Digital Threat Digest - 8 September 2022
PGI’s Digital Investigations Team brings you the Digital Threat Digest, SOCMINT and OSINT insights into disinformation, influence operations, and online harms.
Low-level cyberwarfare
Public and corporate perceptions of a nation-State driven, large-scale cyber-attack, revolve primarily around a singular hostile attack which would collapse the underpinnings of our modern society. There are myriad complex reasons why nation-States have yet to deploy their singularly destructive offensive cyber capabilities – even Russia within the current phase of the Ukrainian conflict. But the challenge remains that the Hollywood-esque cyber-attack mental imagery still remains the easiest, but also laziest tool—particularly in a world driven by short sound-bites—for policymakers to keep necessary cyber security consciousness high. However, this leads to the inevitable risk that while such an event never happens as envisaged by the imagery, complacency or threat-weariness emerges, which provides the operating space for the State actor to execute the much more pernicious ‘lower-level’ digital threats (which have always comprised a State’s offensive cyber strategy) through other more permissive vectors. This trend can be particularly observed in the ongoing Iranian-Israeli conflict in which private businesses and ordinary citizens have found themselves increasingly caught in the State-on-State cyber-crossfire.
Over the past decade, the governments of Iran and Israel have engaged in a shadow war, involving confrontation in the cyber domain. But more recently, the elements of the offensive cyber strategy that includes include civilian entities have become more clearly illuminated. On August 17, for instance, researchers from Mandiant reported on a suspected Iranian threat group, which has been linked to a series of attacks aimed at Israeli shipping, healthcare, and energy sectors. This discovery is, however, far from being the only example of a growing ability to identify the targeting of civilian assets. In October 2021, Israel was blamed for a cyberattack that disrupted the fuel distribution system in Iran. A few days later, a group believed to be linked to Iran hacked an Israeli LGBTQ+ dating app and leaked the personal information of all its users. The latter was described by Israel Internet Association (ISCOC-IL) as "one of the most serious attacks ever on privacy in Israel".
The New York Times pointed to this exchange between Iran and Israel as a new trend of prioritising soft targets. The concept is certainly not ‘new’, but the perpetually increased digitisation of our world makes soft targets much easier to reach at scale and therefore more strategically impactful. Today, a great deal of essential, but poorly protected, civilian infrastructure and society relies heavily on digital technologies to manage day-to-day operations and lives. Due to their exposed vulnerabilities, civilian entities make an easy prey for adversarial attacks. Unlike military and governmental agencies, civilian networks do not require an enormous investment of resources and time to successfully strike out. And, most importantly, it can be done through common methodology that means the much more advanced ‘zero-day’ powder can be kept dry.
Minimising the risk of escalation provides another compelling reason for governments to adopt a low-risk strategy in conducting offensive cyber-activities. As such, advancing political objectives can be achieved through incremental and non-escalatory actions through a complex fog of vaguely plausible deniability – gaining tactical flexibility. While causing significant economic damage and societal distress, the latest cyberattacks between Iran and Israel have remained below the commonly understood threshold for the kinetic retaliation. So, by resorting to this non-conventional approach, both aspiring powers have been capable of inflicting gradual and cumulative damage on each other without necessarily slipping into an undesired military confrontation.
In short, the prevalence of information technology is reshaping the landscape of geopolitical competition, where rules of engagement evolve at the same rate as their digital enablers.
As networked connectivity further proliferates across the globe across commercial and societal landscapes, the list of viable civilian targets for cyberattacks is only likely to expand. The rise of big data, Internet of Things and Internet of Bodies will widen the attack surface, providing threat actors with copious approachable opportunities. According to some estimates, the number of connected devices is forecast to exceed 100 billion in 2030. Meanwhile, the protection of digital infrastructure continues to be an insufficiently addressed issue, especially at the lower end of the cyber realm.
Emulative and competitive behaviour among States is a well-established assumption within international politics. Accordingly, successful practices will eventually be adopted by other members of the international community in order to enhance their competitiveness. In fact, many States including the UAE and Saudi Arabia have already developed cyber capabilities and are currently exploring the potential of offensive cyber operations. Inspired by the advantages of low-risk cyber actions, more ambitious nations beyond the MENA region are, therefore, expected to follow suit by incorporating these techniques into their modus operandi. As a result, more ordinary people in the future will likely become victims of cyberattacks directed at their governments.
More about Protection Group International's Digital Investigations
PGI’s Social Media Intelligence Analysts combine modern exploitative technology with deep human analytical expertise that covers the social media platforms themselves and the behaviours and the intents of those who use them. Our experienced analyst team have a deep understanding of how various threat groups use social media and follow a three-pronged approach focused on content, behaviour and infrastructure to assess and substantiate threat landscapes.
Disclaimer: Protection Group International does not endorse any of the linked content.