CiNext – Hacking at the global order

Reading Time: 4 minutes

by Tonio Galea

A fire that broke out recently at an important Iran nuclear plant is risking spreading into a major hacking conflict.

Some Iranian foreign officials were quick to say that the incident, which caused significant damage and dealt a blow to the nation’s development of advanced centrifuge, was caused by a cyberattack.

Attacks of this type are not unusual, and Iran had again been the victim of the most well-known cyberattack: Stuxnet.

In 2010, the malicious computer worm, destroyed numerous centrifuges in Iran’s Natanz uranium enrichment facility causing them to burn themselves out. The latest blaze also occurred in Nantz and the news from Iran has drawn comparisons with the original Stuxnet attack a decade ago.

Indications now are that Iran may respond to the attack in cyberspace, where it faces a comparatively level playing field compared with conventional military conflict. Recent unconfirmed reports, in fact, suggest that Iran hacked Israel’s water infrastructure.

On the other hand, quoted Western security officials have played down the incident as a result of a cyberattack and expressed doubts on the Iranian capabilities to mount and sustain an effective cyber retaliation.

Cyberattacks are relatively common, but they only get the media’s attention when the victim divulges the information. In mid-June, for example, the Australian government announced that it was under sustained cyberattack and that Australian businesses and governments were also being widely targeted.

A government statement described the attack as “state-sponsored”, which means a foreign government is believed to be behind it, but refrained from going into the specifics.

This was interpreted as a coded reference to China, which the Australian government reportedly suspects of orchestrating this and other attacks.

In Australia’s case the attack was described as a ‘remote code execution’ – a common type of cyberattack in which an attacker attempts to insert their own software codes into a vulnerable system such as a server or database. The attackers would not only try to steal information but also attempt to run malicious codes that could damage or disable the hit systems.

In all cases, experts agree that the latest round of cyberattacks are likely the result of previous “reconnaissance attacks”, which reveal existing vulnerabilities in targeted networks.

The coronavirus pandemic was no respite for such attacks; indeed, it was very much business as usual. In the midst of escalating tensions between China and India over a border dispute in the Galwan Valley in June, Indian government agencies and banks reported being targeted by DDoS attacks reportedly originating in China.

But cyberwars are not only waged between governments. International bodies, national institutions and businesses are now a common target, too.

In fact, since the start of the COVID-19 pandemic, WHO has seen a dramatic increase in the number of cyberattacks directed at its staff in addition to email scams targeting the public at large. Various other international agencies were also targeted.

Only in June, car manufacturer Honda has said it was dealing with a cyberattack that was impacting its operations around the world. Cyber-security experts have said it looked like a ransomware attack, which means that hackers might have encrypted data or locked Honda out of some of its own IT systems. In this case, the most likely perpetrators were criminal.

It is not known how the criminals infiltrated Honda’s computer systems, but research suggests that ransomware attacks are on the rise with hackers using Covid-19 related lures to trick victims into downloading booby-trapped documents and files.

Still in June, Suspected North Korean hackers compromised at least two defence firms in Central Europe by sending false job offers to their employees while posing as representatives from major U.S. defence contractors.

In the U.S., President Trump signed an executive order to protect the power grid from hackers, but experts warn that the 2020 campaign has already suffered cyberattacks.

Elections large and small are looming in the United States in an increasingly work-from-home and social-distancing environment which has forced many campaigns to conduct their day-to-day operations remotely.  That has created a perfect opportunity for bad actors online, experts warn, and it could pose an unprecedented threat to the integrity of the U.S. elections.

The predictions are that the more the U.S. move towards the November election, cyber incidents are likely to increase, because the closer a country is to an election the more disruptive an incident can be and the less opportunity there is to respond and recover.

Another major vulnerability is ransomware targeting the Internet of Things (IoT). Researchers have been detailing security flaws in IoT devices for years and multiple consumer products have been recalled due to critical security issues.

Last year, ransomware attacks targeted individual machines in hospitals and local governments especially in the United States, which led to whole cities being taken offline.

Predictions are that these tactics will expand beyond targeting specific machines to hold data for ransom, with attackers expanding the ransomware model to target larger groups of IoT devices, such as medical devices or focus on other systems like traffic control.

Many countries, and China in particular, are fast developing into cyber threats trained directly towards the West. Although growing military capabilities are sometimes a factor, tensions continue to rise because, in economic and technical terms, powers have become peer competitors of the United States in today’s globalised world.