How Geopolitical Tension Creates Opportunities for Cyber-Criminals

Earlier this month, numerous official websites in Taiwan were taken down by a series of distributed-denial-of-service (DDoS) attacks. The targeted websites included the island’s Presidential Office, National Defence Ministry, the Foreign Affairs Ministry and its largest airport, Taiwan Taoyuan International.

The fact that these attacks occurred at a similar time to the much-anticipated visit of senior US lawmaker, Nancy Pelosi, is no coincidence. Pelosi is the most senior US political leader to visit Taiwan in 25 years and her visit demonstrated an “unwavering commitment to Taiwan’s vibrant democracy.” According to Reuters, China – which claims the island as its own – condemned the trip as a threat to peace and stability in the Taiwan Strait and threatened military action. Shortly after, the president’s website reportedly received 200-times more traffic than a typical day, causing it to go offline for approximately 20 minutes.

While there is reason to believe that these DDoS attacks were launched by patriotic threat actors based in China, Russia and elsewhere rather than the Chinese government itself, these attacks are still highly politically motivated. Indeed, DDoS attacks are progressively being utilized as part of geopolitical protests and waged to impact the governments and vital organizations of countries worldwide. With this trend on the rise, organizations must act now to protect themselves.

Increasing Geopolitical Tension and DDoS Activity in APAC

Examining the threat landscape over time reveals the relationship between rising geopolitical tensions and DDoS activity. For example, while most geographical regions experienced a decline in the number of DDoS attacks during the last six months of 2021, one outlier saw an uptick in DDoS activity – Asia Pacific (APAC). As detailed in NETSCOUT’s 2H 2021 Threat Intelligence Report, this region accounted for more than 1.2 million attacks during the second half of 2021, representing a 7% increase from the first half of the same year.

This increase in attack activity mirrors the rising geopolitical tensions in the region, specifically between China, Hong Kong and Taiwan. Historically speaking, all three nations have used DDoS attacks as a tool to disrupt online traffic and activities. As such, the fact that the number of attacks in APAC increased alongside growing geopolitical unrest in the region is of little surprise, with threat actors operating in the area taking advantage of this unrest by launching DDoS attacks to cause maximum disruption.

To better understand how threat actors use cyber-attacks in relation to geopolitical tensions, there are several examples of attacks and incidents relating to the APAC region during the second half of 2021. Firstly, in July, China was widely condemned for launching a series of cyber-attacks, ranging from cyber extortion and crypto-jacking to hacks and ransomware, in an attempt to capture trade secrets, business information and vaccine studies. Targets included the USA, UK and other global allies, who attributed the Microsoft Exchange attack to hackers associated with the Chinese government.

Additionally, in November 2021, the director of Taiwan’s cybersecurity department claimed that the island’s government agencies were targeted by an estimated 5 million cyber-attacks and probes per day. Taiwan officials claimed that China had increased the number of cyber-attacks launched against its government and organizations in direct correlation to China’s attempts to make the island a part of its own territory. Finally, at least 13 organizations in industries that included defense, healthcare and transportation were targeted by a suspected Chinese cybersecurity campaign in December. Vulnerable software in more than 600 US businesses played a significant role in this breach taking place.

How Organizations in the Impacted Nations Can Protect Themselves 

Organizations in countries experiencing heightened geopolitical tensions can take several steps to prevent DDoS attacks from devastating their online infrastructure.

Perhaps most importantly, enterprises must implement a sturdy DDoS mitigation system to protect their online infrastructure. Secondly, service providers and companies with business-critical public-facing internet properties must maintain a high degree of situational awareness and continually assess potential risks. During periods of geopolitical unrest, the situation constantly shifts, requiring organizations to keep abreast of what’s happening and how events may impact the threat landscape.

It’s also crucial that organizations regularly test their online infrastructure. This ensures that any changes or adjustments made to applications, services and servers are assimilated into the DDoS defense strategy. So, as the DDoS protection system is optimized, businesses utilizing mission-critical, public-facing internet properties must involve all online infrastructural components in periodic testing of the overall DDoS mitigation plan. By doing this, vital online business infrastructural features will be largely unaffected should they be targeted by a DDoS attack.

DDoS attacks are increasingly being incorporated into the arsenal for geopolitical protests and warfare. Therefore, organizations in affected nations must do their utmost to ensure they have adequately protected themselves if they are targeted in the crossfire during periods of increased unrest.

What’s Hot on Infosecurity Magazine?