Trends in the context of cyberwarfare

In this post we will develop an excerpt from the report “CCN-CERT IA-35/23 Cyber Threats and Trends " which addresses a scenario that we can consider critical in the history of cybersecurity, it focuses on the events of 2022. This being an exceptional period not only because of the start of the armed conflict in Ukraine due to the Russian invasion, but also because of the significant impact these events had on cyberspace.

The unprecedented synergy observed between traditional military operations and cyber operations has been representative, marking a turning point in the nature of modern warfare. Moreover, it highlighted an increase not only in the sophisticated activity of cyberattack groups but also in their level of hostility. This global scenario provided a unique context for understanding how geopolitical events and crises can shape and transform the cyber threat landscape and cybersecurity strategies worldwide.

Some highlights

1- Development of artificial intelligence: OpenIA with its publication of ChatGPT has given the possibility to all types of public to interact directly with an AI model, there was no delay in identifying the possibilities in the field of cybersecurity (both for protection and for the adversary).

2- Zero-day vulnerabilities: Although the figures analyzed do not exceed the record, the number of exploited zero-day vulnerabilities has been very high, reaching values much higher than those recorded in 2020 and previous years.

Mandiant Report - Zero Days exploited
3- Conjunction of "Multidomain Conflicts": In 2022, a joint operation in cyberspace was observed for the first time at a considerable stage of maturity. This included the coordination of cyber operations, the use of drones and civilian technology for military purposes. Attacks targeted essential Ukrainian services, including financial entities, news agencies and power substations.

4- Involvement of Civilian Personnel in Hacktivism: Civilian groups and individuals participated in hacktivist campaigns, either against Ukrainian entities or against agencies of countries supporting Ukraine. This included denial of service campaigns using IoT botnets.
5- Conflict-Related Phishing Campaigns:
he conflict in Ukraine was used in numerous phishing campaigns, demonstrating once again how impotent geopolitical event scan influence cyberattack strategies.

The use of topical issues is a recurring issue for cybercrime groups. In 2022, the World Cup in Qatar took place, with an increase in activity from different types of groups in relation to the topic. Related to this, the registration of domains using typosquatting techniques to impersonate domains associated with FIFA has also been observed

6- Activities of APT Groups: The report also details the activities of the most relevant APT (Advanced Persistent Threats) groups, highlighting the sophistication and variety of their operations. Among some we can mention cyberwarfare actions within operations that aim to impact on the physical plane. APT groups such as Sandworm and APT28 have participated in the military operation against Ukraine.

Operation scheme - Sandworm

7- Cybercrime During the Pandemic: There was a decrease in cybercrime incidents during the pandemic (2020-2022), attributed to the disruption of criminal activities and lack of visibility into user activity. However, there was a notable resurgence in Emotet activity in 2022, with new techniques to evade detection.

TOP Malware detected in 2022
8- Improved techniques in cyberthreats: Techniques were observed with more development, specifically in the use of malware, exploitation of applications and public services, obtaining information from organizations, and use of remote access services to gain initial access or persistence in networks. For example, in ransomware operations have been seen with post-exploitation capabilities with more automated functions. It is interesting to mention the proliferation of the use of Telegram as a method of information exfiltration, in addition to the use of dynamic domains..

Top ransomware groups by number of incidents

9- Impact of Technological Development and Teleworking: The rapid technological development and adoption of teleworking during the pandemic created new opportunities for cybercriminals, who began exploiting remote access services and publicly exposed administrative web panels.

10- Rise of Infostealer Malware: There was an increase in the use of infostealer malware (information stealers), with operators offering their use as a service. This type of malware is used to collect sensitive information, such as passwords and cryptocurrency data. Although there are open source infostealer malware families, it is common for different operators to offer their use as a service (malware-as-a-service), with different rental options to suit their customers.

Conclusion

The Cyber Threats and Trends report (CCN-CERT IA-35/23) is further evidence of the dynamic and generally turbulent world of cyberspace in recent years. Through an analysis of events in 2022 and emerging trends in 2023, it is clear that there is a rapid evolution, influenced by geopolitical factors and technological advances. The invasion of Ukraine by Russia not only set a change in the nature of conventional warfare, but also reinforces cyberspace as an active battlefield with new tactics and strategies.

It highlights the importance of "monitoring and detecting", resilience and continuous innovation in the field of cybersecurity. The continued sophistication of cyber-attacks, the innovative use of technologies for espionage and sabotage purposes, and the rise of cybercrime, mixed with the era of teleworking, highlight the need for robust and "multidimensional" security strategies to enhance protections.