Nation-State Attacks Continue to Persist, Is It Just a Phase?
Alex Lisle, CTO | March 30, 2022
Alex Lisle, CTO
March 30, 2022
There is no longer a distinction between our online and offline selves. With the combination of digital and real life, there is an increasing concern of the rise in cyber attacks and the lasting consequences they have on our lives. Let’s jump into examples of how the digital world is wreaking havoc on our real lives.
A Look Back Into Nation-State Attacks
When an attack is launched over the internet, it can cause significant damage to a nation’s infrastructure and makes cyber attacks a lucrative prospect. Attacks executed online tend to have little to no risks for the cyber criminal but offer huge rewards if successful.
Dating back to the Gulf War, graphite bombs were used to disable the power supply within a region. Also referred to as blackout bomb or soft bomb, a graphite bomb contains carbon fiber wire that will is used to disable a power grid. This method was used in the beginning of the Gulf War with Iraq where the bombs disabled over 85% of the power, leaving the water supply systems and sewage treatment systems as collateral damage.
In 2010, the US and UK hacked into the world’s largest sim card manufacturer and stole the encryption keys to over 2 billion sim cards. This hack provided the government agencies the capability to monitor a larger portion of the world’s cellular communications. The significance of this hack is monumental and is equivalent to these agencies having printed door keys for the front doors of billions of homes around the world, just in case they one day decided they needed to get in. Also occurring in 2010, the Stuxnet was a multi-part worm that traveled on USB sticks and spread through Microsoft Windows computers, destroying numerous centrifuges in Iran’s Natanz.
Another notable nation-state attack was in 2013 when Edward Snowden leaked around 7,000 classified documents from the National Security Agency. The documents obtained ranged from Verizon telephone records, internet data from Google and Facebook, email metadata and much more.
The cyber attack on Ukraine’s power grid on the 23rd of December 2015, was the first of its kind and caused concern for the security of power grids everywhere. Leaving roughly 230,000 customers in Ukraine powerless for 1-6 hours, the attack caused widespread disruption. And in 2016, we saw an audacious plan by North Korea to leverage a supply chain attack to steal $81 million dollars from the Bangladesh Bank.
In 2018, the Saudi government allegedly hacked reporter Jamal Khashoggi’s phone with the use of Pegasus spyware. The investigation mostly points to Khashoggi’s associates being target in the months leading up to and after his murder, it also identified evidence suggesting that the client appears to have used NSP’s spyware, which can transform a phone into a surveillance device, with microphones and cameras activated without a user knowing.
It’s not just governments and the military that are at risk from nation-state threats. In May 2021, criminal hackers launched a ransomware cyber attack on the American oil company, Colonial Pipeline. The repercussions of this attack caused petrol distribution to slow and/or halt, causing mass hysteria with those that felt compelled to buy more gas in fear of a shortage which in turn caused gas prices to increase rapidly.
Today's World of Nation-State Attacks
We live in a world where nation-states are actively engaged in cyber attacks, a lot of which we don’t know about. These attacks, when successful, can leave little to no evidence of the attack ever taking place, especially if you’re looking to simply steal information.
Looking back at nation-state attacks, they’ve typically been targeting information or surveillance. I believe future attacks will be designed to hurt a nation’s infrastructure. As the tragic situation unfolds in Ukraine, we are seeing infrastructure attacks already in the works affecting both the cyber and physical world. Described as the most severe cyber attack since the start of the Russian invasion, a cyber attack has hit Ukraine’s biggest fixed line telecommunications company, Ukrtelecom. Tinder has also become a weapon for digital espionage, using the app to gather information on locations of soldiers.
We’re entering a phase where our devices are designed to track us in both the real and online world, which should raise plenty of security concerns. It’s not just your device security to be aware of, but your personal security that could also be at risk.