The first days of 2020 have been marked by escalating tensions between countries like the United States, Iran, Russia, and North Korea. We have heard a lot about cyberwarfare and its growing use by governments around the world. But, what possible conflicts between these countries have to do with cybersecurity?

What is Cyberwarfare?

Cyberwarfare refers to the use of digital attacks by one country to affect another country’s essential information systems. This type of attack can be performed by means of computer viruses, malware or hacking, with the main goal of causing the greatest possible damage to the digital infrastructure of its targets.

We are getting closer to a world of top-secret digital spies, hackers, and weapon designs. And apparently, this trend is here to stay. The next major conflicts, in addition to troops armed with conventional artillery, are expected to be based on spies and hackers using digital means to attack the critical infrastructure of their enemies. But how is it possible to distinguish an isolated attack from cyberwarfare after all?

What characterizes a Cyber​warfare?

Whether an attack is considered an act of cyberwarfare depends on a number of factors. Some of them include: the attacker’s identity; what actions are taken; how they are taken; and the damage they do. That is, basically we are talking about the scale and severity of the attacks. Furthermore, cyberwarfare, in the sense of the word, is a conflict between governments and not between individuals. It is worth to mention, however, that attacks performed by individuals – or even groups of hackers – can also be considered cyberwarfare, only if they are supported or directed by a specific government.

We can take, as an example, an Iranian hacker (or a group of them) that performs a cyberattack on the systems of an American bank to obtain financial benefits. In this case, the incident would not be considered an act of cyberwarfare, even if it came from a nation considered an enemy. However, if this hacker group is sponsored by a government, and the goal of the attack is to destabilize the rival country’s economy, then we could consider it as cyberwarfare.

The nature and scale of the attack are other indicators: hacking into a government agency’s website may not be considered an act of cyberwarfare. However, hacking and deactivating the systems of a power generation plant would be classified as such.

What are the weapons of a Cyberw​arfare?

The weapons used in the attack are also important. Considering that cyberwarfare refers to digital attacks on information systems, throwing a missile at a datacenter is not considered cyberwarfare, even if government data is stored in that datacenter. 

Finally, the use of tools to spy or steal data is not considered an act of cyberwarfare. In this case, we are dealing with cyber espionage, something that is done by countless governments. So, what would be practical examples of weapons used in cyberwarfare?

How are the attacks?

The hackers who are better prepared with the most advanced weapons, with the aim of invading the most advanced systems. Everyone involved in top-secret, multi-million dollar projects. In general, the weapons used in cyberwarfare can range from the most basic to the state of the art in cybersecurity. It all depends on the effect that the malicious agent wants to cause. Many of these weapons are part of a hacker’s basic arsenal and can be used alone or together during a cyberattack. During cyberattacks in Estonia in 2007, for example, distributed denial of service (or DDoS) attacks were performed.

Another common technique used by hackers during an attack associated with cyberwarfare is sending phishing emails. When opening a link or an attachment, the user can allow the installation of malicious software or malware. This type of software is able to extract sensitive information from the infected workstation, in addition to spreading itself over the network, infecting other devices. An example of malware is Shamoon, which in 2012 erased data from more than 30,000 hard drives in Saudi Arabia.

Ransomware attacks, which have lately been a major source of issues for people and businesses, can be used not only to gain financial benefit but also to spread chaos. Petya malware is an example of this type of attack. Discovered in 2016, it was used the following year in a global cyberattack, targeting Ukrainian and Russian companies as well as ministries, banks and even the transportation system. The damage caused by this ransomware is believed to be in the billions of dollars.

Finally, malicious attackers can exploit zero-day vulnerabilities. These types of vulnerabilities are basically bugs or code flaws, which allow an attacker to access or control systems. Hackers exploit zero-day vulnerabilities a lot because they have not yet been discovered or fixed by system developers. An interesting aspect of cyber weapons that exploit zero-day flaws is that, unlike a conventional bomb or missile, this type of weapon can be studied and also used by the government that was initially attacked. A good example of this type of attack is WannaCry, which did a lot of damage in 2017. The ransomware, believed to have been developed by North Korean government officials, had spread itself to more than 200,000 computers in Russia, Ukraine, India, and more than 150 countries.

Who are the targets?

In all attacks associated with cyberwarfare, large industrial control systems and military systems are considered the primary targets of malicious attackers. However, with the increase in connected devices, this battleground may also include the homes of ordinary citizens. Thermostats, cameras, appliances, and even toys can be used to spy on ordinary people in other countries (or even to cause damage). It is worth to remember that connected devices are not just in households; hospitals, power plants, and factories are full of sensors and connected components. This means that the real impact of an attack on critical infrastructure can be quite critical.

In this context, many argue that effective cyberwarfare will never occur. For others, we are living in times of virtual conflicts. Common sense is that it is possible that cyber weapons also become a more common feature in conflicts between nations. However, this type of weapon tends to be used with conventional bomb attacks. Thus, it is unlikely that a war will be fought only with digital weapons, as they are expensive, difficult to control and their impact is limited.