The world is going to see more coordinated cyber operations from state-sponsored actors (APTs), working together and who share one common goal, to cause major problems, a cyber-security expert told TechRadar Middle East.
“It is an arms race between the defenders and the hackers. What is happening is that as the defenders are getting better, the lower-level hackers are getting cut out while people at the top are getting sophisticated to do what they are doing,” said Evan Kohlmann, Founder and Chief Innovation Officer at US-based business risk intelligence firm Flashpoint.
Kohlmann has fifteen years of experience in tracking Al Qaida, ISIS and other terrorist groups and has been consulted for the US Department of Defense, the US Department of Justice, the Australian Federal Police, and Scotland Yard’s Counter Terrorism Command, among others.
“We are seeing a new era of coward warfare at a very little cost and that is tremendously effective. Launching a cyber-attack is also very cheap and it is very difficult to attribute to anybody but it is tremendously effective, even if it is hacking a Twitter account,” he said.
“People who have the advantage are the states sponsored groups. We are going to see an expansion of coward warfare using technology which is difficult to attribute it to,” he said.
Moreover, he said the folks that are attacking companies, countries and governments are not just hackers but also terrorists.
“Threatening activity from illicit actors and online communities can harm an organisation’s business, stakeholders, employees and customers. So, intelligence programmes have become essential for minimising business risk, especially for cyber threat intelligence, fraud, insider threat, corporate and physical security, and third-party risk teams,” he said.
In the past year, Flashpoint analysts have observed the Iran-linked Al Houthis in Yemen deploying increasingly lethal and long-range drones and also shifting their attacks towards strategic soft targets, including essential civilian infrastructure in a bid to up the ante.
APTs becoming a major strategic threat
Kohlmann said that hacktivists are selling access to Scada, ICS (industrial control infrastructure) and IoT systems from any country in the dark web and holders of these vulnerabilities can easily create a lot of critical infrastructure problems for a country.
Today, he said that industrial control infrastructure is seen as a big part of the growth of a country and has become a significant target for attackers.
Most of these systems are used in electricity infrastructure, water and wastewater systems, oil and natural gas, transportation, chemicals, pharmaceuticals, paper and pulp, food and dispersed products (cars, aerospace and durable goods).
“The technology used in drones and missiles are not only a threat to the government but also everyone. We don’t know what kind of threat it poses,” he said.
Last 20 years, he said that everyone is focused on Al Qaida and Daesh, etc.
“Now, we are seeing a switch back to state-sponsored attacks because they have the technology that they can give it to the terrorist groups that is much more effective. State-sponsored attacks are becoming a major strategic threat in the Middle East. It is not only the governments that have to be concerned about but also companies,” he said.
“The drones and cyberattacks, all fit into a strategy we see evolving. These folks [state-sponsored actors] can launch strikes against their enemies in a coward way and at a very cheap cost,” he said.
Going after economic sabotage, espionage targets
Moreover, Kohlmann said that most of these technologies are controlled by human beings right now but if it is being operated by automated entities, “how do you tell the machine to stop.”
“What happens if a computer is not educated what to do and runs out of instructions, the result will be catastrophic? Human beings can make complex judgments on situations they haven’t countered before and that they don’t understand,” he said.
China, North Korea, Russia, Iran and up to some extent Syria, he said, are the leaders in state-sponsored attacks.
“These groups are going after targets that have nothing to do with international security and going after economic sabotage and espionage targets. These APTs are run by human beings and some of these are individuals who have been recruited from outside into this mission due to their unusual abilities and not because of who they are.
“It is difficult to predict someone like that and what is he going to do and it usually comes to the notice when they have happened or happening,” he said.
Furthermore, he said that cyber-attacks, which used to target government agencies and large corporates through ransomware, are going to target smaller- and medium-sized businesses (SMEs) not heard of before, with breaches costing thousands of dollars and never getting caught.
“SMEs think that having a firewall is enough but that is a mistake when especially looking at the ransomware attacks. They are easy targets and money to be made and an easy way to rip them off,” he said.