Geopolitical Factors Will Continue To Be A High Motivation For Cyberattacks


The GCC has committed itself to growth. A sustainable future is within its grasp. Governments here have pledged themselves to mandate some changes and support others, all for the betterment of society. Their economic visions, however, are not shared by everyone. The UAE, Saudi Arabia, and other Gulf nations are in the crosshairs of cyber actors with political and military motives.

And they take no prisoners. This year, in Ukraine, Taiwan and Japan, we saw the swiftness with which they can move. And in 2012, at Saudi Aramco and Qatar’s RasGas, we saw that no organisation is safe. These same organisations and others that fall into the “critical infrastructure” category are at risk now more than ever because they, like their private-sector peers, are digitising at scale. More satellites, more merging of OT and IT, more IoT (propelled by rapid 5G rollouts) — it all adds up to a ballooning attack surface that governments must somehow protect. What follows are the main trends we believe will give policymakers pause for thought in 2023.

Geopolitics and Grey-zone conflict

Geopolitics opens new avenues for cyber threat actors to attack businesses and individuals in their targeted countries and supporters. Throughout 2022, geopolitical tensions have been exacerbated by hacktivists and other cyber threat actors. Cyberattacks have accompanied and complemented kinetic military action in these instances to undermine resistance and defence capabilities against invaders, influence foreign policies, and support the aggressor’s strategic goals. The rise of geopolitically motivated cyberattacks and misinformation campaigns may continue to shape the cyberthreat landscape through 2023.

The imminent global cyber threat to critical infrastructure as cyberwarfare evolves

Since the Russia-Ukraine conflict began, cyberattacks have evolved drastically, not just from nation-states but also from cybercriminals, hacktivists, and other less skilled actors. Tactics targeting critical infrastructure have plagued the cyberwar landscape. The current patterns of tactics, currently observed suggest increased aggression and risk to a plethora of entities. Similarly, a rise in victims of cyberwarfare collateral damage has been observed. These risks may be ever more present to those in critical parts of the energy, banking, and military sectors.

Threat actors such as Turla, Metador and UNC3886 find themselves in the spotlight due to their increased activities. Couple this with some of their novel techniques, such as UNC3886’s VMware ESXi malicious VIB file persistence, and the rise in volatile global conflicts has created a prime opportunity for advance persistent threats (APT) to adapt better, expand, and conduct their campaigns.

In 2023, no longer will simple security planning be enough to deter or prevent attackers. System defenders worldwide may have to implement a more proactive defensive approach led by the stringent industry standards followed by government, military, and multi-governance environments. It may very well be a significant rise in advanced cyber-actors causing disruptions to critical infrastructure in vulnerable targets. No doubt, the discovery of novel techniques may cause other bad actors to adopt them, changing their campaigns to threaten further users, industries, and critical assets connected to the internet.

Cyberwarfare remains an ever-changing landscape, with sympathetic users being called to act against adversary targets and unsuspecting users being used through fictitious applications and campaigns. We suspect we could see a rise in unsuspecting users being leveraged as launching points for attacks targeting critical infrastructure. Further increasing the threat to critical infrastructure, we could see more IoT devices hijacked in exponentially larger distributed denial of service attacks for warfare purposes.

Space hacking: only going up from here!

With the launch of more satellites, society’s reliance on satellite data and internet access, the attack surface will grow and history has shown us that attacks usually follow. We see risks to satellites highlighted in the fact that satellites are just purpose-built computers and, as such, are vulnerable to many of the same cybersecurity threats that happen here on earth.

As the cost to put payloads into low earth orbit (LEO) continues to decrease, more and more companies will have satellites launched. And, as is the case in other industries, if cybersecurity is not fully considered during the initial phases of design, it will take a back seat to other engineering challenges, thus leaving the system open to compromise.

Targeted denial-of-service attacks like those witnessed in Ukraine against SpaceX Starlink terminals may be an ever-increasing problem. Another area of concern is ransomware. As the space landscape continues to evolve from purely scientific research into critical infrastructure, it brings with it malicious actors which prey on critical infrastructure, knowing the value of the services provided by these networks. Locking up critical infrastructure satellites and demanding a ransom from the providers or even the businesses using the links will result in lucrative payouts for ransomware authors, as these networks cannot remain offline for long.

Together we can wrestle back control from the attackers

Our cyberwar is everywhere. It is in our homes and offices, in our national infrastructure, and far above our heads in the vacuum of space. If we are to rise to this challenge, we must consider our enemies and exploit their weaknesses as we leverage our own strengths. It will not be easy. Geopolitical attackers are well-trained, well-funded, and, therefore, well-equipped.

But it is not all doom and gloom. We are many — citizens, governments, public enterprises, and private technology companies. We can band together to resolve many of these issues. Sometimes it will take policy change, and sometimes, simple training. But sometimes, the tools of the age are necessary to tackle the challenges of the age. Advanced cybersecurity platforms are out there — ones that empower governments to stand up to the hacktivist and lock them out of what matters most.

Written By: Anne An, John Borrero Rodriguez and Ryan Fisher, researchers at Trellix Advanced Research Center

If you liked reading this, you might like our other stories
Seven Predictions For 2023 That Every CISO Should Accept
Cybereason Urges CISOs To ‘Adjust Their Cyber Readiness Footing’ In 2023