The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a major disturbance in cyber - and that disturbance will continue through 2023. China, Iran, and North Korea are all supporting Russia. The cyber conflict is similar, largely conforming to the George W Bush 'axis of evil' versus the US, EU, and their allies. Here we're going to discuss how the current state of global geopolitics might play out in cyber during 2023. "Russia may well resort to increased cyber offensive actions as it contends with on-the-ground setbacks in Ukraine," comments Bob Ackerman, MD and founder of AllegisCyber. This has been considered likely throughout 2022, but as Russian military setbacks have increased toward the end of 2022, so the likelihood of increasingly aggressive Russian cyber activity will rise. Kevin Bocek, VP of security strategy and threat intelligence at Venafi, expects to see Russian cyber activity becoming more 'feral'. He is concerned that Russia's more feral activity will have the potential to spill over into other nations, "As Russia becomes more daring, trying to win the war by any means, and Russia could look to use the conflict as a distraction as it targets other nations with cyberattacks." "In recent weeks Russia has been launching a barrage of missiles to cripple Ukraine's electricity infrastructure. We could expect that at some point availability of such weapons will run low and that the Kremlin will want to increase the cyber effort. We may see further successful malware attacks from the Sandworm group as we have seen previously with the blackouts caused by the BlackEnergy malware," comments Jerome Segura, senior director of threat intelligence at Malwarebytes. "While malware used to destroy or wipe systems is likely to be used against Ukraine," he adds, "More stealthy malware such as backdoors are likely to hit European allies as attempts to compromise key leaders, gather intelligence and possibly expose or extort via 'kompromat'." "Nation state cyber warfare will become more openly prevalent," suggests Chris Gray, AVP of security strategy at Deepwatch. While we concentrate on Russia as the primary current protagonist in offensive cyber, we should not forget that Russian 'allies' will take advantage of the situation. "China is likely to expand the full spectrum of its cyber initiatives targeting economic, political, and military objectives," continues Ackerman. Increased nation-state cyber activity will become more obvious, but not necessarily legally attributable. "The reality with nation-state attacks is you might never know you've been hit by one until another country's intelligence agency actively identifies it," warns Andrew Barratt, VP at Coalfire. Direct attribution from countries with mature intelligence agencies is likely to increase in 2023 - as will the strident denials coming from the perpetrators - but it will remain difficult. "The rapid expansion of non-state affiliated cyber actors including hobbyists, hacktivists, criminals, privateers, proxies, vigilantes, or cyber response reserve units, is unlike anything ever seen in traditional warfare," explains Marcus Fowler, CEO of Darktrace Federal. Their use is likely to be one of desperation - a cyber version of nuclear weapons with the potential to escalate into open kinetic conflict. We must hope this day never comes, for it is worth remembering Putin's warning on the use of nuclear weapons: "For the planet, it will be a catastrophe. But for me as a citizen of the Russian Federation and the head of the Russian State, I must ask myself the question. What is the point of a world without Russia?". "Russia's invasion of Ukraine this year revealed the modern digital battlefield. Most notably, we have witnessed an increased use of wiperware, a form of destructive malware against Ukrainian organizations and critical infrastructure," comments Fleming Shi, CTO at Barracuda. "Unlike the financial motivations and decryption potential of ransomware, wiperware is typically deployed by nation-state actors with the sole intent to damage and destroy an adversary's systems beyond recovery."In addition," he added, in 2023, wiperware emanating from Russia will likely spill over into other countries as geopolitical tensions continue. "Given the current political climate, Kaspersky experts foresee a record number of disruptive and destructive cyberattacks, affecting both the government sector and key industries," says Ivan Kwiatkowski, senior security researcher at Kaspersky`s GReAT. "It is likely that a portion of them will not be easily traceable to cyberattacks and will look like random accidents. The rest will take the form of pseudo-ransomware attacks or hacktivist operations to provide plausible deniability for their real authors," he added. A particular target area for such attacks will likely be 'dual use' technologies; that is, those that serve both military and commercial purposes. It is noticeable that the cyberattack against Viasat by Russia just prior to the Russian invasion of Ukraine, designed to disrupt Ukrainian military communications, spilled out of the region to also affect some 9,000 European users. Russia seems to have 'got away with it' on this occasion, but it effectively remains a nation-state cyberattack against civilians outside of the war zone. "The war in Ukraine will have broader impacts on the commercial sector as operatives on both sides attack dual-use technologies to take down communication and critical infrastructures systems." He expects to see more attacks in 2023 that will impact business internet connections, communication, and logistics systems. While cyber eyes are trained on Russia, we should remember that it is not the West's only cyber adversary. China, Iran, and North Korea will all increase their activity through 2023 under cover of the European war. China will likely continue concentrating on espionage rather than destruction - although this may change if the separate geopolitical tensions over Taiwan escalate into kinetic activity. "China has high priority targets to meet in terms of economic and social development, made more pressing by continuing Covid outbreaks and a zero-tolerance stance on Covid," warns Mike McLellan, director of intelligence at Secureworks. "As tensions continue to rise around Taiwan and the South China Sea, and China continues to drive forward with its Belt Road Initiative, a large proportion of China's cyber espionage apparatus will be regionally focused targeting governments and critical infrastructure projects, as well as dissidents and other individuals opposed to the Chinese state." "Iran will exploit the blurring of state-sponsored activity with cybercrime, both against regional adversaries and more broadly," says McLellan. The country will make use of offensive cyber operations under the guise of hacktivist and cybercrime personas to harass and intimidate regional adversaries, particularly Israel. If the mirror between kinetic and cyber activity holds true, we can expect North Korea to become more aggressive in cyber in 2023. Aggressive international cyber activity may never return to pre-war levels. "Nations will come to the table to discuss norms; China, Russia and others will inhibit progress," warns Mike Hamilton, founder and CISO at Critical Insight. He has two specific predictions for 2023 that might take cyber relations beyond the point of no return. Firstly, he suggests, "Russia will have its infrastructure disrupted as a demonstration of seriousness." Secondly, he adds, "Operational technologies will be disrupted/wiped, likely in the US water sector." "More-and-more, we are going to see the Internet as a primary forum for geopolitical activity. The classic diplomacy, information, military and economic options are seeing the rise of information options and a resurgence of military options from 2022. Going into 2023, it's to be hoped that diplomacy and economics rise to the fore, but for that to happen, the world would need to see an amenable-to-all-parties resolution to the Russia-Ukraine War or at least motion in that direction with a meaningful ceasefire; and detente in the South China Sea, which although a secondary area is another potential area of rising concern and clash of superpowers."
This Cyber News was published on www.securityweek.com. Publication date: Wed, 01 Feb 2023 12:46:03 +0000