The emerging threat of cyber warfare

03 May 2018

Recent months have seen growing tensions between western countries and Russia, highlighting the growing risk of cyber-attacks by nation states and their allies.

Russia has been accused of waging a digital war against the west. It has allegedly interfered with elections in the US and Europe, been linked to a global malware outbreak, and has been accused of targeting the IT systems of critical infrastructure and services.

A suspected nerve agent attack by Russia on British soil has seen the two countries exchange threats of potential retaliatory cyber attacks, although commentators believe such an attack by the UK is highly unlikely.

The UK is not alone in accusing Russia of cyber activities. Germany says Russia attacked its Foreign Ministry while the US recently blamed Russia for cyber attacks on its energy grid. UK and US officials believe that Russia has been probing networks in preparation for potential acts of sabotage, such as taking down parts of the electricity grid. In February, the UK, US, and Australian governments said Russia was behind the NotPetya malware attack, which initially targeted Ukraine in June 2018 but quickly spread around the globe.

UNDERRATED RISK

The world is seeing the emergence of hybrid warfare whereby foreign rivals are actively seeking to disrupt economic capacity, targeting the business sector, public services and critical infrastructure.

State sponsored cyber attacks are now one of the most serious risks facing corporates today, and yet this is one of the most underappreciated risks at board or C-suite level. Most companies do not realise that they are the targets of foreign intelligence services looking to steal intellectual property, ideas and technology, or just to disrupt business and the wider economy.

ASYMMETRIC WAR

Russia is not the only country using its cyber capabilities to further its interests. Hacking groups linked to other nation states, most notably North Korea, Iran and China, are also known to be actively deploying sophisticated cyber capabilities.

Nation states are thought to be behind a number of cyber attacks in recent years against banks, energy companies, government agencies and suppliers of critical services and infrastructure. Attacks can be for a wide range of purposes, including the theft of intellectual property, trade secrets or personal data, as well as to cause disruption or physical damage.

According to a report by CrowdStrike China has been targeting western commercial interests and government agencies as it seeks information and intelligence that may provide military, diplomatic or commercial advantage. In the case of North Korea, nation state-linked hackers are said to behind extortion attacks and cyber heists, while the country was blamed for last year’s global ransomware attack, WannaCry.

Iran’s cyber activities have largely targeted entities in the Middle East, notably the Shamoon malware destructive attacks against Saudi Arabia in 2017. The US and UK recently condemned Iran for cyber-attacks against western universities.

BLURRED LINES

Nation states have their own cyber capabilities, but attacks are also carried out by groups affiliated to intelligence services. Cyber criminals may also receive direct or indirect support from nation states, or benefit from vulnerabilities leaked on the dark web. A recent report from CrowdStrike suggests that there has been a levelling of the playing field between highly skilled nation state adversaries and their less sophisticated criminal and hacktivist counterparts.

It notes a “trickle-down effect” that is seeing a proliferation of “military-grade weaponry” for cyber warfare being released and commoditised. For example, last year’s WannaCry malware epidemic was based on military-grade espionage techniques around a Windows vulnerability known as EternalBlue, which ultimately fell into the wrong hands.

According to CrowdStrike, such attacks are immune to the traditional endpoint defence technologies used by most organisations. Defending against “government-grade” attacks requires enlisting a host of new security technologies and approaches that go beyond the simple signature-based prevention of the past, it says.

CYBER TERRORISM

Lines are also blurred between the cyber activities of nation states and terrorist groups. In April, the UK’s intelligence agency GCHQ revealed that it had carried out offensive cyber attacks against Islamic State. The attack, the first of its kind by the UK, disrupted the group’s online activities and destroyed equipment and networks.

UK terrorism reinsurer Pool Re warns that the defeat of Islamic State in Syria and Iraq could see the group driven underground, and potentially online. As yet, terrorist groups have mainly used the internet as a recruitment and propaganda tool, and are believed to lack the capabilities to carry out destructive cyber attacks.

However, these capabilities are within reach, says Pool Re. The tools needed to carry out terrorist attacks are increasingly available to purchase or hire on the dark web. Terrorists may also be able to exploit sophisticated tools and techniques developed by nation states if they become available online, while some nation states could provide support to favoured terrorist groups.

In April, Pool Re extended its coverage to include physical damage and resulting business interruption triggered by a cyber terrorism event. Other national terrorism pools are reportedly considering offering similar coverage.

GREY AREAS

JLT Re’s latest terrorism report notes the changing nature of terrorism risk, with the emergence of new risks like cyber terrorism. The report highlights the prospect that terrorist organisations could target corporations by hacking into their networked technology systems in order to facilitate physical attacks. Equally troubling, non-state actors could acquire capabilities that enable them to carry out cyber attacks that cause physical damage or loss of life, the report says.

Although terrorist groups are currently unlikely to have the expertise needed to mount a destructive cyber attack, certain groups are thought to be seeking to acquire capabilities to launch attacks with tools that can now be purchased or hired on the dark web. This raises serious challenges to risk carriers.

At present, exclusions in both terrorism and cyber markets are muddying the waters. Malicious cyber attacks by quasi state actors or proxies are a credible concern and conventional war exclusions may unwittingly preclude coverage, according to the JLT Re report.

Download Cyber Decoder

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on cyber@jltgroup.com.

YOU MAY ALSO BE INTERESTED IN