The threat of cyberwarfare is not something to be feared in the distant future; on the contrary, it is something that is already here and now. Our networked world is fraught with security holes that make it a terrible reality. While cyber terrorism may seem like something from a fantasy movie,
Mobile applications and e-commerce have made life easier for customers due to the digital revolution. A move to remote work settings also benefits productivity and performance. Crime and political activism may utilize the contemporary internet to their advantage, whether to achieve financial gain, influence government, or disrupt the political system.
Here are seven things to be on the lookout for in 2022 regarding cyberwarfare and cybersecurity.
Damage to a website
This kind of cybercrime is typically committed against tiny websites with weak protection and no regular upkeep. Even though many criminals are young, amateur hackers who intend to harm anybody, the propaganda surrounding these instances is a worrying trend for international relations.
An Iranian-linked website was defaced in 2020 by pro-Iran hackers who left their social media usernames with protest messages. In the past, groups based in China and Taiwan performed reciprocal defacing assaults for many years, which only exacerbated the already tense relationship between the two countries. The relevance of “small” website defacing should not be overlooked when dealing with complicated political matters.
Denial of Service (DDoS) Attacks on a Large Scale
Multiple computers are used in DDoS assaults to flood an IT security system with data from several sources all at once. An attacker might employ this tactic, such as penetration of ransomware, to trip the system and divert the attention of security professionals.
In the commercial sector, particularly in the financial sector, this form of assault is becoming more widespread. Over 200 Belgian institutions, including the government and parliament websites, were targeted by DDoS assaults in the second half of 2021.
Individual persons, organized associations, and even nation-states may engage in cyberwarfare. DDoS assaults are being actively monitored by security professionals, who are keeping tabs on their origins and their effects on enterprises and countries alike.
For more than three decades, F-chief Secure’s research officer, Mikko Hyppönen, has worked with law enforcement to combat cybercrime. Malware development and deployment by national governments and intelligence agencies was unthinkable in the 1990s,” says the source. It sounds like something out of a science fiction novel, says the man who came up with it. “However, it’s clear in retrospect.” It all makes sense now. Excellent weaponry may be found in cyberspace. There is no doubt that they are cost-effective as well as tamper-proof.”
Computer information, data, and programs are held hostage by ransomware—malicious software—until a victim pays the attacker. If you don’t pay the ransom, you’ll lose all you’ve worked so hard to build up over the years.
An increasing number of firms have been forced to pay millions of dollars to extortionist gangs due to this rising issue. In 2021, ransomware assaults were more widespread than ever before. When it comes to cyberwarfare, the same strategies may be utilized in a wide range of assaults, including those motivated by financial gain for the perpetrators.
Increase in the Usage of Cryptocurrency
Ransomware attacks and “hacking for hire” firms are now being funded using cryptocurrencies by cybercriminals. This makes it an ideal tool for thieves since it can be exchanged anonymously. It would be almost hard for victims to pay with any other recognized money on short notice because of the enormous amounts involved.
Cybercriminals from the Russian ransomware gang “REvil” were able to infiltrate minor public sector organizations, financial institutions, and educational institutions throughout the United States in July 2021 by exploiting previously undisclosed software flaws. Hundreds of US firms were targeted, and the attackers wanted $70 million in Bitcoin in exchange for their services.
The most well-known ransomware assault is the Colonial Pipeline in Virginia. In a Bloomberg article, the FBI claims to have recouped most of the ransom from the Russian gang accused of being responsible for the assault.
Cryptocurrency has several cybersecurity risks, including:
The market for non-fungible tokens, or NFTs, saw a significant increase in interest in 2021. As of August 2021, OpenSea has a transaction volume above $3.4 billion, making it the biggest NFT market in the world. According to a CheckPoint Research report, users’ accounts and cryptocurrency wallets might be vulnerable to theft if malicious NFTs are produced. It was fortunate that OpenSea acted fast to remedy the flaws and enhance security measures surrounding NFT trading.
Coinciding with the most significant attack in the decentralized financial field, hackers stole $600 million in August 2021. Interestingly, the hacker has subsequently returned all tokens to Poly Network after discovering a flaw in their system. After the assault, “Mr. Whitehat” claimed he stole the cash to keep them secure, depositing the coins in a “trusted account” to draw attention to the problem before a third party exploited it. Unfortunately, not every hack has a good conclusion.
Cryptocurrency ransom demands aren’t the only method fraudsters take advantage of the decentralized nature of banking. As new paradigms in banking such as digital currencies and neobanks emerge, financial crime becomes a concern for all of us. More situations like this might still be expected in 2022 despite the increasing inspection of bitcoin.
Operational Technology (OT) Environments that can be used as weapons.
According to research firm Gartner, threat actors will weaponize operational technology (OT) settings to hurt or kill people by 2025. In order to prevent individuals from accessing programs or assets, hackers have previously been able to shut down crucial hardware and software.
Currently, Tarah Wheeler is a Cybersecurity Fellow at Harvard’s Kennedy School of Government. The WannaCry ransomware assault, for example, could be considered a war crime, according to her. Hackers operating in North Korea first targeted the United States, then the United Kingdom’s National Health Service (NHS), and Spain’s Telefonica.
Patients were unable to get cancer treatments when emergency rooms were shut down. There are still certain gaps in our knowledge. According to Wheeler, “We don’t know how many people would have perished if the assault hadn’t been stopped by a 23-year-old finding a kill switch.”
Attempts to poison the water supply in Florida and the Colonial Pipeline attack show how susceptible our linked world is in the cloud era. Drones and autonomous vehicles will almost certainly be used in cyber warfare operations in the future.
Among the most advanced ransomware assaults, penetration tools play a key role. Ironically, these tools were originally created to assist firms in analyzing their security posture and uncover potential vulnerabilities.
It’s no longer only the military and financial sectors that hackers are targeting. In order to acquire network access and collect data, hackers using advanced persistent threat (APT) assaults use a variety of concentrated penetration approaches.
The University of the Highlands and Islands (UHI) was forced to shut all 13 of its colleges and facilities in March 2021 due to a cyber assault. Cobalt Strike, a popular penetration testing toolset used by security researchers, was confirmed to be employed by the attackers.
The market for pentesting is expected to reach $3 billion by 2027 because of this form of cybercrime. In 2022, we should anticipate an increase in data espionage and extortion assaults as hackers refine their weapons.
An altered production including photos, video, audio, and text information that makes it seem someone has said or done something they never really said or did is known as a “deep fake,” a combination of “deep learning” and “fake” according to Wikipedia.
Deepfakes are becoming increasingly common as artificial intelligence and deep learning technologies grow more powerful and affordable. In the year 2020, a deepfake phone call fooled a Hong Kong bank manager into thinking he was speaking to a recognizable voice—a corporate director. The director and a lawyer exchanged fictitious communications, and the manager quickly approved the $35 million transfer request.
Large-scale robberies on banks or manipulation of stock markets might be carried out via voice cloning and deep fakes. This could cause panic in financial markets and the larger public realm. Malicious actors will use false material like deepfakes and voice cloning in foreign influence operations during the next 12-18 months, according to the FBI’s prediction in March 2021.
Why Cybersecurity Is at a Crossroads in 2022
Amazon thwarted the greatest distributed denial of service (DDoS) assault in history in February 2020. According to specialists in online security, some called it “a warning we should not ignore” at the time. It’s not only e-commerce security that we need to worry about as we go towards 2022. Several media sources have already predicted a “Cyber Cold War” due to political turmoil between various superpowers.
Thirty nations met in October 2021 to create the Global Counter-Ransomware Initiative under the auspices of the US. An important first step toward forming a cohesive defensive front and law enforcement coordination on critical cybersecurity challenges, such as the unlawful usage of Bitcoin, was taken by the White House National Security Council in an online meeting.
Imagine waking up in the morning and hearing on the news that your nation had been the target of a large, coordinated cyber assault. Banks, energy utilities, transportation hubs, and hospitals have all been targeted by hackers at the highest echelons of government.
Even while it seems impossible, we live in a world where such a situation is completely plausible. As technology advances and political unrest persists, businesses must do more to protect their systems from attack, particularly between powerful countries.
Cyberspace combat is unexpected and difficult to follow. However, security teams may learn from every event.