Top Cyber War Techniques and Technologies
In our article Cyber Warfare: Nation State Sponsored Cyber Attacks, we discussed the nature of warfare in the virtual world of the internet and how it differs from conventional warfare. We also covered why some kind of “cybergeddon”—an all out cyber war—hasn’t happened and quite likely never will. In this post we’ll look at which state actors have conducted cyber war operations, the techniques they’ve used in their campaigns, and what technologies are available for defending against cyber war attacks.
Cyber War Groups
There are five nation-states that are known to be capable of waging a large-scale cyber war:
- China’s People’s Liberation Army Strategic Support Force: China has been held responsible for many cyber-attacks on public and private institutions in the United States, India, Russia, Canada, and France, The Chinese government denies all accusations and argues the position that China is not a threat but rather the victim of a large number of cyber-attacks
- Iran’s Cyber Defense Command, which operates under the Joint Staff of Iranian Armed Forces and is considered an emerging military power in the field
- North Korea’s Bureau 121 reportedly employs some 5,900 hackers making it the third largest cyber war and cybersecurity operator in the world behind the U.S. and Russia
- Russia’s Information Operations Troops as well as Unit 26165 and Unit 74455
- The United States Cyber Command and Joint Task Force ARES, along with scores of cyber security operations under groups such as the Army, Army Reserve, Army National Guard, Navy, Airforce, 688th Cyberspace Wing, and Space Force
In addition, many other countries have developed cyber war capabilities, ostensibly for defense.
Cyber Warfare Mercenaries
As numerous as the operational cybersecurity units of state actors are, they are just the visible part of the global cyber warfare machine most of which are implemented by hacker groups funded by state actors. Cyber mercenaries are available to do everything from surveillance to DDoS attacks. For example, the now infamous Israeli NSO Group has sold their iPhone spyware, Pegasus, to government agencies worldwide including the New York Police Department, and the governments of Mexico, Panama, Ghana, and Saudi Arabia. The spyware has been found on the cellphones of politicians and government officials, heads of corporations, journalists, activists, and even Avner Netanyahu [he], the son of then-Prime Minister, Benjamin Netanyahu.
While hackers who get involved over a cause—hacktivists—are neither created nor funded by a state actor, they can be a significant force in a cyberwar by, for example, launching a large-scale DDoS attack against one side or the other. The problem for the side that the hacktivists support is that they aren’t controllable and can interfere with or even thwart their own side’s attack plan. For the other side, the problem is that the often distributed and uncoordinated attacks can mask the more sophisticated attacks mounted by nation-state actors. One of the best examples of hacktivism is the decentralized international collective Anonymous:
Supporters have called the group “freedom fighters” and digital Robin Hoods, while critics have described them as “a cyber lynch-mob” or “cyber terrorists.” In 2012, Time called Anonymous one of the “100 most influential people” in the world. Anonymous’ media profile diminished by 2018, but the group re-emerged in 2020 to support the George Floyd protests and other causes. — Wikipedia
Types of Cyberattacks
In cyber warfare, espionage has the same goals as in conventional warfare, i.e., to learn as much about the enemy’s physical, informational, and cybersecurity resources as possible. This can involve using hacking of servers and networks, phishing attacks, and social engineering to map target networks, breach data sources, and then exfiltrate information.
The goal of sabotage in cyber war is to weaken, disable, corrupt, or destroy the information services, cybersecurity measures, and resources of a target. The Stuxnet worm (see below), developed by the United States and Israel to damage Iran’s nuclear fuel processing capabilities is a great example of cyber sabotage.
Cyber Psychological Warfare and Propaganda
Psychological warfare or PsyOps has been used in conventional warfare since time immemorial. For example, in the Battle of Pelusium in 525 BC, Persian forces carried cats in front of them into battle as a psychological tactic against the Egyptians, whose religious beliefs treated cats as sacred animals. In the digital age, nation-states use cyber PsyOps to create social chaos through disinformation campaigns, ransomware attacks, taking over and defacing websites, and distributed denial of service attacks to incapacitate websites and services.
Cyber Warfare Techniques
Distributed Denial of service (DDoS) Attacks
A distributed denial of service (DDoS) attack uses various techniques to flood a target with fake requests, which can disrupt or stop operations and systems and block access to websites by civilians, military and security personnel, or research bodies. Of all the types of cyberattacks, DDoS attacks are the easiest to mount. In the early days of Russia’s attack on Ukraine, a series of DDoS attacks briefly knocked the Ukrainian government and banks offline and U.S. and U.K. officials identified Russia as the source. U.S. deputy national security adviser, Anne Neuberger, told journalists at the White House that Washington was seeking to hold Russia to account for its aggressive moves in cyberspace.
Phishing, Spearphishing, and Whaling
Phishing attacks target anyone who might click on a link in an email message in hopes of compromising their computer, cybersecurity, and network connections. A more focused attempt, spearphishing, targets people who work at a particular business or a particular industry to try to gain access to the business. To execute a spearphishing attack, attackers may use a blend of email spoofing, dynamic URLs and drive-by downloads to bypass security controls.
Whaling attacks are very carefully targeted on high-level executives with access to organizational data or finances. For example, an executive with financial approval authority may receive an email from a C-level executive asking them to urgently transfer a large amount of money to cover a vendor payment or similar obligation.
The use of malware that encrypts a computer’s disk drives and demands payment, usually in cryptocurrency, is the basis of a ransomware attack. These attacks are most often launched via phishing and have become one of the most common techniques for extortion and denial of service. The 2021, “Verizon Data Breach Investigations Report” found that ransomware was the cause of 10 percent of all breaches and the FBI’s Internet Crime Complaint Center reported a 62 percent year-over-year increase in ransomware with 2,084 ransomware complaints filed from January to July 31, 2021.
Examples of Cyberwarfare
While it can be difficult to identify the origin of a cyber war attack, some cybersecurity attackers can be identified by their attack methods, malware coding, or information gained through covert channels. Here are a few examples of cyberwarfare attacks that were notable for not just their size and reach, but also because there was a lot of evidence to identify the aggressors:
- 2007: A distributed denial of service attack by a botnet of over a million computers brought down Estonian government, business, and media websites. Russia was suspected to have originated the cybersecurity attack, motivated by political tension between the two countries.
- 2009: A cyber spy network thought to be Chinese, though the Chinese government denied it, called “GhostNet” hacked into governmental and private organizations in over 100 countries around the world and exfiltrated confidential information.
- 2010: A cyber attack on the Iranian nuclear fuel processing facility resulted in the physical destruction of almost 1,000 uranium enrichment centrifuges by the Stuxnet computer worm. The evidence points to the worm having been created by the United States and Israel in a collaborative effort known as Operation Olympic Games.
- 2014: Following the release of the film “The Interview,” which presented a negative portrayal of Kim Jong Un, the publisher, Sony Pictures, was attacked. Not surprisingly, the cybersecurity attack was attributed to North Korean government hackers.
- 2014 to 2016: A Russian organized cybercrime group called Fancy Bear targeted Ukrainian rocket forces and artillery using malware spread via an infected Android application used by the D-30 Howitzer artillery unit to manage targeting data. This was a highly successful attack that resulted in the destruction of over 80 percent of Ukraine’s D-30 Howitzers.
- 2022: While Russia has launched multiple cyberattacks against Ukraine leading up to and including this year, the hacktivist collective called Anonymous declared war on Russia in late February 2022 claiming to have attacked Russia’s Ministry of Defense. Other hacktivist groups including Ghostsec, (an Anonymous a spinoff), AgainstTheWest, SHDWsec, the Belarussian Cyber Partisans, and Raidforums Admin are also attacking Russia.
How A10 Networks Can Help
An industry leader in cyber defense, A10 Networks, offers cyber security solutions including the A10 Thunder® Threat Protection System (TPS), which employs advanced DDoS protection and mitigation strategies to protect against DDoS attacks. A10 Thunder SSL Insight (SSLi) provides full network traffic visibility making it hard for attackers to sneak malware into networks or exfiltrate data. These solutions help support a Zero Trust strategy to help businesses protect their networks and data.
Assets of Interest
- Dodging and Defeating DDoS Attacks: Data Center Provider Guide (eBook)
- Global Gaming Company ZAPS DDoS Attacks in Real-Time with ZAPR (Case Study)
- What is the Mirai Botnet, How to Prevent DDoS Attacks? (Video)
- DDoS Defender’s Insights: How to Defend Against Reflected Amplification Attacks (Webinar)
- What Makes One DDoS Defense Better Than Another (Webinar)
- Decrypting SSL to Uncover Hidden Threats (Webinar)
- Combating the Surge of Modern Malware and Ransomware (eBook)