Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyberwarfare. Show all posts

Microsoft Source Code Heist: Russian Hackers Escalate Cyberwarfare

 


There was an update on the hacking attempts by hackers linked to Russian foreign intelligence on Friday. They used data stolen from corporate emails in January to gain access to Microsoft's systems again, which were used by the foreign intelligence services to gain access to the tech giant's products, which are widely used in the national security establishment in the United States. 

Analysts were alarmed by the disclosure as they expressed concerns about whether the U.S. government could use Microsoft's digital services and infrastructure safely. Microsoft is one of the world's largest software companies which provides systems and services to the government, including cloud computing. 

It has been alleged that the hackers have in recent weeks gained access to Microsoft's internal systems and source code repositories using information stolen from the company's corporate email system. The tech firm said that the hackers had used this information to access the company's corporate email systems. It is the nuts and bolts of a software program which make it work. 

Therefore, source code is of great importance to corporations - as well as spies trying to penetrate it. With access to the source code, hackers may be able to carry out follow-on attacks against other systems if they have access. During the first days of January, Microsoft announced that its cloud-based email system had been breached by the same hackers, days before another big tech company, Hewlett Packard Enterprise, announced that its cloud-based email system was breached. 

Although the full scope and purpose of the hacking activity is unclear, experts say the group responsible for the hack has a history of conducting extensive intelligence-gathering campaigns for the Kremlin. According to Redmond, which is examining the extent of the breach, the Russian state-sponsored threat actor may be trying to take advantage of the different types of secrets that it found in its investigation, including emails that were shared between Microsoft and its customers. 

Even though they have contacted the affected customers directly, the company didn't reveal what the secrets were nor what the extent of the compromise was. It is unclear what source code was accessed in this case. According to Microsoft, as well as stating that it has increased its security investments, the adversary ramped up its password spray attacks more than tenfold in February, in comparison to the "amount of activity" that was observed earlier in the year. 

Several analysts who track Midnight Blizzard report that they target governments, diplomatic agencies, non-governmental organizations, and other non-governmental organizations. Because of Microsoft's extensive research into Midnight Blizzard's operations, the company believes the hacker group might have targeted it in its January statement. 

Ever since at least 2021, when the group was found to have been behind a series of cyberattacks that compromised a wide range of U.S. government agencies, Microsoft's threat intelligence team has been conducting research on Nobleium and sharing it with the public. According to Microsoft, persistent attempts to breach the company are a sign that the threat actor has committed significant resources, coordination, and focus to the breach effort. 

As part of their espionage campaigns, Russian hackers have continued to hack into widely used tech companies in the years since the 2020 hack. US officials and private experts agree that this is indicative of their persistent, significant commitments to the breach. An official blog post that accompanied the SEC filing on Friday said that the hackers may have gathered an inventory of potential targets and are now planning to attack them, and may have enhanced their ability to do so by using the information they stole from Microsoft. 

Several high-profile cyberattacks have occurred against Microsoft due to its lax cybersecurity operations, including the compromise of Microsoft 365 (M365) cloud environment by Chinese threat actors Storm-0558, as well as a series of PrintNightmare vulnerabilities, ProxyShell bugs, two zero-day exchange server vulnerabilities known as ProxyNotShell that have been reported as well. 

Microsoft released the February Patch Tuesday update which addressed the admin-to-kernel exploit in the AppLocker driver that was disclosed by Avast six months after Microsoft accepted Avast's report about the exploit. The North Korean adversary Lazarus Group, which is known for exploiting the Windows kernel's read/write primitive to establish a read/write primitive on the operating system, used the vulnerability to install a rootkit on the system. The company replaced its long-time chief information security officer, Bret Arsenault, with Igor Tsyganskiy in December 2023 to alleviate security concerns.

ICRC issues new rules for hacktivists in war zones: What you need to know


How to be a responsible hacktivist in times of war

Hacktivism, the use of hacking skills for political or social causes, has become a common phenomenon in the digital age. Hacktivists can launch cyberattacks against governments, corporations, or other entities that they perceive as oppressive, corrupt, or unjust. However, hacktivism can also have unintended consequences, especially when it involves civilian hackers participating in armed conflicts.

The risks of patriotic hacking

Patriotic hacking is a form of hacktivism that aims to support one's country or group in a conflict. Patriotic hackers can target the enemy's websites, networks, or infrastructure, or they can leak sensitive information, spread propaganda, or disrupt communications. Patriotic hacking can be seen as a form of cyber warfare, but it is often done without the authorization or coordination of the official military or government.

This can pose serious risks for both the hackers and the victims. Hackers can expose themselves to legal prosecution, retaliation, or espionage from the enemy. They can also cause collateral damage to innocent bystanders, such as civilians, journalists, humanitarian workers, or neutral parties. Moreover, they can escalate the conflict or undermine the peace efforts by provoking the enemy or violating international law.

The rules of engagement for hacktivists

To address these risks and to protect civilians in cyberspace, the International Committee of the Red Cross (ICRC) has published a new set of rules of engagement for hacktivists involved in conflicts. The rules are based on the existing principles of humanitarian law, such as distinction, proportionality, necessity, and precaution. The rules aim to provide guidance and advice for hacktivists on how to conduct their activities in a responsible and ethical manner.

Some of the main rules are:

- Hacktivists should not target civilians or civilian objects, such as hospitals, schools, or media outlets.

- Hacktivists should not cause excessive harm or suffering to the enemy or to the environment.

- Hacktivists should respect the sovereignty and neutrality of other states and avoid interfering with their affairs.

- Hacktivists should not use malicious software or techniques that can spread uncontrollably or unpredictably.

- Hacktivists should not conceal their identity or impersonate others.

- Hacktivists should not cooperate with armed groups or state actors that violate humanitarian law.

The reactions of hacking groups

The ICRC's initiative has received mixed reactions from different hacking groups. Some groups have welcomed the rules and expressed their willingness to comply with them. They have recognized the importance of respecting human rights and international law in cyberspace. They have also appreciated the ICRC's recognition of hacktivism as a legitimate form of expression and activism.

However, some groups have rejected the rules and questioned their legitimacy and applicability. They have argued that the rules are unrealistic, impractical, or biased. They have also claimed that the rules are an attempt to restrict their freedom and autonomy. They have asserted that they will continue to hack according to their own principles and objectives.



Russians Hackers May Have Breached NHS Trust With 2.5 Million Patients

 

Intelligence authorities are currently engaged in an investigation into a suspected cyber attack targeting a prominent NHS trust, which serves a vast patient population of 2.5 million individuals. This incident involves a notorious group specializing in ransomware attacks, who have asserted that they possess significant volumes of sensitive data extracted from Barts Health NHS Trust. 

The attackers have issued a deadline of Monday, after which they intend to publicly disclose the pilfered information. On Friday, a group known as BlackCat or ALPHV made a statement asserting that they have successfully breached the security of the targeted organization, gaining unauthorized access to sensitive employee information such as CVs and financial data, including credit card details. 

Additionally, they claimed to have obtained confidential documents pertaining to individuals' identities. The exact nature of the information involved in the incident remains uncertain, including whether it includes patient data or if the hacking group has effectively infiltrated the trust's systems. 

Nevertheless, the situation introduces the possibility that private data belonging to the extensive patient population of approximately 2.5 million individuals served by Barts Health NHS Trust may be exposed on the dark web. In response to these developments, the trust, which encompasses six hospitals and ten clinics in East London, expressed its immediate commitment to conducting a thorough investigation into the claims. 

BlackCat emerged onto the radar in 2021 and has gained a reputation as one of the most advanced malware operations to date. According to reports, the group responsible for BlackCat managed to infiltrate approximately 200 organizations during the period spanning November 2021 to September 2022. 

The gang's modus operandi involves employing various extortion techniques against their victims. These tactics include issuing individualized ransom demands, which encompass requests for decryption keys to unlock infected files, threats of publishing stolen data, and warnings of launching denial of service attacks. 

According to sources at The Telegraph, The National Cyber Security Centre (NCSC), which operates under the purview of GCHQ, is actively involved in the ongoing investigation. Ransomware attacks employ specialized software to either extract sensitive data from the victim or restrict their access to it. 

In certain instances, the attackers employ encryption techniques to lock the targeted files, subsequently demanding a ransom in exchange for providing the decryption key. In 2017, the NHS experienced a significant and widespread impact from the global "Wannacry" ransomware attack, resulting in a temporary halt of operations within the healthcare system. 

The severity of the situation necessitated the urgent transfer of critical patients from affected hospitals to alternative facilities. Notably, the hacking group did not make any mention of an encryption key in their communication. 

Experts in the field have put forward a hypothesis that this omission could potentially indicate that the gang has not encrypted the pilfered information. Instead, they might be employing a strategy commonly seen in such cases, aiming for a swift payment from the targeted organization. This tactic has become increasingly prevalent in recent times.

Cyberwarfare Leaks Reveal Russia's Sweeping Efforts and Potential Targets

NTC Vulkan is a cybersecurity consultancy firm based in Moscow, which appears to offer ordinary cybersecurity services on the surface. However, a recent leak of confidential documents has revealed that the company's engineers are also involved in the development of advanced hacking and disinformation tools for the Russian military.
 
The leaked documents indicate that NTC Vulkan has been working with several Russian military and intelligence agencies including the FSB, GOU, GRU, and SVR to support cyber operations. 

In addition to this, one of the company's cyber-attack tools, Scan-V, has been linked to the notorious Sandworm hacking group. The tool searches for internet vulnerabilities and saves them for future use in cyber-attacks. 

Another system developed by NTC Vulkan, known as Amezit, is a comprehensive framework for controlling and monitoring the internet in regions under Russia's command. This system enables the spread of disinformation through the use of fake social media profiles, in addition to surveillance and monitoring of the internet. 

The third system developed by NTC Vulkan, Crystal-2V, is a training program for cyber operatives in the methods required to bring down rail, air, and sea infrastructure. The information processed and stored by the Crystal-2V system is deemed "Top Secret." 

It is a very unusual or rare incident, thousands of pages of secret documents dated from 2016 to 2021, have been revealed by an anonymous source, however, he approached the German newspaper Süddeutsche Zeitung just days after the Russian invasion of Ukraine began. The unknown source expressed anger over the Russian government's actions in Ukraine and the role played by NTC Vulkan in supporting those actions. 

 According to him, the GRU and FSB, two of Russia's most prominent intelligence agencies, were "hiding behind" NTC Vulkan. The individual also expressed a desire to make the information contained in the leaked documents public to raise awareness about the dangers posed by the company's activities and the Russian government's actions. 

The authenticity of the Vulkan files has been confirmed by five western intelligence agencies, while both the company and the Kremlin have remained silent on the matter. The leaked documents reveal emails, internal documents, project plans, budgets, and contracts that shed light on Russia's cyber warfare efforts in the midst of a violent conflict with Ukraine. 

It is unclear if the tools developed by Vulkan have been used for real-world attacks. However, it is known that Russian hackers have targeted Ukrainian computer networks repeatedly. The documents also suggest potential targets, including the USA and Switzerland. 

Nevertheless, advanced hacking and disinformation tools are being used by the Russian military and intelligence agencies. This raises significant concerns about the nature and scope of Russia's cyberwarfare capabilities.

Chinese-Designed Apps Pose Greater Privacy Risks to Americans

 

As the US Congress considers a ban on the Chinese social media app TikTok over security concerns, millions of Americans continue to download Chinese-designed apps that pose even greater privacy risks. Despite this, there has been no outcry from lawmakers or regulators about these apps.

Chinese apps have been growing in popularity in the US, with many of them collecting vast amounts of user data. Unlike TikTok, which has faced scrutiny over its data privacy practices, these apps have largely flown under the radar. 

One such app is WeChat, a messaging app that has become a popular way for Chinese-Americans to stay in touch with friends and family in China. WeChat has been accused of monitoring users’ conversations and sharing data with the Chinese government. 

Another app that has raised concerns is Zoom, a video-conferencing app that has seen a surge in popularity due to the COVID-19 pandemic. Zoom has been criticized for its lax security practices and for sharing user data with third-party companies. 

Despite these concerns, many Americans continue to use these apps without fully understanding the risks involved. This is partly due to a lack of awareness about the potential dangers of Chinese-designed apps, as well as a lack of viable alternatives.

While the US government has taken steps to restrict the use of Chinese technology in certain industries, such as telecommunications, it has yet to take action against Chinese-designed apps. This has left Americans vulnerable to potential privacy breaches and other security risks. 

In conclusion, the debate over TikTok has brought attention to the potential privacy risks posed by Chinese-designed apps. However, it is important for lawmakers and regulators to also consider the risks posed by other apps, and to take steps to protect American consumers from these risks.

How ChatGPT May Act as a Copilot for Security Experts

 

Security teams have been left to make assumptions about how generative AI will affect the threat landscape since ChatGPT-4 was released this week. Although it is now widely known that GPT-3 may be used to create malware and ransomware code, GPT-4 is 571X more potent, which could result in a large increase in threats. 

While the long-term effects of generative AI are yet unknown, a new study presented today by cybersecurity company Sophos reveals that GPT-3 can be used by security teams to thwart cyberattacks. 

Younghoo Lee, the principal data scientist for Sophos AI, and other Sophos researchers used the large language models from GPT-3 to create a natural language query interface for looking for malicious activity across the telemetry of the XDR security tool, detecting spam emails, and examining potential covert "living off the land" binary command lines. 

In general, Sophos' research suggests that generative AI has a crucial role to play in processing security events in the SOC, allowing defenders to better manage their workloads and identify threats more quickly. 

Detecting illegal activity 

The statement comes as security teams increasingly struggle to handle the volume of warnings generated by tools throughout the network, with 70% of SOC teams indicating that their work managing IT threat alerts is emotionally affecting their personal lives. 

According to Sean Gallagher, senior threat researcher at Sophos, one of the rising issues within security operation centres is the sheer amount of 'noise' streaming in. Many businesses are dealing with scarce resources, and there are just too many notifications and detections to look through. Using tools like GPT-3, we've demonstrated that it's possible to streamline some labor-intensive proxies and give defenders back vital time. 

Utilising ChatGPT as a cybersecurity co-pilot 

In the study, researchers used a natural language query interface where a security analyst may screen the data gathered by security technologies for harmful activities by typing queries in plain text English. 

For instance, the user may input a command like "show me all processes that were named powershelgl.exe and run by the root user" and produce XDR-SQL queries from them without having to be aware of the underlying database structure. 

This method gives defenders the ability to filter data without the usage of programming languages like SQL and offers a "co-pilot" to ease the effort of manually looking for threat data.

“We are already working on incorporating some of the prototypes into our products, and we’ve made the results of our efforts available on our GitHub for those interested in testing GPT-3 in their own analysis environments,” Gallagher stated. “In the future, we believe that GPT-3 may very well become a standard co-pilot for security experts.” 

It's important to note that researchers also discovered GPT-3 to filter threat data to be significantly more effective than utilising other substitute machine learning models. This would probably be faster with the upcoming version of generative AI given the availability of GPT-4 and its greater processing capabilities. Although these pilots are still in their early stages, Sophos has published the findings of the spam filtering and command line analysis experiments on the SophosAI GitHub website for other businesses to adapt.

Attacks are Being Outmanoeuvred by AI Cybersecurity in Novel Ways

 

These days, chatbots that use artificial intelligence (AI) are the hot topic. Yet, AI cybersecurity is one of the software program's most rapidly expanding functions. That's because real-time detection and defence against cyberattacks saves money for businesses, governments, and people alike. 

According to MarketsandMarkets Research, the global AI cybersecurity market is worth $22.2 billion this year. However by 2028, it's projected to grow to $60.6 billion. A 21.9 percent compound annual growth rate applies to that. 

An increase in cyberattacks 

Cybercrime affects 97 people or businesses every hour, the report by SurfShark reads. Due to this, 2,328 successful cyberattacks will be launched on the day you read this, causing millions of dollars in losses. 

According to Cybersecurity Ventures, those losses should rise by 15% annually. By 2028, it is anticipated that yearly losses will amount to $10.5 trillion. 

“If it were measured as a country, then cybercrime would be the world’s third-largest economy after the U.S. and China,” stated Steve Morgan, founder of Cybersecurity Ventures. 

Expanding AI cybersecurity response 

AI and its partner machine learning are the officers on the beat to stop this growing cybercrime wave (ML).

“AI is big data,” explains Mansour Khatib, CEO of GBT Technologies, Inc., Santa Monica, CA. “AI manages massive amounts of data to detect something that’s suspicious. It can stop an attack and, based on the data it has gathered, it can know the attack’s next move.” 

Global cyberattack data is continuously gathered by AI. ML can comprehend industrial and worldwide risks to thwart an attack using the knowledge gathered by AI. 

Flexibility in AI cybersecurity 

In theory, humans are capable of doing the same tasks as AI cybersecurity. People don't notice a system is under attack for a very long time, though. There have been numerous successful attacks on systems run by AI that went unnoticed for days. Cybersecurity in the past has its limitations. After malware is discovered, it is blacklisted and information is analysed on it. This approach might thwart attacks from that particular malware, but it cannot identify brand-new, original threats. 

In addition to being faster and more powerful, AI is also more adaptable than conventional cybersecurity techniques. An AI cybersecurity system uses ML to identify new attacks and attackers based on similarities to past ones, learn patterns, and identify correlations between patterns. In other words, AI may change as needed. 

Cybersecurity's future with IoT And AI

The use of physical devices that send and receive information via the internet is enabling an increase in global connectivity. The Internet of Things is therefore used to describe that. Cell phones, automobiles, thermostats, and even refrigerators are among examples.

Today's refrigerators can alert you when you run low on something or are out of it so you may replenish it, claims Khatib. The fridge can communicate with your smartphone or home assistant, such as Google Assist or Amazon, by sending messages via Wi-Fi. Cyber criminals have new ways to steal your financial and personal information as more objects are connected to the internet. 

It's possible that you own a smart bulb, Khatik speculates. This lightbulb transmits data to you via your router. By accessing the light bulb, someone may take control of your router. They might then access your computer and obtain a variety of information from there. 

Such attacks might be thwarted using AI cybersecurity. Can you afford it, though? Khatib responds, "Definitely. Protection for your house and personal devices is getting more affordable in today's society. An inexpensive PC with fingerprint recognition is available right now." 

According to CujoAl's analysis of 1.7 billion connected devices in North America between April 2021 and April 2022, almost half of them are unable to operate antivirus software. To secure all of the devices connected to a network, AI cybersecurity can be included into a router.

Customers are Being Used as Cyber "Crash Test Dummy," Says CISA Director

 

The CEO of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, referred to the current state of commercial cybersecurity as "unsustainable," and she argued that businesses, consumers, and the government as a whole needed to change their expectations so that users, not the major software and hardware manufacturers, would be held accountable for insecure products. 

A policy from the Biden administration that will place more of an emphasis on controlling the security and safety design decisions made by technology makers is anticipated to be released in the coming days. 

In a speech given on February 27 at Carnegie Mellon University, Easterly claimed that American lawmakers, consumers, and users of third-party products had allowed software programmes rife with flaws or hardware that was vulnerable on practically every level to become the standard. 

“We’ve normalized the fact that the cybersecurity burden is placed disproportionately on the shoulders of consumers and small organizations, who are often least aware of the threat and least capable of protecting themselves. We’ve normalized the fact that security is relegated to the IT people in smaller organizations, or to a chief information security officer and enterprises,” stated Easterly. “But few have the resources and influence or accountability to incentivize adoption of products in which safety is appropriately prioritized against cost, and speed to market and features.”

Easterly pointed out that Beijing's decades-long campaign of cyber-enabled espionage and intellectual property theft has been far more detrimental to U.S. economic and national security, even if those intrusions aren't similarly visible to the naked eye. While the U.S. reacted collectively with shock and anger at the sight of a surveillance balloon launched by China that crossed over American borders earlier this month, she noted that Beijing's campaign has been far more damaging to the U.S. 

The public hears about hundreds of significant breaches of corporations each year through the mainstream media, legislation requiring breach disclosure, ransomware leak sites, and other sources. They are but a portion of the issue because there are a great number of other invasions that go unnoticed or unreported.

Until the commercial sector prioritises security and safety on the front end, eliminating occasions like "Patch Tuesday" as an anachronism, adversaries like Russia and China, ransomware groups, and hackers will continue to take advantage of that paradigm. 

“The cause, simply put, is unsafe technology products, and because the damage caused by these unsafe products is distributed and spread over time, the impact is much more difficult to measure, but like the balloon, it’s there,” said Easterly. “It’s a school district shut down, a patient forced to divert to another hospital, another patient forced to cancel a surgery. A family defrauded of their savings, a gas pipeline shutdown, a 160-year-old college forced to close its doors because of a ransomware attack, and that’s just the tip of the iceberg.”

Role of large businesses 

The biggest firms, or "those most capable and in greatest position to do so," should be held accountable by society for protecting technology, according to Easterly. This includes standardising basic security features, such as logging, identity protection, and access controls, into base rate packages rather than as an added feature in higher priced tiers. It also includes having a "radically" transparent disclosure process for vulnerabilities as well as internal statistics around the use of multifactor authentication and other basic protections. 

She also suggested a number of legislative options for Congress to take into consideration, such as prohibiting manufacturers from structuring their contracts and terms of service to disclaim all liability for security incidents resulting from the use of their products, establishing higher security standards for software used in specific critical infrastructure sectors, and creating a legal framework to provide Safe Harbor from liability for businesses that do take meaningful security measures. 

Later, during a Q&A session, Easterly said she might be in favour of excluding from legal liability businesses that have been attacked by well-funded and knowledgeable nation-states, but she emphasised that these attacks represent just a small portion of the malicious cyber activity that affects American citizens and businesses every day. 

Although executives from firms like Google and Microsoft have made public statements endorsing similar principles of moving towards security by design and implemented some initiatives, it is still unknown how much they will ultimately embrace the regulations that Easterly and the Biden administration have in mind. Any legislation would need to clear the Republican-controlled House, which is no easy task, if it were to be pursued during the following two years.

While regulation is anticipated to play a significant role in the Biden administration's cyber strategy, it is just one of many pillars of action that were mentioned in earlier draughts, and Easterly emphasised that regulation won't be able to address all of our problems on its own. Many of the same issues can also be solved through other means, such as using the government's purchasing power to encourage better baseline security among its hundreds of thousands of contractors, continuing collaborative initiatives like the Joint Cyber Defense Collaborative, and encouraging wider adoption of safer software development techniques like memory safe languages and software bills of material. 

Easterly cautioned that, despite how challenging this effort will be, continuing with the status quo will cause American consumers and businesses much more harm in the long run – in both the cyber and physical spheres. 

"Imagine a world where none of the things we talked about today come to pass, where the burden of security continues to be placed on consumers or technology manufacturers continue to create unsafe products or upsell security as a costly add-on feature, where universities continue to teach unsafe coding practices, where the services that we rely on every day remain vulnerable. This is a world that our adversaries are watching carefully and hoping never changes,” she concluded.

Cyberwarfare Threat Looming Large on Firms Worldwide

 

Over the past ten years or so, the environment for cyber threats has undergone a significant transformation, which has accelerated in recent years. The term "cyberwar" didn't even exist until 30 years ago, and it's still somewhat debatable today. 

Once upon a time (that time being just a few years ago), the majority of private businesses had no reason for immediate concern. However, the distinctions between nation-state adversaries, cybercrime organisations, and rogue threat actors continue to become more and more hazy, making practically any company and any device fair game for cyberwarfare. The Armis State of Cyberwarfare and Trends Report: 2022-2023 examines the situation more closely and offers information on whether or not organisations are sufficiently equipped to defend themselves. 

The report focuses on the opinions of IT and security experts from around the world regarding the state of cyberwarfare today and market trends. It offers insightful information on the opportunities and challenges faced by businesses as they work to safeguard their assets and secure their networks. The study was conducted by surveying more than 6,000 IT and security professionals worldwide from all major industry verticals. 

Technology: A double-edged sword 

Technology is frequently a mixed blessing, which is one of the report's most notable findings. Anything that makes your life simpler or more convenient for you can, in theory, be used against you by attackers or expose you to a higher risk in some other way.

Technology is increasingly reliant on artificial intelligence (AI) and machine learning (ML). These technological advancements are being used to automate the detection and response to cyber threats, which is assisting businesses in better protecting their assets and networks. The report does point out, however, that there are worries about how these technologies might be misused for bad, and that more oversight and regulation are required in this area. Concerns about the potential use of generative AI tools like ChatGPT to create malicious code and exploits have recently grown. 

The Armis report highlights the growing threat that cyberattacks that target critical infrastructure pose to businesses. This includes attacks on systems that are crucial to the operation of contemporary society, such as medical equipment and industrial control systems. While these attacks don't specifically target organisations (aside from the provider of critical infrastructure), any attack that affects the critical infrastructure that businesses depend on can have disastrous effects on those businesses. In accordance with the report, these attacks are becoming increasingly sophisticated and are frequently carried out by advanced persistent threat (APT) groups, which are outfitted with the resources and technical know-how necessary to get around conventional security measures.

In the report's introduction, Nadir Izrael, CTO and co-founder of Armis, mentions that experts believe threat actors will be able to weaponize OT (operational technology) environments by 2025 in order to hurt or kill people. The shift from reconnaissance and espionage to kinetic application with tangible effects is a trend in cyberwarfare, he observes. 

“These kinetic cyberweapons have already been discovered in the wild, although none specifically have been deployed to lethal effect. For example, the Triton malware discovered in 2017 targeted and disabled safety instrumented system (SIS) controllers of a Saudi Arabian petrochemical plant which could have contributed to a plant-wide disaster had the problem not been identified. And in February 2021, a hacker attempted to poison the water supply facility of a small U.S. city in the state of Florida via remote access. We have already seen ransomware attacks against the healthcare sector result in human deaths, so the potential impact of cyberattacks—whether intentional or unintentional—is clear.” 

Can we survive cyber warfare? 

Many organisations have been caught off guard by the threat landscape's quick change. The scope of the threat is difficult for businesses of all sizes and in all sectors to comprehend, and many do not have the necessary cyber defences in place.

In a press release, Armis summarised some of the report's most important findings. These results highlight some of the major obstacles that organisations must overcome in order to adjust to the new reality. 

  • The threat of cyberwarfare is not being taken seriously by one-third (33%) of international organisations, who report being unconcerned or indifferent about how it will affect their organisation as a whole, creating security gaps. 
  • Nearly a quarter (24%) of international organisations believe they are unprepared to handle cyberwarfare. Nevertheless, preventing nation-state attacks comes in last on the IT professionals' list of security concerns (22%). 
  • The statement that "The war in Ukraine has created a greater threat of cyberwarfare" is accepted by more than three out of five (64%) IT and security professionals polled.
  • Between May 2022 and October 2022, compared to the six months before, more threat activity was reported on networks by over half (54%) of professionals who are the sole decision-makers for IT security. 
  • The majority (55%) of IT professionals polled concurred with the statement that "My organisation has stalled or stopped digital transformation projects due to the threat of cyberwarfare." In some nations, like Australia (79%), the U.S. (67%), Singapore (63%), the UK (57%), and Denmark (56%), this percentage is even higher. 
  • IT professionals around the world responded differently when asked about their company's policy on paying ransoms in the event of a ransomware attack. Twenty-four percent of respondents said their organisation always pays, 31% said their organisation only pays when customer data is at risk, 26% said their organisation never pays, and 19% said it depends. 
  • A little more than seven in ten (76%) of the IT professionals polled concur that, in response to the threat of cyberwarfare, the boards of directors are changing the organisational culture with regard to cybersecurity. 
  • Nearly 2 in 5 (37%) of the IT professionals surveyed believe it is extremely likely that their company will increase its investment in cybersecurity in light of recent and ongoing unexpected global events (such as the pandemic, the conflict in the Ukraine, etc.) 

Combating future cyberwars 

The report emphasises how crucial asset visibility is to maintaining business network security. Businesses must have a thorough understanding of the hardware and software that connect to their networks in order to identify threats quickly and take appropriate action. With the goal of becoming the "Google Maps" of the IT environment or attack surface, Armis is committed to giving its users the visibility they require. To assist them in overcoming these obstacles, they collaborate with clients like the City of Las Vegas, Takeda Pharmaceuticals, and an increasing number of governmental bodies.

Yevgeny Dibrov, the CEO of Armis, and Nadir Izrael, the CTO, were interviewed by Tony Bradley, Editor-in-Chief at TechSpective. Regarding the visibility of assets, Dibrov stated, "Every client should ask themselves, 'What are my assets? What are my assets, exactly?

In a data centre environment, a manufacturing environment, a hospital, a critical infrastructure facility, or a government facility, the most fundamental question is, "What do I have?" he continued. 

“I think cyberwarfare in general has become kind of an above board thing that nation-states do, as opposed to maybe a decade or two ago where everything was hush-hush and under the covers—like these covert attacks that were never attributable. That change is huge in our overall industry. It's huge for countries. In fact, from our perspective it paints cyberwarfare as the new terrorism,” Izrael stated. “It is the most cost-effective way of waging war on multiple levels and something that we're seeing more and more examples of as we progress.”  

Since it is unlikely that we will be able to put the genie back in the bottle in the future, it will be crucial for organisations to understand the answers to the questions Dibrov posed and have that "Google Map" of their environment to work with.