Current Cyber Security Threats and Future Challenges
Nation-State Threat Actors and Disinformation
Copyright (c) 2022 Péter Selján
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Abstract
The cybersecurity environment is constantly deteriorating partly due to the extraordinary speed of technological development, which increases the number and frequency of exploitable vulnerabilities i.e., the size of the “attack surface” in cyber space. However, nation-state threat actors that pose the most serious challenge are trying to make the most out of the deteriorating and unpredictable cyber security environment. Based on leading industry and cyber security reports, the present paper seeks to summarise the key developments of 2021 and the first half of 2022, focusing primarily on the leading nation-state threat actors. Without wishing to be exhaustive, this paper describes the cyber activities observed during the examined period which deemed attributable to the leading malicious nation-state actors – including hacker groups in Russia and China. In addition, it tries to draw attention to today’s cyber security threats and the challenges ahead – such as the ever faster spread of disinformation – but all this without engaging in a deeper analysis, unnecessarily.
Keywords:
References
A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges. [online], Flashpoint, 2021. április 30. Forrás: https://flashpoint-intel.com [2022. 05. 18.]
Alert (AA22-083A), Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector. [online], Cybersecurity and Infrastructure Security Agency, 2022. március 24. Forrás: https://cisa.gov [2022. 05. 24.]
Alert (AA22-110A), Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. [online], Cybersecurity and Infrastructure Security Agency, 2022. április 20. Forrás: https://cisa.gov [2022. 05. 28.]
Burt, Tom: Another Nobelium Cyberattack. [online], 2021. május 27. Forrás: blogs.microsoft.com [2022. 05. 14.].
Burt, Tom: Cyberattacks Target International Conference Attendees. [online], Microsoft, 2020. október 28. Forrás: https://blogs.microsoft.com [2022. 05. 19.]
Cimpanu, Catalin: Windows 10, iOS 15, Ubuntu, Chrome Fall at China’s Tianfu Hacking Contest. [online], The Record, 2021. október 17. Forrás: https://therecord.media [2022. 05. 17.]
Clapper, James R. – Marcel Lettre – Michael S. Rogers: Joint Statement for the Record to the Senate Armed Services Committee, Foreign Cyber Threats to the United States. [online], Senate Armed Services Committee, 2017. január 5. Forrás: https://armed-services.senate.gov [2022. 05. 29.]
Cole, Brendan: Russia Puts U.S. Top of ’Unfriendly Countries’ List. [online], Newsweek, 2021. április 27. Forrás: https://newsweek.com [2022. 05. 15.]
Conceptual Views on the Activity of the Armed Forces of the Russian Federation in Information Space. Ministerstvo Oborony Rossiyskoy Federatsii, 2011. [online]. Forrás: https://pircenter.org [2022. 05. 24.]
Conger, Kate: With Eye to Russia, Biden Administration Asks Companies to Report Cyberattacks. [online], The New York Times, 2022. március 23. Forrás: https://nytimes.com [2022. 05. 26.]
Conger, Kate: Hackers’ Fake Claims of Ukrainian Surrender Aren’t Fooling Anyone. So What’s Their Goal? [online], The New York Times, 2022. április 5. Forrás: https://nytimes.com [2022. 05. 25.]
Conger, Kate: Ukraine Says It Thwarted a Sophisticated Russian Cyberattack on Its Power Grid. [online], The New York Times, 2022. április 12. Forrás: https://nytimes.com [2022. 05. 25.]
Conger, Kate – David E. Sanger: U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks. [online], The New York Times, 2022. április 6. Forrás: https://nytimes.com [2022. 05. 25.]
Conger, Kate – David E. Sanger: Russia Uses Cyberattacks in Ukraine to Support Military Strikes, Report Finds. [online], The New York Times, 2022. április 27. Forrás: https://nytimes.com [2022. 05. 25.]
Connell, Michael – Sarah Vogler: Russia’s Approach to Cyber Warfare. [online], CNA, 2017. március. Forrás: https://cna.org [2022. 05. 28.]
Cyber Attacks against Estonia (2007). [online], Cyber Law Toolkit, 2007. április 27. Forrás: https://cyberlaw.ccdcoe.org [2022. 06. 04.]
De Moura, Georges – Tal Goldstein: What the Biden-Putin Summit Reveals about Future of Cyber Attacks – And How to Increase Cybersecurity. [online], World Economic Forum, 2021. június 17. Forrás: https://weforum.org [2022. 09. 11.]
Edward Snowden: Leaks that Exposed US Spy Programme. [online], BBC, 2014. január 17. Forrás: https://bbc.com [2022. 06. 04.]
Ehrlich, Amitai Ben Shushan: From Wiper to Ransomware. The Evolution of Agrius. [online], SentinelLABS, 2021. május 25. Forrás: https://sentinelone.com [2022. 05. 18.]
Falcone, Robert: Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa. [online], Unit 42, 2020. szeptember 4. Forrás: https://unit42.paloaltonetworks.com [2022. 05. 18.]
Fassihi, Farnaz – Ronen Bergman: Israel and Iran Broaden Cyberwar to Attack Civilian Targets. [online], The New York Times, 2021. november 27. Forrás: https://nytimes.com [2022. 05. 10.]
Gatlan, Sergiu: Microsoft: Russian State Hackers Behind 53% of Attacks on US Govt Agencies. [online], 2021. október 8. Forrás: https://bleepingcomputer.com [2022. 05. 15.]
Georgia–Russia Conflict (2008). [online], Cyber Law Toolkit, 2008. július–augusztus. Forrás: https://cyberlaw.ccdcoe.org [2022. 06. 04.]
HAFNIUM Targeting Exchange Servers with 0-day Exploits. [online], Microsoft Threat Intelligence Center (MSTIC), 2021. március 2. Forrás: https://microsoft.com [2022. 05. 16.]
Haidt, Jonathan: Why the Past 10 Years of American Life Have Been Uniquely Stupid. [online], The Atlantic, 2022. április 11. Forrás: https://theatlantic.com [2022. 05. 26.]
Hanna, Andrew: The Invisible U.S.–Iran Cyber War. [online], The Iran Primer, 2019. október 25. Forrás: https://iranprimer.usip.org [2022. 06. 04.]
Federal Bureau of Investigation: Internet Crime Report 2021. [online], FBI, 2021. Forrás: https://ic3.gov [2022. 05. 05.]
Krasznay Csaba: az új kulcsszó a kiberhigiénia. [online], Infostart, 2022. január 18. Forrás: https://infostart.hu [2022. 06. 06.]
Martin, Alexander: US Military Hackers Conducting Offensive Operations in Support of Ukraine, Says Head of Cyber Command. [online], Sky News, 2022. június 1. Forrás: https://news.sky.com [2022. 06. 04.]
McLaughlin, Jenna: Top Biden Cyber Official: SolarWinds Breach Could Turn from Spying to Destruction ’in a Moment’. [online], Yahoo News, 2021. április 8. Forrás: https://news.yahoo.com [2022. 05. 15.]
Microsoft: Microsoft Digital Defense Report. [online], Microsoft, 2021. október. Forrás: https://microsoft.com [2022. 04. 29.]
Nafisi, Ramin – Andrea Lelli: GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s Layered Persistence. [online], Microsoft, 2021. március 4. Forrás: https://microsoft.com [2022. 05. 14.]
NATO 2030 Factsheet. [online], NATO, 2021. június. Forrás: https://nato.int [2022. 05. 26.]
NATO Science & Technology Trends 2020–2040. [online], NATO Science & Technology Organization, 2020. március. Forrás: https://nato.int [2022. 05. 26.]
O’Neill, Patrick Howell: How China Built a One-of-a-Kind Cyber-Espionage Behemoth to Last. [online], MIT Technology Review, 2022. február 28. Forrás: https://technologyreview.com [2022. 05. 28.]
Pay2Kitten, Pay2Key Ransomware – A New Campaign by Fox Kitten. [online], Clear Sky Security, 2020. december. Forrás: https://clearskysec.com [2022. 05. 18.]
Perlroth, Nicole – Noam Scheiber – Julie Creswell: Russian Cybercriminal Group Was Behind Meat Plant Attack, F.B.I. Says. [online], The New York Times, 2021. június 2. Forrás: https://nytimes.com [2022. 05. 28.]
Recent Ransomware Attacks. [online], Checkpoint Research, é. n. Forrás: https://checkpoint.com [2022. 06. 04.]
Rekowski, Michał – Tomasz Piekarz – Barbara Sztokfisz – Robert Siudak – Izabela Albrycht – Przemysław Roguski – Paweł Kostkiewicz et al.: Geopolitics Of Emerging and Disruptive Technologies. [online], Krakow, The Kosciuszko Institute, 2020. Forrás: https://ik.org.pl [2022. 05. 29.]
Russian SVR Targets U.S. and Allied Networks. [online], NSA, CISA & FBI, Cybersecurity Advisory, 2021. április 5. Forrás: https://media.defense.gov [2022. 05. 15.]
Sanger, David E. – Kate Conger: Russia Was Behind Cyberattack in Run-Up to Ukraine War, Investigation Finds. [online], The New York Times, 2022. május 10. Forrás: https://nytimes.com [2022. 05. 28.]
Selján Gábor: The Remarkable 10th Anniversary of Stuxnet. AARMS, 19. (2020), 3. 85–98. Online: https://doi.org/10.32565/aarms.2020.3.6
Selján Péter – Selján Gábor: Kiberbiztonsági kitekintés. Nemzet és Biztonság, 14. (2021), 1. 24–47. Online: https://doi.org/10.32576/nb.2021.1.3
Smith, Brad: Digital Technology and the War in Ukraine. [online], Microsoft, 2022. február 28. Forrás: https://blogs.microsoft.com [2022. 05. 24.]
Soesanto, Stefan: The IT Army of Ukraine. [online], Center for Security Studies, 2022. június. Forrás: https://css.ethz.ch [2022. 09. 11.]
Special Report: Ukraine. An Overview of Russia’s Cyberattack Activity in Ukraine. [online], Microsoft Digital Security Unit, 2022. április 27. Forrás: https://microsoft.com [2022. 04. 28.]
Stanley-Lockman, Zoe – Edward Hunter Christie: An Artificial Intelligence Strategy for NATO. [online], NATO, 2021. október 25. Forrás: https://nato.int [2022. 05. 26.]
The 10 Biggest Ransomware Attacks of 2021. [online], Touro College Illinois, 2021. november 12. Forrás: https://illinois.touro.edu [2022. 05. 05.]
The Chinese Private Sector Cyber Landscape. [online], Margin Research, 2022. április 25. Forrás: https://margin.re [2022. 05. 17.]
The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior tot he People’s Republic of China. [online], The White House, 2021. július 19. Forrás: https://whitehouse.gov [2022. 05. 17.]
Voo, Julia – Irfan Hemani – Simon Jones – Winnona DeSombre – Daniel Cassidy – Anina Schwarzenbach: National Cyber Power Index 2020. Methodology and Analytical Considerations. [online], Belfer Center, 2020. szeptember. Forrás: https://belfercenter.org [2022. 08. 06.]
Шойгу рассказал о задачах войск информационных операций. [online], РИА Новости, 2017. február 22. Forrás: https://ria.ru [2022. 05. 24.]
York, Dan: What Is the Splinternet? And Why You Should Be Paying Attention. [online], Internet Society, 2022. március 23. Forrás: https://internetsociety.org [2022. 05. 31.]