May 5, 2017 By Eli Ben Meir 3 min read

The cyber age has brought incalculable advantages to modern life. The world is connected and accessible like never before. But like all technological advances, there is a dark side to this progress: Quite simply, the cyber age is revolutionizing warfare.

Whereas security threats were once visible and easily identifiable, today’s cyberthreats are invisible and anonymous. Where once warfare had clear rules and boundaries, modern cyber warfare is largely anarchic and without borders. As a result, governments and corporations alike are struggling to identify threats, let alone combat them effectively. This calls for an entirely new security discourse.

All’s Fair in Cyber Warfare

A brief glance at some of the most recent cyberattacks illustrates the scope of the task ahead. It appears French presidential candidate Emmanuel Macron’s campaign was targeted by a cyber espionage group recently. Late last year, the San Francisco transit system was disrupted by a ransomware attack, prompting concern over the safety of other U.S. transport networks. Additionally, half of U.K. businesses reportedly suffered a breach in 2016.

Enemies can seemingly strike anywhere at any time. This is not the work of a conventional army; it is usually the work of a small, dedicated group of fraudsters who wear no identifiable uniform. They are armed with everyday hardware, invisible codes and malware. And in the digital world, borders are irrelevant. A cybercriminal’s battleground knows no boundaries.

The difficulty of identifying a cyberattack is compounded by the rapid advances of malicious actors. As connectivity escalates between people, companies and organizations across the globe, fresh opportunities to launch attacks are opening up all the time. Technological developments are inevitably seized upon by enemies up to no good. In this regard, the growth of the Internet of Things (IoT) is set to make the challenge of cybersecurity even more complex.

Strategy and Intelligence Over Technology

Until now, the standard response to this increasing danger has been to match technology with technology — in other words, a cyber arms race. In this cat-and-mouse game, an evermore sophisticated arsenal is developed to counter the latest weapons being deployed. This amounts to applying an increasing number of Band-Aids to all manner of illnesses and infections. It is a piecemeal and inadequate response.

A fresh, more sustainable approach is required. This approach must be holistic, comprehensive and adaptable to the new nature of warfare. Most importantly, intelligence must play a meaningful role.

As a first step, determine exactly who constitutes an enemy in cyberspace. Given that anyone with a computer could theoretically be an attacker, it is critical to narrow down the possibilities. After all, even a colleague can become a threat — or at least an unwitting accomplice to a security event. In cyber warfare, it is often unclear who is friend and who is foe. A clear distinction based on an accurate intelligence assessment must be made between enemies, opponents and allies.

Since cyber warfare is so widespread and varied, it’s important to accept that not every attack can be repelled. Because there is no hermetic cyberdefense system, an intelligence evaluation is required to determine which attacks require an instant response. This means calculating critical interests and resolving to defend them, while at the same time being prepared to tolerate threats to lesser assets.

By doing so, government leaders and corporate managers can better understand the parameters to the cyber threats they face. They will then be able to clearly define what constitutes critical defense and set their security priorities accordingly. Consequently, they will be able to develop a workable cyberdefense strategy, establishing a critical and long-lasting mode of operation.

A War of Attrition

Of course, in today’s world, everything is interconnected. The individual process of establishing a holistic cyber strategy must be complimented by a wider legal and societal consideration of contemporary threats.

Legal systems need to define the lawful boundaries of cyber defense. Meanwhile, workers and network users must be educated and trained to spot the signs of a digital attack. In doing so, they can provide valuable help to the intelligence gathering process.

If governments and corporations seriously wish to win the cyber war, they must make a paradigm shift. Warfare is no longer a question of weaponry, but a matter of strategy. Only a sustainable, strategic approach, with intelligence at its core, can triumph. The alternative is an expensive, never-ending and, ultimately, futile battle against those who wish to cause harm.

Download the IBM X-Force research report: Weaponizing the Internet of Things

More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today