Download Whitepaper: Achieving SIEM Efficiency Through Proactive Validation

Hacking and Cyber Warfare Go Hand in Hand

Date: August '23
Author: Pablo Ridgeway

Since December 2022, Sweden has experienced several politically motivated cyber-attacks. Anonymous, a well-known hacker group, took down the main government website as a protest against the extradition of a Kurdish politician to Turkey (1). In February 2023, a pro-Russian cybercriminal gang called Anonymous Sudan (2) orchestrated a series of Distributed Denial of Service (DDoS) attacks on Scandinavian Airlines, Swedish Railways, Swedish Post, and Telecom Authority. In the case of Scandinavian Airlines, some customer data has been leaked. It seems that wave of attacks is still underway.

Sweden has been under the geopolitical spotlight since the beginning of the war in Ukraine. Its membership application to NATO triggered a spiral of events involving Russia, Turkey, and political figures from far right and extreme Islamist groups. Anonymous Sudan, in collaboration with different nation-state actors, has been mobilising cyber-attacks to disrupt the operations of key institutions in Sweden in response to these geopolitical developments.

HACKTIVISM AND NATION-STATE BACKED ATTACK CAMPAIGNS

Political hacktivism is not new, and it is mostly orchestrated by groups with specific political agendas, in their own accounts, such as defending freedom of speech, supporting political asylum cases, or raising awareness of environmental concerns. Nation-state backed campaigns are far more dangerous and aim to take down critical infrastructures such as electricity, gas, and healthcare networks in the targeted countries.  Threat actors “offer” their services to facilitate and run these potentially very dangerous cyber attacks on behalf of others.

CYBERCRIME IS A BIG BUSINESS

The size of the cybercrime underworld is estimated at over 1 trillion USD, nearly ten times larger than the cybersecurity market overall. Over the years security researchers revealed extremely complicated and skilful threat actors that offer tools, infrastructure, information and services to groups and nations. Lazarus Group, REvil, Sandworm, Carbanak, UAC-0056 are a few of the many active threat actors that were behind high-profile attacks. These actors execute DDOS attacks, develop highly sophisticated malicious codes and exploit kits and make their infrastructure available for the use of others in exchange for money. Every piece of information (hacked personally identifiable information, compromised email accounts, etc), infrastructure (i.e. masked servers), tools (malware, ransomware etc) and services (i.e DDOS) have a price defined in the “free market” of the criminal underworld. For example, a DDoS attack service is currently marketed at around 5,000. – USD per day. Not at all expensive for a nation state.

CYBER WARFARE IS HAPPENING TODAY

Cyber warfare is not a futuristic dystopia. It is happening today with an increasing intensity. We experience city-wide electric cuts, communication interruptions, disrupted healthcare or travel services. USA, UK and EU have been tightening their legislations. New nationwide cyber security directives are put in effect one after the other. Collaboration among democratic countries is increasing.

Some strategic initiatives countries have been implementing to combat cyber warfare are:

  • tightening cyber security regulations for critical infrastructures
  • enforcing zero trust/micro segmentation to minimise and contain a possible damage
  • increasing awareness for good security practices such as the use of multi factor authentication and strong passwords
  • deploying deception technologies
  • making cyber security a CEO responsibility
  • deploying offensive security practices to take down cybercriminal infrastructures.

References:

(1) https://medyanews.net/hacker-group-anonymous-hacks-swedish-official-website-in-protest-at-extradition-of-kurdish-politician
(2) As it appears, Anonymous and Anonymous Sudan are two separate cyber threat actors.

RELATED RESOURCES

    Update cookies preferences