State-Sponsored Cyberwarfare

State-Sponsored Cyberwarfare: Can We Defend Our World from Chaos?

As globalization continues to integrate the world economy, it is hard to imagine any two major economic powers engaging in any form of physical warfare. But are we truly living in a peaceful world? In fact, conflicts in other forms are taking place regularly. Two major types of non-physical conflicts are trade wars and cyberwarfare. 

Trade wars have been on the rise over the past two decades, commonly fought by governments through adjusting tariffs or applying sanctions and regulations on targeted economies. Take the U.S.-China trade war in 2019 for example, by raising tariffs, the United States was able to put tremendous pressure on the Chinese government. Just half a century ago, such pressure could only be applied by launching physical attacks, while today, trade wars achieve the same goals with no physical sacrifice to face.

 

Silent Warfare

 

Trade wars always make the headlines in the news due to their immediate impact on the economy. Another form of non-physical warfare that is much more silent, ambiguous, and less visible that happens in the digital world. From the 1990s to the early 2000s, cybersecurity was mostly involved at the individual level where hackers aimed at attacking personal computers. This was the era when big anti-virus firms such as Avast, Norton, and Kaspersky emerged. However, the hype behind anti-virus software has noticeably degraded in the past decade. This is because hackers are less interested in attacking personal computers. As the fourth industrial revolution moves us towards the era of the data economy, big data has become an extremely valuable asset. Compared to individuals, governments and corporations that store large amounts of data are becoming highly tempting targets for cybercriminals.

 

State-sponsored DDoS attacks

 

Sources of cyberattacks are usually difficult to identify. However, attacks with political aims are on the rise. In the case of state-sponsored cyber warfare, attacks are commonly used for specific political purposes, especially as means of retaliation on a foreign government’s behavior. 

In the late 2000s to the early 2010s, distributed-denial-of-service (DDoS) attacks against foreign governments were very common. These attacks flood the network with tremendous traffic to disrupt its regular service, which can be very effective at damaging a targeted economy in a short amount of time through the disruption of government and business operations. 

For instance, the 2007 cyberattack on Estonia led by Russian hackers has transformed the country completely. As a retaliatory measure against Estonia’s decision to relocate a memorial of the Soviet Red Army to a less prominent location, Russia launched intense DDoS attacks on almost all the important websites of Estonia, including government portals, media outlets, internet service providers, banks, and major businesses, for three consecutive weeks (NATO Stratcom Centre of Excellence). 

This cyber warfare has caused immediate damage to the Estonian economy and revealed its vulnerabilities in the digital world. Since then, the country has decided to stand up against its weaknesses and transformed completely into an E-economy with most government services run completely online, along with a Cyber Defense Unit in its government (BBC). 

Other cases of state-sponsored DDoS attacks include the 2009 cyberattack on South Korea and the United States, the 2010 Korea-Japan cyberwarfare, 2010 attack on Myanmar. A very recent case of such an attack happened just last week, where Turkish hackers launched numerous cyberattacks on Greece in order to protest against the Greek government’s stance on the Turkish-Libya defense deal (Neos Kosmos).

 

A new era of data-oriented attacks

 

In more recent years as we step into the era of big data, state-sponsored cyberattacks have slowly transformed into a more silent form. Different from the traditional DDoS attacks, this new era of cyberwarfare is steering away from “attack” towards “stealing” and “manipulation”. Take the Facebook-Cambridge Analytica data scandal for example; in early 2018, British consulting firm Cambridge Analytica has illegally obtained the personal data of millions of Facebook users and used them for political advertising purposes. Since then, Facebook suffered multiple data breaches in September 2018, April 2019, and December 2019

According to a report by SelfKey, in the United States alone, data breach on big corporations occurred on average once every week during 2019, where a large number of identities were stolen. At a global level, the Identity Theft Resource Center recorded 1,579 data breaches worldwide in 2017. Despite repeated occurrences, these data-oriented cyberattacks rarely make it to the headlines because they usually do not cause immediate damage to the target. 

However, long-term consequences can be more devastating; the use of big data in any manipulative way, such as political manipulation, can be extremely hurtful to the proper functionality of the democratic system. Foreign attempts to influence the U.S. federal election in 2016 was a serious instance showing the danger of data being used in such a manipulative way. Personal data can be utilized to target people who are vulnerable to certain fake news, which could easily lead to social instability and chaos, leading to increased worries and speculations that these cyberattacks could threaten the future of democratic societies.

 

Are we safe?

 

Are we fighting a silent war? Can we survive a new era of state-sponsored cyberwarfare? Can we avert our societies from manipulations and chaos? Is democracy at risk? The future lies in our hands. Governments spend large amounts of tax money on defense to prevent military invasion. Corporations invest large figures on research and development. Yet many of them still choose to leave their data vulnerable. Governments and organizations must take data protection very seriously before it causes irreversible damage to our societies.

Penta Security is committed to data security, with robust products and solutions ready to help your organization defend against any attack. Our web application firewall WAPPLES protects your network from DDoS attacks, while encryption tools like MyDiamo keep your data safe and secure. To learn more about our products and solutions, click here.