Since the early era of organized cybercrime and state sponsored cyber crime, it has travelled a long way and has become extremely lethal and devastative in nature today. Turbulent geo-political situations across the globe have added more fuel to scale up such attacks worldwide. So, what does the future look like?
Ever increasing attacks on the state machineries and governmental institutions have been a major concern for governments globally. Forget underdeveloped nations, even developed and so called powerful nations are also finding it a mountainous task to battle against these attacks. Way back in 2010, when the first Stuxnet attack happened targeting Iran’s nuclear facilities, the journey of modern state sponsored cyber attacks started since then. Stuxnet malware attack targeted the programmable logic controllers used to automate machine processes.
Country organized Cyber Attacks are on surge
Since the first stuxnet attack, the nature and variant of state sponsored attacks targeted to various governmental institutions and critical infrastructures supporting the lifeline of any nation have grown exponentially.
The complex nature of attacks with devastative impact have forced national defense systems of several developed countries to build up an effective cyber security strategy to confront these advanced cyber threats. Just to have an idea how serious these attacks are in nature and what impact it can bring post attack, the below mentioned few globally reported attacks, which happened in January 2024 alone, are sufficient.
On 27th January, daily functions of county government had been shut down in Washington County, Pa. Hackers attacked the county’s main computer server. The U.S. Department of Homeland Security is investigating the incident. All county activity linked to the main computer server was on hold. No one could access county email or file documents electronically.
Pro-Ukraine hackers reportedly breached a Russian scientific research center. On Jan. 24, the hacker group called “BO Team” attacked the State Research Center on Space Hydrometeorology, also known as “Planeta,” and destroyed its database and valuable equipment. Planeta is a Russian state enterprise that receives and processes data from 11 domestic and 23 foreign Earth observation satellites, according to its website.
The criminal hacking gang LockBit said it was behind a ransomware attack on 22nd Jan, that shut down some of the operations of EquiLend, a financial-technology firm that processes trillions of dollars of securities-lending transactions every month.
On Jan. 23 the Kansas City Area Transportation Authority confirmed a cyberattack hit its regional call centers. Regional Ride KC Centers were affected the most, not being able to receive calls.
On 22nd Jan, three councils in England have announced they were affected by a cyberattack which has forced them to take down multiple online services. The councils for Canterbury, Dover and Thanet in Kent, on England’s southeastern coast — with a combined population of just under 500,000 — appear to have been impacted by a single incident.
Veon, the parent company of Ukraine’s largest mobile operator Kyivstar, took a hit of around 3.6 billion hryvnias ($95 million) in revenue in 2024 due to a massive cyberattack in December last year, the Dutch telecoms group estimated on Jan. 18.
Kansas State University dealt with a cybersecurity incident, the school announced on Jan. 16. It caused disruption to certain network systems, including VPN, some emails, and videos. The impacted sites were taken offline. The incident also included select shared drives and printers, including university listservs.
On 21st Jan, an IT attack was carried out against Bjuv municipality’s IT environment in Sweden, which caused interruption in municipality’s day to day operation and created chaos.
During the night of January 20, Tietoevry became aware that one of several of Tietoevry’s data centers in Sweden has partially been subject to a ransomware attack. The incident unfortunately affects the services for a number of their customers in Sweden at various levels. The State Service Center appears to be among those affected by this situation.
A cyber attack (DDoS) took place on the cantonal website www.bs.ch of Switzerland government, on 19th Jan morning. The cantonal IT specialists have taken countermeasures to ensure trouble-free operations again. However, impairments are still to be expected.
Where are we heading for?
Cyber attacks vectors and patterns are changing drastically as new advanced technologies and techniques are taking centre stage in the global technology landscape. With the development of ML & AI technologies, attacks are becoming more lethal and devastative. Not only the addition of new technologies, but rapid transformation in geo-political situations is adding new directions & dimensions to the attackers. So called ‘Cyber Warfare’ has become an open battlefield for the state sponsored hackers and cyber criminals.
We know that the turbulent political situations in African countries, ongoing war in Middle East and west Asia, severe ongoing battle between Ukraine & Russia have strengthened the dark web market and invited undergrounded hackers to take complete advantage of the situation and to bring down the lifeline support of the countries to a complete halt.
For example, offensive cyber activity against Israeli targets has intensified during the fighting in the Gaza Strip. According to a report issued in late December by the National Cyber Directorate, the attacks have shifted from website vandalism and information theft to more sophisticated actions designed to harm the country’s critical infrastructure.
The Israeli officials have confirmed that Iran and its proxy militias, Hamas and Hezbollah, have increased the attack on Israeli targets. They have been sharing information and intelligence, and employing methods similar to those used in the Russia-Ukraine war such as waging psychological warfare on social networks and the use of ransomware like Wiper.
Suspected Iranian state-backed hacking group Cyber Toufan has taken credit for compromising dozens of organizations across Israel in late November 2023 amid the ongoing Israel-Hamas war, according to The Record, a news site by cybersecurity firm Recorded Future.
The cyber group “Black Shadow” (“Saye-ye Siah” in Persian), which targeted Ziv Medical Center in the northern Israeli city of Safed in November is in fact a tech company which works under the registered name of “Raahkarha-ye Fanavari-e Etela’at-e Jahatpardaz.” The website of the company states that a group of “faithful and committed youth” has launched it in line with “The Second Step of the Revolution.”
In brief, the state sponsored cyber crimes/attacks have been geared up and we already witnessed a quantum leap in the no of attacks last year itself only and global cyber security agencies, experts and consulting firms have warned countries to face the severe consequence of expected fatal cyber attacks, if not equipped well to safeguard the crucial and sensitive governmental resources and institutions.
(Image courtesy: www.cyfirma.com)