The New Challenge
After September 11, 2001, the nature of modern warfare and the way we think about our enemies changed. Up to that point, the enemy was generally a nation-state or a subset of a nation-state. After 9/11, the loosely organized terror cells responsible for the attacks became the main targets, wherever they were based geographically.
Now, warfare is evolving again. We still see traditional warfare – like the tragic events in Ukraine – but there is now another more insidious form that warfare takes: cyber warfare. Much like the terrorist groups targeted in the early 2000s, the groups carrying out cyber warfare are not necessarily nation-states themselves. However, they often act on behalf of or with the protection of a nation-state.
Similarly to terrorists, these groups don’t just target governments or other nation-states deemed hostile. They also focus on organizations that fall under their jurisdiction and might have financial data, intellectual data or a privatized role in running national infrastructure.
The most obvious example of this was the Colonial Pipeline incident, which saw Russian-affiliated hackers take down the largest fuel pipeline in the US, causing gas shortages across the East Coast. Cyber warfare is something most developed nation-states now engage with, either via proxy threat actors or their own cybersecurity departments.
The Constantly Shifting Threat Landscape
Perhaps most terrifying about this new form of warfare is the breadth and depth of attack options available to these groups. Cybersecurity threats, attack methods, and software vulnerabilities are constantly being developed and updated, with advanced persistent threat (APT) groups and state-sponsored threat actors often at the cutting edge of these new techniques.
This means cybersecurity professionals working to protect against these malicious actors must concern themselves not only with known threats and vulnerabilities but also with newly developing techniques and challenges. This places cybersecurity professionals intrinsically on the back foot while offering attackers ample opportunities for success.
The Solution: War Games for the 21st Century
When dealing with a problem as vast and as complex as this, the old adage of “fail to prepare, prepare to fail” rings true. Threat researchers and law enforcement entities need to understand as much as possible about the APT groups they are dealing with to combat them effectively.
To gain this level of insight, some organizations have begun executing war-game-like exercises against the threat actors themselves to garner critical information about how the groups operate. In the process, security researchers have identified technical mistakes they can use to hinder the activities of these actors or shut them down completely.
One example of this was researched by SafeBreach Labs, which investigated an APT responsible for a decade-long data collection malware campaign. Extensive research into the malware allowed the researchers to ascertain that the threat actor operates out of Gaza, Palestine.
Bad authentication processes enacted by the threat actor allowed researchers to access the attacker’s systems without authentication, as well as the keylogger exfiltration scheme. This access provided the research team with mountains of data, including phone call recordings, microphone hijacks, CV files and images belonging primarily to Gaza residents, as well as other Middle Eastern countries.
Overall, researchers were able to access 50 GB of compressed data, which provided valuable context not only about the rudimentary mistakes made by this APT but the geopolitical reasoning behind this activity. This knowledge of the threat actor’s motivations and security weaknesses gives security teams the upper hand.
This type of original research – and, more broadly, BAS technology – is of paramount importance, not only for modern governments but also for modern enterprises. An adept BAS provider will have one foot in the defensive landscape, and one actively monitoring the murky underground of cybercrime to research, discover, and catalogue new attacks, leveraging both data streams to help their customers prepare.
Conclusion: Prepare to Prevent
Modern businesses are increasingly vulnerable to cyber-attacks, and the current geopolitical situation means that their networks, intellectual property, and profits can be used as pawns in the constant battles between nation-states and affiliated cybercrime groups.
The ‘war games’ of BAS place these vulnerabilities in the context of business risk and ensure that security teams are armed with up-to-date information and proactive tactics to navigate the ever-changing and increasingly complex threat landscape, at a time when these kinds of threats are no longer an IT department concern, but a C-level concern. To be unprepared in the modern era of cyberwarfare could have devastating consequences, and no organization can afford to be left behind.