In Ukraine, everything is at stake. A country decimated by physical war, its people now live in the crosshairs of a new kind of conflict that could spell geopolitical disaster — cyberwar — which is often more about taking down a power grid (or exploding it) than about stealing your personal information. This is cyber espionage at its highest level. It's a new form of political assault with global implications: destructive programs targeting critical infrastructure and exfiltrating confidential information at governmental and societal levels. The burning question is what comes next?
In 2014, Wired Magazine reported a growing connection between nation-states and criminal organizations in the digital domain. Remember the 2017 NotPetya cyberattack, which threw Ukrainian airports, railways, and banks into disarray? Nation-states are not afraid to take their digital warfare to their targets’ government and private infrastructures and to shut down government and private transportation and communication systems. NotPetya crippled Merck, Maersk, and Fedex’s European subsidiary.
"Nation-state actors aggressively target and gain persistent access to public and private sector networks to compromise, steal, change, or destroy information. They may be part of a state apparatus or receive direction, funding, or technical assistance from a nation-state." (Center for Internet Security)
Geopolitical Cybercrimes
Cybercriminal agents of guileful governments aim to misuse technology for offensive and destructive purposes. Deepfakes, a combination of deep learning and fake news, for example, have already been used to destabilize the coalition government of Malaysia in 2019. A UK firm transferred 200,000 pounds to a Hungarian bank account as the result of a deepfake impersonation. Password guessing systems can be found on Github. The impersonation of entire communities of social network users can now outsmart a platform’s bot detection; this has been used to gain trust to exploit human nature in political and social campaigns.
Investigations of past cyberattacks that were likely of political origin show the attacks to have been far less devastating than they could have been. The attackers may have simply been more technically competent in designing the attacks than they were in planning the consequences, unaware that they could have done far more damage. A more disturbing reason for the limited damage of past attacks, and one assumed by investigators, is that these past attacks were mere tests of offensive capabilities, intentionally reduced in scope to lessen the likelihood of defensive measures being developed.
These tests have, however, confirmed that it is not only possible to cause electrical grids to shut down, but to also cause extensive physical damage to them that could take weeks to repair, provided that spare logistics and repair capabilities have also not been disrupted. Steel mills and gas pipelines have also been damaged or destroyed by cyberattacks.
Attributes of the internet now enable nation-states to effectively access, modify, and destroy information systems from anywhere in the world, all while using spoofing to sow confusion about the source of the attack. Nation-states can now develop, execute, and operate a cyberwarfare campaign for strategic and tactical advantage at a tiny fraction of the cost of physical weapons and the associated manpower.
A full-scale global cyberwar attack against interdependent critical infrastructure segments — think electrical grid plus communications plus logistics and supply chain — would not even require inflicting physical damage to debilitate an economy and a society through cascading crises, though physical damage is certainly on the table.
Protecting National Interests
The protection of our national interests and resources requires a proactive stance of anticipating the persistent threat of cyberattacks. This now means fighting AI with AI. Remote data detection and rapid analysis of its contained patterns will give us insights into rogue actors' methods, such as how often they interact with an asset and how they try to change behavior using social networking sites or the threat of impending damage to infrastructure. Defense agencies and businesses must quickly formulate their response before attacks occur.
AI is becoming increasingly important to stay ahead of cyber threats. Distilling threat intelligence from countless research papers, reports and news stories, AI, machine learning and natural language processing can provide insights quickly to allow responses during the window of opportunity to be effective. Graph visualization can also provide comprehensive forensic analysis to maintain readiness and prevent future attacks by identifying suspicious patterns in mountains of data. Katana Graph approaches cybersecurity and identity fraud from a strategic perspective, providing a graph intelligence platform that does more than just analytics. To learn more, download our datasheet on Solutions for Intrusion Detection.
With cybersecurity becoming an extraordinarily complex and crucial part of doing business, industry leaders need to leverage massive amounts of data in conjunction with AI and knowledge graph technology to identify threats, control access, and assess vulnerability to attack. Next-level graph visualization can also power large-scale forensic analysis to help improve readiness and prevent future attacks. Click to schedule a meeting with a Katana Graph expert in cybersecurity.
