Cyberwarfare and the Geopolitics Thrusting It on Enterprises

Share
Russian-backed hackers attempted to destroy computers at one of the Ukraine's largest energy companies to cause energy insecurity
Geopolitical instability has enterprises facing the spillover of conflicts as nation-state actors try to take down companies providing essential services

It’s nothing groundbreaking to say that the cybersphere is at one of its most tumultuous times in recent history.

Yet what is unique about it is that the current threats in the cybersphere are coinciding increasingly with outside events. 

With conflict in the Middle East, and all out war in Eastern Europe, the cybersecurity issues plaguing the world today are increasingly a reflection of the geopolitical instability in the world. 

Cybersecurity company Imperva in its 2024 report noted that not only had distributed denial of services (DDoS) attacks increased a staggering 111% in the first half of 2024 compared to the same period in 2023, but that the war-ridden Ukraine noted a 519% increase in DDoS attacks.

But unlike a traditional war, where bullets and bombs target governments and combatants, enterprises are increasingly being brought into the mix, serving as a digital front line of the threats. 

This is because many of the companies being attacked provide critical infrastructure to the operation of countries involved.

In cases like Ukraine, Russian-backed hackers attempted to destroy computers at one of Ukraine’s largest energy companies using a wiper – malware specifically designed to destroy targeted systems by erasing key data and rendering them useless, with the intention of causing blackouts and energy insecurity for two million people.

In the US, companies in the water sector have been hit hard with cyber attacks.

In October of this year, American Water, the largest investor-owned water and wastewater utility company in the US that provides essential water and wastewater services to over 14 million people across 14 states, fell victim to a cyber attack. 

“The main theme is that they [attackers] are not looking for monetary gain, instead they’re influenced by other strategic and politically motivated agendas,” says David Sancho, Senior Threat Researcher at Trend Micro.

David Sancho, Senior Threat Researcher at Trend Micro

Although it didn’t take down its key services, it highlights how despite these being companies not government owned, they serve functions of critical importance for society. Taking them offline can lead to severe health and safety issues.

“Disruptions to critical national infrastructure and the manipulation of supply chains can be deemed the biggest threats posed by cyberwarfare today,” says Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity.

“Attacks targeting essential services such as healthcare, transportation, and utilities can have far-reaching impacts, endangering lives and causing economic instability.”

Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity

So serious is the threat to critical infrastructure that NATO cyber defence policy states that a cyber attack could be grounds to invoke Article 5 of NATO's founding treaty, which it is obliged to then help the affected nation and issue a response.

The order of attack

Although there is ongoing debate over how cyberwarfare should be defined, cyberwarfare can largely be characterised by state-sponsored or terror groups launching digital attacks largely aimed at disrupting, sabotaging, or weakening adversaries' critical systems.

“Sectors such as health, central and local government are likely to be targeted due to their direct impact on the wider population,” says Alex Woodward, Senior Vice President – Consulting Delivery, Cyber Security at CGI.

Alex Woodward, Senior Vice President – Consulting Delivery, Cyber Security at CGI

Although the idea can be traced back to 1834 in France, when attackers stole financial market information by accessing the French telegraph system, cyberwarfare didn't really become a tactic until the late 20th century. 

This is due to the wider rollout of interconnected global infrastructure. Everything from power grids to financial systems and healthcare now rely on digital services and this makes them vulnerable.

“Whilst it’s easy to think James Bond when it comes to nation-state cyberattacks, our reliance on connected IT systems means it’s relatively easy for state threat actors to create their desired effect on target through basic methods,” says Alex.

This quarter, Blackberry reported over 800,000 attacks occurred against critical infrastructure, with 50% of these being targeted against the financial sector.  

Cyberwarfare therefore represents a paradigm shift in the spillover of conflicts in the 21st century. 

There is no set order of battle for attackers conducting cyberwarfare operations, as each may have their own strategy or signatures.

However, certain types of attacks and techniques are employed for attackers to achieve their desired objectives.

“The most common forms of attack in cyberwarfare include living-off-the-land (LoL) attacks, cyber espionage, supply chain attacks, zero-day exploits, stealth implants and DDoS attacks,” says Matt.

“However, phishing remains a primary tool for gaining unauthorised access, exploiting the human element to breach defences.”

DDoS is surging in this geopolitically tense time as they are used to disrupt online services and create chaos during critical times, denying systems the ability to operate and further complicating incident response efforts. 

As cyberwarfare becomes more sophisticated, the potential for escalation and collateral damage increases.

This evolution necessitates new approaches to defence and cooperation between governments and companies that provide critical services like utilise or finance.

Countering cyberwarfare

One of the main challenges in defending against cyberwarfare is the complexity and sophistication of modern attacks.

Governments and organisations face difficulties in identifying and defending against threats that exploit vulnerabilities in supply chains, as well as insider threats. 

“Vast resources of time, equipment, and skilled personnel are invested into these types of attacks by governments around the world, and it is often not possible to deal with them in real-time after they are launched – they need to be anticipated, and intelligence is a key weapon in being forearmed against these types of attacks,” Matt explains.

Youtube Placeholder

To address these challenges, governments and organisations are adopting multi-faceted approaches.

Increased investment in cybersecurity infrastructure and personnel, development of national cyber strategies, and enhancement of international cooperation frameworks. 

Already, countries like the UK have moved to designate data centres critical infrastructure to provide them with adequate protection. 

Yet, it is not just strategy that can solve the issue. Just how technology wins wars, it can also rebalance the ongoing cyber conflict. 

As the maturity of generative technologies and hackers experience of putting them to use progress, attackers are becoming harder to raise cyberwarfare defences without deploying technology that uses AI to fight it.  

“To truly outrun cybercriminals and maintain a defensive advantage, robust frameworks for AI governance and ethical standards must be established, ensuring responsible use and mitigating risks,” says Keiron Holyome, VP UKI & Emerging Markets at BlackBerry.

Keiron Holyome, VP UKI & Emerging Markets at BlackBerry

A Capgemini study found that the overall time it takes to detect threats and breaches is 12% lower with AI, while network security company Link11 found AI-powered DDoS protection platform demonstrated significant effectiveness in mitigating attacks.

Therefore, many organisations are now racing to implement AI-driven defence systems and threat intelligence sharing platforms.

Because the threat is targeting enterprises that provide key functions for society, companies are also enhancing their supply chain risk management practices to protect against the so-called backdoor cyberattack.

Enterprises to the aid
  • Ukraine’s deputy chairman of the State Service of Special Communications thanked researchers at cybersecurity companies Eset and Microsoft for helping to identify and neutralise the malicious software used in the 2022 attack on the energy company

Supply chains can involve thousands of vendors, who too often are the entry point for malware, ransomware or denial of service attacks, which then work their way upstream or downstream to important companies, organisations and public service providers.

In June, for example, three major London hospitals were hit by a back-door ransomware cyberattack that wreaked havoc across clinical services.

The hack is said to have affected hospitals who are partnered with Synnovi, a provider of pathology services. A Russian group of cyber criminals calling themselves Qilin are believed to have been behind the attack.

As well as adopting AI-driven cyber defences, organisations are also collaborating with government agencies, such as the UK’s government agency National Cyber Security Centre, in order to share intelligence and fortify defences. 

Cybercrime: an evolving battlefield 

Although AI is no doubt augmenting the tenacity of attacks, it is lending the same abilities to defence. Yet although war never changes, the same can’t be said for cyberwar. 

Quantum computing, whilst still the reserve of Governments and large global organisations who can afford them, is likely to create a watershed moment.

The computational power available will enable breakthroughs across various fields, including scientific modelling simulation and drug research, as well as attacks.

Luckily, further examples of government-enterprise cooperation is proving promising in fighting off this future threat, with The US National Institute of Standards and Technology (NIST) standardising the world’s first post-quantum cryptography (PQC) encryption standards, made by IBM.

Although cyberwarfare represents a growing and dangerous threat to enterprises, governments and societies around the world, the policy pushes from world leaders like President Biden on cyber-securing critical national infrastructure, or the UK in securing data centres, shows an understanding of its importance. 

By understanding the nature of these threats and implementing comprehensive strategies for prevention, detection, and response, the world can work to level their response to the growing attack on the digital battlefield.


Explore the latest edition of Cyber Magazine  and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Managed detection service now protects 26,000 organisations as demand rises for round-the-clock threat monitoring and incident response capabilities

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security

Gartner: How to Align Risk Management and Governance in 2025

Operational Security