When countries attack companies

An underground cyber world war has been taking place around us for years now. Governments realized that in the dark shadows of the virtual world, they can gather valuable intelligence and inflict targeted damage in rival countries, without using conventional weapons at all – only through offensive cyber operations. It is by these methods that Russia disrupted the Ukrainian power grid, while Iran sabotaged the Israeli water infrastructure, and Israel, in retaliation, shut down a major Iranian seaport.

While this is happening, and in parallel to government-sponsored attacks, independent hacker groups keep attacking companies and businesses for money. Their methods include data encryption and sabotaging the companies’ operations, pushing the helpless executives to the wall, until the requested ransom is paid. Naturally, the business sector begs government authorities for assistance, yet they are unable to help and, moreover, concerned about the ransom money reaching the wrong hands.

What happens when these trends merge? when governments start using powerful offensive cyber techniques against private enterprises? Within the last few months, a new trend emerged in the cyber ecosystem. The economic uncertainty caused by the Covid-19 pandemic, together with remote work – which exposed readily-available security vulnerabilities – greatly increased the number of ransomware attacks worldwide. In addition, cybercrime groups – namely, government-sponsored subcontractors hitherto active mainly in gathering intelligence – now allow some of the governments to covertly join the ransomware festival.

The Pay2key group that recently attacked the Israeli economy was one of such groups. The information leaked from leading Israeli companies during the attack and the open conversation by the attackers with the media were only distractions meant to cover the tracks. The key difference of this attack from previous ones was that a group sponsored by a government – in this case, Iran – attacked private enterprises, aiming at causing psychological and reputational harm to Israel, while making a couple of hard-earned bucks along the way.

The attacking governments do not lack funds, however, with the recent strengthening of money laundering oversight in the United States and increasing regulation of cryptocurrencies around the world, the “Axis of Evil” countries – China, North Korea, Iran, and Russia – must generate a supplementary channel of income for "black" operations, intended to support covert activities, including additional cyberattacks. Ransomware attacks on companies and businesses are an easy solution. For example, it is estimated that all of North Korea's foreign exchange activity is a result of cybercrime.

In October 2020, considering the drastic increase in the frequency of ransomware attacks, the US Department of the Treasury and the G7 countries issued an official statement stressing the illegality of paying ransom money. In their statement, companies were warned from cooperating with ransom demands, as the money can later be used to fund conventional or even nuclear attacks around the world. Indeed, this is a problem, especially if state-funded cyber capabilities will keep being aimed at the easily blackmailable private sector that has no choice but to pay.

While a government has a virtually unlimited budget enabling the upgrade of cyber defenses, private enterprises have limited funds, salaries to pay, and profits to consider. It is true that increased awareness and a few simple security steps can prevent some of the attacks or at least persuade the attackers to move on to the next target, yet nonetheless, the answer to these attacks should come from the government.

There is an asymmetry between the power of government-sponsored cyberattacks and the self-defense capabilities of most of the economy, and this asymmetry can knock down private companies and small businesses. Any government, and especially the Israeli one, should take responsibility for their business sector. If Iranian missiles would have fallen on Israeli factories, the country should have protected them with all its might. Therefore, even if the bombs are invisible, private business still needs the state’s support and protection.

There are many ways in which a government can protect the private sector – by raising awareness, providing incentives and grants for security infrastructure upgrade, or by responding promptly and professionally in time of need. Additionally, a government can define cyberattacks as acts of war and order its defense apparatus to respond accordingly – rendering the attacks difficult and impractical. The recent months’ trend of state-sponsored ransomware attacks against the private sector is on the rise, and it is time for policymakers to stop ignoring the potential damage caused by these attacks not only to the private businesses, but to the whole country.

Guy Barnhart-Magen, CTO, Profero - Cybersecurity company focused on cyber crisis management