Geopolitical tensions worldwide can have a foreseeable impact on an organisation’s physical operations, but they can also heighten the risk of cyberattacks. These cyber threats are often linked to or triggered by events such as armed conflicts, elections and the agendas of nation-states. Malicious actors excel at exploiting these geopolitical events to advance their objectives.
For example, the ongoing conflict in Ukraine has precipitated a spike in cyberattacks, targeting Ukrainian and Russian entities alongside their supporters. Similarly, the current US presidential race is likely to see an uptick in cyberattacks aimed at political campaigns and government agencies. Even remote conflicts can disrupt supply chains, critical infrastructure and digital services. In this context, open-source intelligence (OSINT) is proving to be a vital tool, providing essential insights for comprehending and mitigating both cyber threats and geopolitical risks.
Organisations can significantly improve their situational awareness by monitoring real-time OSINT, which enables them to better comprehend the intricacies of modern cyber conflict and devise proactive defence strategies. This enhanced understanding bolsters operational resilience and response planning.
However, to maximise the potential of OSINT, it is crucial to first establish baseline scenarios for major geopolitical risks. Baseline scenarios outline the expected risks within a particular region, based on existing intelligence and historical trends. This article will explore these scenarios in key geopolitical hotspots, including China-related conflicts and the Ukraine war.
Chinese Cyber Operations
Baseline risks
China continues to be a dominant force in the realm of cyber espionage, with its operations primarily targeting Western businesses and government institutions to gather intelligence and steal intellectual property. These activities necessitate a re-evaluation of business partnerships and security postures to mitigate risks.
Potential risks
Several key scenarios involving China are particularly noteworthy:
- Adoption of hybrid warfare approach: Financially motivated cyber-attacks targeting US allies in the Asia-Pacific region could increase if China adopts a hybrid warfare strategy like Russia’s. This strategy would blend traditional military tactics with probing cyber attacks aimed at critical infrastructure and information systems as well as economic warfare through financially motivated cyberattacks to achieve strategic objectives without direct confrontation.
- US-Taiwan defence agreement: Any formalised defence agreement between the US and Taiwan could lead to China launching disruptive cyber campaigns against Taiwanese targets in retaliation. These campaigns could involve the use of data wiper malware and data encryption malware, significantly impacting Taiwanese businesses and critical services.
- Taiwanese elections: The election of a pro-sovereignty government in Taiwan could provoke China to intensify its disinformation campaigns and hacktivist activities. Such efforts would aim to undermine the new government and destabilise the region, impacting US and Taiwanese businesses. Potential attacks could range from website defacements and Distributed Denial of Service (DDoS) attacks.
Russia and Ukraine Risks: Complex Cyber Warfare
Baseline risks
Cyberattacks are a cornerstone of Russia’s military strategy against Ukraine. Russia is employing a variety of tactics including disinformation, cyber espionage and disruptive attacks. One example is the use of the UAC-0184 remote access trojan to target Ukrainian companies in Finland. These cyber operations are largely aimed at gathering intelligence on Western support for Ukraine and understanding sanctions policies.
Despite the low probability of a catastrophic attack on critical infrastructure in the west, Russian cyber actors are still probing Western critical infrastructure for vulnerabilities.
Potential risks
However, several alternative scenarios could alter the threat landscape:
- Substantial Russian losses in Ukraine: If Russia faces significant losses in the conflict, it might intensify cyberattacks, potentially disguising them as actions by cybercriminals or hacktivist groups. These attacks could target critical infrastructure and financial systems to destabilise the West. Russian threat actors may also adopt a more aggressive cyber strategy, including the development and deployment of destructive data wiper malware.
- Conflict with NATO: The looming threat of a NATO-Russia war could lead to intensified Russian cyber operations against Western nations. Increasingly disruptive cyberattacks could prompt cyber insurers, following Lloyds’ example from 2023, to introduce state-sponsored cyber exclusion policies, negating coverage for attacks attributed to governments. If faced with increasing challenges in its military operations, Russia could turn to more aggressive cyber tactics. This might include the use of self-replicating data malware strains that can spread rapidly through networks to disrupt and damage systems, causing widespread chaos and economic loss. Russia could further extend the impact of their cyberattacks by targeting supply chains.
- Reduction in hostilities: A decrease in hostilities between Ukraine and Russia might shift Russia’s cyber focus towards financially motivated attacks and efforts to cause reputational damage through information operations.
Leveraging OSINT for Enhanced Cyber Defence
When it comes to anticipating potential threats arising from geopolitical events, real-time OSINT is indispensable. And while the sheer volume of open-source data can be overwhelming, advanced tools and AI are transforming how organisations can harness OSINT to dynamically evaluate both standard and alternative risk scenarios.
By automating data collection, analysis, and dissemination, threat intelligence platforms can empower businesses to swiftly identify risks, understand threat actors, and make informed decisions. These tools make it possible to extract valuable insights from OSINT, identifying emerging threats and the actors involved.
Armed with real-time intelligence, organisations can spot risks early and make informed decisions to manage threats. This proactive approach is essential for navigating the cyber risks posed by an ever-evolving geopolitical landscape.
About the Author
Andy Grayland, CISO, Silobreaker. Andy has over 12 years of information security experience. A dedicated digital transformation strategist and security consultant, Andy specialises in developing and implementing effective information security programmes with a focus on aligning them to business objectives. Prior to Silobreaker, Andy was CISO at the Scottish Local Government’s Digital Office. He holds a PhD in Computer Science from the University of St. Andrews, and a PGC in Cyber Defence and Information Assurance from Cranfield University.
Andy can be reached at our company website https://www.silobreaker.com/
Source link
