The COVID-19 pandemic and the need to communicate and work remotely have increased our dependence on computers and the internet, accelerating cyber risks, or what could be defined as the cyber pandemic. From its initial outbreak, through 2020 and well into 2021, many trends that were witnessed in 2020, such as the sharp increase in supply chain attacks and customized ransomware campaigns, as well as attacks on the healthcare sector, continue to wreak havoc on business and government agencies and are not likely to disappear.
1. The Ransomware Threat
While ransomware is not a new threat, threat actors are growing bolder and more sophisticated as their methodologies are evolving. One of the current main trends is the employment of additional extortion tactics such as leaking stolen information, publishing the incident to the media, notifying the victim’s partners and customers of the incident etc. Another trend is the rise of the Ransomware-as-a-Service (RaaS) business model that allows ransomware developers to lease their tools and techniques to other criminals. thus giving them access to sophisticated tools and methods.
Several ransomware incidents made headlines since the beginning of 2021 and drew a prompt reaction from governments. These include the attack on the U.S. largest pipeline operator, Colonial Pipeline, which caused fuel supply disruptions in southeastern states, and the attack on the world’s largest meatpacking company, JBS.
The damage caused, along with the headlines, have pushed governments, led by the Biden administration to seek solutions. Many of the solutions pursued focused on coordinating government-wide efforts and law enforcement operations aimed at disrupting and deterring cybercriminal groups operating from foreign countries as well as rendering the ransomware market unprofitable by seizing the ransom paid.
In the international arena, the U.S. has promoted the discussion on ransomware and the role of cryptocurrency in cyberattacks within NATO’s and the G7 leaders’ summits. According to the declaration of the G7 countries, countries that harbor ransomware groups will be held accountable for their lack of action. It may be the first signal of an international cooperation aimed at combating the phenomenon.
2. Supply Chain Attacks
Attacks on supply chains that comprise a third party’s software or services to access their customers’ systems and networks sent shockwaves throughout the world with an unprecedented scale and sophistication.
The most notable event was the espionage campaign that compromised the IT firm SolarWind’s software and impacted 18,000 organizations around the world, including 9 U.S. federal agencies. The incident was characterized by the U.S. federal administration as exceeding the accepted acts of cyber espionage. Recent major incidents also include the Accellion File Transfer Application breach which affected government financial agencies, oil companies, hospitals and universities, the breach into IT firm SITA, which affected millions of airline passengers and the breach into IT firm Kaseya which infected hundreds of its customers with ransomware.
Supply chain attacks prompted governmental responses, the broadest of which was an executive order to strengthen federal cybersecurity, signed by President Biden last May. Among many other cybersecurity-related clauses, the order directs the Director of the National Institute of Standards and Technology (NIST) to identify and develop new standards, tools and best practices to evaluate software security and security practices of developers and suppliers. Accordingly, Israel’s National Cyber Directorate (INCD) announced a new initiative that sets cybersecurity standards for web hosting services.
3. Influence Operations
Influence operations remain a widespread phenomenon and a strategy of choice for nation-state actors and foreign governments seeking to change public opinion, interfere in democratic procedures, and exacerbate societal tensions. These include disinformation and fake news campaigns aimed at undermining the public’s confidence in COVID-19 vaccines, hack & leak operations aimed at embarrassing public figures, the spread of fake news on sensitive issues in order to polarize societies and more.
According to the U.S. intelligence’s Global Trends report from 2021, disinformation campaigns are likely to proliferate in the coming years while determining what is true will become increasingly difficult.
Emerging technologies, such as Artificial Intelligence (AI) are accelerating influence operations and disinformation campaigns rendering them more widespread, sophisticated and difficult to detect. In January, social media analysis company Graphika identified a network of fake Twitter accounts using profile pictures that were artificially created by deep learning techniques (GANs). The accounts had published automated content and texts attacking the Belgian government’s decision to limit the access of Chinese companies to the country’s 5G networks layout project. According to the annual security assessment of Estonia’s Foreign Intelligence Service, Russia’s intelligence agencies seek to further develop ‘Deepfake’ technologies and are likely to exploit them as part of future influence operations aimed to sow discord among Western societies.
4. Critical Infrastructure
Critical Infrastructure continues to serve as a prime target for nation-state actors and criminals. Aside from incidents such as the attack on the U.S. largest pipeline operator Colonial Pipeline, other critical infrastructure facilities were attacked in order to cause physical damage. In January and February, water treatment facilities in California and Florida were targeted by unidentified hackers utilizing credentials for old TeamViewer software and outdated operating systems.
The phenomenon of cyberattacks on critical infrastructure also continues as part of conflicts between nation-states, portraying another means to establish deterrence and cause physical damage. In February, Recorded Future released a report analyzing the electricity outage that had taken place in the city of Mumbai in October 2020. The report suggests it was a part of a broader Chinese response to a border dispute in the Galwan Valley.
5. Increasing role of Artificial Intelligence
Governments and international organizations continue to prepare for the adoption and use by cyber attackers of emerging technologies, such as artificial intelligence (AI), and formulate principles and ethical guidelines for its use and development.
In January, the European Parliament voted in favor of a call for an EU legal framework on AI. The framework includes AI definitions and ethical guiding principles for military and non-military use. The report calls to limit the use and development of lethal autonomous weapon systems (LAWS), to maintain human control and decision making in the public health and justice systems and to ban highly intrusive AI technologies that may be used for mass surveillance. In April, the European Commission proposed a legal framework in an attempt to set global standards for key AI technologies. The proposal limits the use of AI in critical infrastructure sectors and in law enforcement, immigration and social scoring for general purposes done by public authorities.
In February, the Australian Department of Defence released a report noting that cybersecurity will be a key component in achieving and preserving autonomous systems’ trust and integrity. According to the report, AI systems must be resilient as well as their communication feeds and training datasets. In addition, the UK’s Government Communications Headquarters (GCHQ) published a report outlining how the agency plans to ensure a transparent, ethical and proportional use of AI for national security.
A Way Forward
Despite increased governmental attention to cybersecurity, existing cyber threats are here to stay and are likely to evolve at a faster pace than implemented countermeasures. The pace of threat evolution will be dictated by the pace of digital transformation accelerated by global human crises, such as the COVID-19 pandemic as well as breakthroughs in emerging and disruptive technologies. The growth and proliferation of cyber threats and their intersection with emerging technologies necessitates a coordinated international response that includes information sharing on new threats between governments and between governments and the private sector, cooperation between law enforcement agencies, and an intergovernmental mechanism to inflict costs on foreign governments involved in cyberattacks on critical sectors.
Omree Wechsler is a Senior Researcher at the Yuval Ne’eman Workshop for Science, Technology and Security at Tel Aviv University. Wechsler’s report will be presented during Cyber Week 2021 to be held at Tel Aviv University in collaboration with the National Cyber Directorate, the Ministry of Economy, the Ministry of Foreign Affairs, between July 19-22.