Geopolitics and defending against cyber-threats

Kristofer Mansson at Silobreaker explores the critical role of geopolitical intelligence in cyber-security defence 

 

These are unprecedented times, marked by extraordinary events like the recovery from a once-in-a-lifetime global pandemic, a major land war in Europe and global financial turmoil. The geopolitical landscape is in significant flux, and it’s crucial to recognise that these events aren’t confined to the purely geopolitical or physical realms.

 

In this digital age, the world is more connected than ever before and disruptions in one domain can have far-reaching consequences in another.

 

Conflicts, pandemics, elections and nation-state agendas frequently serve as the backdrop for cyber-attacks, creating new opportunities for cyber-attackers to weaponise these events for greater impact. There have been quite a few recent examples of this trend.

 

Political divides fuel hacktivism

In 2023, political divides and societal conflicts have influenced and motivated threat actors and hacktivists around the world. For example, in response to a multi-state ban of gender-affirming and transgender healthcare in the US, the SiegedSec hacker group attacked several state-run websites, satellite systems and cities. The group previously targeted the US in 2022, as a protest about abortion restrictions.

 

Other notable hacktivist activity in 2023 has included the VulzSec Group’s targeting of the French National Police in retaliation for ongoing police brutality against protesters, and Guacamaya’s campaign against the Australian Federal Police, as well as multiple military and police agencies across Latin America.

 

In addition, Anonymous Sudan’s attack on the Sudanese Rapid Support Forces’ website arose amidst intensified hostilities in the country.

 

Ukraine war sparks cyber-attacks

The spill-over effect of war into cyber-space is particularly prominent in the war in Ukraine. Anonymous Sudan, which is increasingly believed to be a Russian false-flag operation, has launched multiple attacks on countries supporting Ukraine, and has recently collaborated with the Russian hacker group Killnet.

 

Other prominent pro-Russian groups include NoName(057)16. It is behind the notorious DDOSIA distributed denial-of-service project, which launched in the Summer of 2022 and which has already grown by 2,400 percent.

 

Ukrainian hacker groups are undertaking counter offensives, although not on quite the same scale. One noteworthy group is the Ukraine IT Army, which began targeting Russian and Belarusian sites in February 2022, and recently claimed an attack on the Russian state-owned railway company RZD. Whilst this group started as a voluntary effort consisting of researchers and hackers, Ukraine has since sought to increase the group’s legitimacy by drafting a law to bring the collective into its armed forces.

 

Traditional nation-state threat activity has also increased, with groups like the Russian state-backed group Gamaredon continuously adapting their techniques to target entities in Ukraine.

 

While the early stages of the war saw many destructive attacks involving wiper malware, much of the current state-sponsored activity involves phishing campaign. Through these, they aim to gain a foothold within the systems of critical infrastructure and government or military organisations for espionage purposes.

 

Combining cyber-security and geopolitical intelligence

Whether a cyber-attack trigger is a pandemic, military conflict or other geopolitical development, there is a growing need for organisations to integrate geopolitical intelligence into their cyber-threat intelligence programmes.

 

However, intelligence teams often lack the bandwidth to make use of geopolitical intel, concentrating on more directly actionable cyber-threat intelligence instead.

 

There are a number of ways to integrate geopolitical intelligence into cyber-threat intelligence programmes effectively and efficiently. One method that we support is to employ a platform that is capable of combining, collecting and analysing multiple types and sources of data, across geopolitical, cyber-threat and physical security domains in one place.

 

This enables the production of timely and relevant intelligence across multiple attack vectors, providing a holistic view of the security landscape. 

 

When selecting a platform, the ability to collect and aggregate data, structured and unstructured, from various sources – including open-source channels, dark web forums, as well as from established intelligence providers – is an essential feature. This ensures a well-rounded blend of leading finished intelligence reports and real-world accounts and discussions on the web, leading to more verifiable and accurate conclusions.

 

The role of geopolitics in threat intelligence

As outlined, global events have a direct impact on cyber-security and it is crucial that organisations have visibility over these risks.

 

By integrating geopolitical intelligence with a comprehensive understanding of the overall threat landscape, organisations gain valuable insights and early warnings that are essential for preventing, responding to and mitigating the most critical threats they face. It can help equip businesses with the knowledge and strategic advantage they need to safeguard their digital assets and their organisation itself. 

 

Although it can be tempting to focus solely on overt cyber-security threats, in today’s digital, interconnected world, geopolitical intelligence is becoming a necessity that organisations can’t afford to overlook.

 

---

 

Kristofer Mansson is CEO and Founder at Silobreaker

 

Main image courtesy of iStockPhoto.com