Economic pressures and sanctions, jihadist activity and rising tensions around the world will spur cyber-activity in 2018 – with Russia and China leading the way in capabilities, which could cause potentially catastrophic attacks.
Flashpoint’s latest Business Risk Intelligence (BRI) Decision Report found that the top trends and indicators for cyber-risk decision makers to watch in 2018 include tensions in East Asia over the North Korean nuclear program, the impact of official US policy changes on the Iranian nuclear accord, US- and European Union-led economic sanctions on Russia, US recognition of Jerusalem as the capital of Israel and other nation-states’ adoption of the Russian model of engaging in cyber-influence operations. Meanwhile, the power struggle between Saudi Arabia and Iran for influence in the Middle East fuels ongoing conflict within the region, as does the continued instability and violence in Syria.
“Few would say that 2017 was an uneventful year in the realm of global geopolitics, and this year is already shaping up to be fraught with similar volatility,” said Jon Condra, director of Asia Pacific Research at Flashpoint, in a blog. “As such, organizations seeking to proactively combat relevant threats and address enterprise-wide risk must regard geopolitical context as a core component of their intelligence programs.”
Russia and China are the two nation-states with the most concerning capabilities, the report said. Both are considered to possess the highest levels of technical sophistication, reserved for only a select set of countries. The actors can engage in full-spectrum operations, utilizing the breadth of capabilities available in cyber-operations in concert with other elements of state power, including conventional military force and foreign intelligence services with global reach. The capabilities they have are thus alarmingly advanced, according to Flashpoint: "Kinetic and cyber-attacks conducted by the threat actor(s) have the potential to cause complete paralysis and/or destruction of critical systems and infrastructure. Such attacks have the capacity to result in significant destruction of property and/or loss of life. Under such circumstances, regular business operations and/or government functions cease and data confidentiality, integrity, and availability are completely compromised for extended periods," the report noted.
For Russia’s part, its state-sponsored hacking arms (such as Fancy Bear) remain highly active, capable and influential, the report said, with retaliatory and cyber-influence activity expecting to ramp up as it is increasingly isolated from the West following election interference and information operations against Western democracies.
“Moreover, Moscow continues to crack down on digital dissent and segregate itself from the global internet,” the report found. “The result is a country moving quickly toward a unique model of domestic information control via technical control of internet infrastructure, services and data, a lack of online anonymity, and censorship.”
As for China, it too remains an active and highly capable actor in cyberspace on multiple levels, although state-sponsored activity against Western targets has dropped off a bit. The report cautions decision makers not to grow complacent.
“In 2017, Chinese actors were linked to some notable attacks, however, and Beijing forged ahead with the implementation of the National Cybersecurity Law and subsequent regulatory changes with respect to the internet, and continued its crackdown on cybercrime and illicit content online,” said the report. “Chinese policymakers and military planners have long recognized the utility of cyber-espionage and cyber-weapons as a means of fueling economic growth and diminishing the US’ advantage in the event of a conventional military conflict.”
The top risks are not all political, however: The report also noted that financially motivated cybercriminals are an active, and dangerous, presence on the Dark Web.
“Cybercrime remained a persistent problem in 2017, with several mega breaches affecting millions of individuals, a resurgence of payment-card system breaches, and a series of high-profile ransomware attacks,” Condra said. “Cybercriminals have demonstrated resilience in their ability to continuously develop new ways to circumvent security protections, resulting in billions of dollars in damages for organizations around the world. From efforts to circumvent EMV chip technology to the popularization of ransomware, noteworthy trends observed in the cybercriminal underground in 2017 will have a profound impact on the 2018 threat landscape.”