geopolitics","category-iran","category-nation-state","category-nato","category-ukraine"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16810"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16810\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16811"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}