Cyber Warfare
Cyber Warfare is the silent war that is taking place without the public knowing about it. With the events in Eastern Europe over the past several weeks, cyber has been one an attack medium that has been effective and frequent. Cyber warfare is defined as a cyber attack or series of attacks that target a country or its citizens. The targets of attack are typically aligned with political, commercial or military interest of their country of origin. State sponsored attacks are often persistent in
nature meaning the impacts of the attacks are often not felt until months following propagation1. This leads to difficulty in detection, and coordination resulting in large losses once the attack is actioned. Cyber warfare has the potential to wreak havoc on people’s accounts, infrastructure and critical systems. With the changing cyber attack landscape, it is critical that organizations approach cyber risk methodically and invest in controls that protect their people and core assets.
Some of the most common targets by states have been the accounts of civilians. Civilians often hold information that is valuable to enemy states due to the blurring of lines between personal and business accounts with the rise of remote workforces. Since the beginning of the pandemic, there has been a significant increase in remote workers. In 2016, only 4% of the Canadian workforce worked remotely. As of June 2021, 30% of the Canadian workforce works remotely2.
The result is an increased attack surface that both people and businesses need to address. Personal accounts are often linked using shared passwords or email accounts used on personal accounts. Compromised personal accounts have a further reaching impact as information within personal accounts is used to bypass authentication challenges in enterprise applications such as personal questions. The mentioned attack surface is directly tied to attacks on digital identities.
ISO defines digital identity as a set of digital attributes related to an entity3. It is the body of information about an individual, organization or electronic device that exists online. Attributes often include traits such as access privileges and authentication credentials to various critical accounts that state funded attackers try to compromise.
Digital identities of regular citizens have been prime targets for state funded attackers. Many of the state funded attackers have come Eastern European regions involved in the Russia-Ukraine conflict. Common targets are those of individuals in which attackers have minimum recourse. Digital identities tied to personal financial and social accounts have increasingly become targets of state-funded attackers. Digital identities tied to individuals and small businesses typically have fewer security resources dedicated to mitigating attacks which make them easier targets.
Before, individuals’ personal digital identities were more insulated from cyber attacks. Russian state-funded attackers responsible for the 2019 SolarWinds attack had minimal impact on individual accounts4. People need to be more cognizant of their cyber security hygiene because of the increased number of state-funded attacks on personal and small business accounts. Ind doing so, they protect themselves, the organizations they work for and the countries in which they reside.
How can people protect their identities?
Spear phishing remains as one of the most prominent attack vectors to compromise digital identities. Spear phishing scams are hyper-targeted attempts where attackers may attempt to impersonate a trusted individual or appeal to individuals’ specific online behaviours. These are difficult to spot given their targeted nature. It is important to check the legitimacy of messages by validating the senders. This can be done by hovering over the account to double checking that the email or instant message handle belongs to the person sending the message. If there is suspicious language, it is often too good to be true – common examples include rewards or messages tied to other accounts.
Avoid clicking links or opening attachments before validating their legitimacy. Doing effective risk management is another important mitigation strategy. CDW, a Fortune 500 IT firm did a study in 2021 showing that organizations with remediation strategies were able to recover faster than organizations without, and were typically able to hit their mean time to recover (MTTR) objectives. Additional effective controls to protect digital identity are implementing DNS security products such as OpenDNS or CIRA to endpoints. This help mitigate man in the middle (MITM) attacks aimed at compromising the confidentiality of private information.
Taking a risk-based approach that focuses on security people is ultimately what insulates organizations from cyber attacks. Regardless of the severity of outside circumstances, people are (and will continue to be) the weakest link that organizations will need to address. Having a balance of technical controls to prevent attack mechanics from being realized is important however, ensuring employees are able to recognize, report and recover from attacks remains crucial.
1 https://www.f-secure.com/en/consulting/our-thinking/state-sponsored-cyber-attacks
2 https://www150.statcan.gc.ca/n1/daily-quotidien/210804/dq210804b-eng.htm
3 ISO
4 https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack