Cyberattacks have become a critical threat to organisations worldwide in a world where geopolitical tensions escalate daily. Nation-states sponsor these sophisticated and opportunistic attacks, exploiting everything from advanced technologies to social engineering tactics.
As Morey Haber, Chief Security Advisor, BeyondTrust, noted, “Geopolitical attacks are a complex problem. Nation-states sponsor cyberattacks using trained individuals to target other nations. These attacks can be sophisticated or opportunistic.”
In its Distributed Denial-of-Service (DDoS) Threat Intelligence Report findings, Netscout Systems stated there has been an exemplifying shift in the global security landscape where DDoS hacktivism has transcended geographic borders in the past year.
Groups like NoName057(016) and Anonymous Sudan, as well as lone hackers and small collectives, are increasingly using DDoS to target those ideologically opposed to them.
For example, Peru saw a 30 per cent increase in attacks, which were tied to the protests over former Peruvian President Fujimori’s release from prison on December 6.
Poland saw a surge at the end of 2023, all associated with a regime change and statements reaffirming Poland’s support of Ukraine in the Russia-Ukraine conflict.
NoName057(016), Anonymous Sudan, and Killnet have taken credit for DDoS attacks in Ukraine, Russia, Israel, and Palestine, targeting communications infrastructure, hospitals, and banks.
DNS (Domain Name System) attacks are becoming more frequent and sophisticated. Omer Yoachimik, Product Manager of Cloudflare’s DDoS Protection, said, “DDoS attacks can take various forms, each with distinct methods and impacts. Indirect attacks target DNS infrastructure, disrupting the translation process from domain names to IP addresses. “The fact that DNS operates mostly over UDP makes it particularly hard to mitigate,” Yoachimik noted. UDP’s connectionless nature allows for easy spoofing, making it a lucrative attack vector for attackers.
The complexity of geopolitical cyberattacks
The intricacies of these attacks cannot be understated. With cyber insurance often excluding acts of war, organisations are left exposed. Morey explained, “Social engineering attacks can be challenging due to language differences. AI levels the playing field for attackers, making well-crafted emails harder to detect.” Varying regional regulations further complicate the landscape, allowing threat actors to exploit.
Adapting to diverse legal and regulatory environments across different regions is challenging. “Different regions have different regulations and laws, making it easier for threat actors to penetrate organisations,” Haber emphasised. The fragmented regulatory landscape often leaves organisations vulnerable to sophisticated attacks that exploit these discrepancies.
Organisations need a multi-layered defence strategy to combat these attacks. Yoachimik advised, “This includes deploying DNS security solutions that can handle large volumes of traffic and quickly identify and mitigate malicious queries.” Regular updates, redundancy through secondary DNS servers, and leveraging DNS over HTTPS (DoH) or DNS over TLS (DoT) are crucial.
“Using DNS reverse proxies can help distribute the load and reduce the impact of DNS queries on the primary DNS server,” Yoachimik added. Regular security audits, developing incident response plans, and raising organisational awareness are essential to a robust defence strategy.
Direct HTTP attacks often involve launching an HTTP GET flood against a website, targeting computationally expensive resources. Yoachimik provides an example, “An attacker might identify specific elements on Cloudflare’s website that require significant processing power to deliver, such as high-resolution images or complex scripts.”
In contrast, indirect attacks focus on DNS infrastructure. “For example, an attacker might target Cloudflare’s DNS servers with an NX domain flood, sending a barrage of queries for non-existent subdomains,” Yoachimik explains. This exhausts the DNS server’s resources, preventing it from responding to legitimate queries.
Examples of sophisticated indirect attacks include random prefix attacks, DNS laundering, and water torture attacks. Yoachimik described this as follows: “In this scenario, the attacker generates DNS queries with random prefixes, such as randomstring.cloudflare.com. These queries are sent through legitimate DNS resolvers like Google’s public DNS, making it difficult to block the attack without affecting legitimate traffic.”
The dynamic alliances and geopolitical shifts further complicate the cyber threat landscape. Countries not traditionally seen as targets are now experiencing increased cyber-attacks. For instance, the missile exchanges between Israel and Iran have resulted in cyber-attacks on related infrastructure in neighbouring countries. Additionally, the involvement of global powers like the US and UK in regional conflicts has made their assets in the region targets for cyber-attacks.
Building a Resilient Cybersecurity Posture
Collaboration is key. “Organisations should invest in cybersecurity training and awareness programs to educate employees about potential threats and best practices for mitigating risks,” added Haber. A resilient cybersecurity posture combines technology, processes, and people working to protect critical assets and data.
Investment in cybersecurity training cannot be overemphasised. Haber notes, “Building a resilient cybersecurity posture involves a combination of technology, processes, and people working together to protect critical assets and data. Training employees to recognise and respond to threats is critical to this strategy.”
Organisations must adopt a proactive approach to prepare for and respond to DNS DDoS attacks. Yoachimik suggests implementing multi-layered security, automated DDoS protection, and leveraging cloud-based DNS services.
“Using DNS reverse proxies and protocols like DoH or DoT can enhance security,” he adds. Regular security audits, developing incident response plans, and raising organisational awareness are essential to a robust defence strategy.
Addressing Cybersecurity Gaps
Despite the increasing threat, many organisations still treat cybersecurity as an afterthought. Haber said, “Security should be integrated into every aspect of the business, from product development to daily operations. Leadership commitment and investment in cybersecurity are essential.” Adopting a risk-based approach, prioritising critical assets, and implementing robust security controls are necessary.
Continuous assessment and improvement of security measures are vital to stay ahead of evolving threats. Bridging the talent gap in cybersecurity is also crucial. Morey advocates “investing in training and development programs to build a skilled cybersecurity workforce.” He adds, “Collaboration with educational institutions and industry partners can help create a pipeline of qualified cybersecurity professionals.”
The gap in talent and the rapid pace of technological change presents unique challenges. “We must ensure that our workforce has the latest knowledge and skills to handle evolving threats. This requires continuous education and a commitment to professional development,” Morey asserts.
Enhancing Preparedness
Organisations must expand their asset inventory to include all accounts and identities with access. Haber highlights, “Identity and account relationships are being targeted by threat actors. Use privileged access management solutions or better identity directory services to manage access.” Regular security assessments, penetration testing, and comprehensive security policies are essential for effective threat management.
Continuous monitoring and threat intelligence help organisations stay informed about emerging threats. “Investing in employee training and awareness programs is critical for building a security-conscious culture and reducing the risk of human error,” Morey adds. Proactive measures and a culture of vigilance are necessary to address the ever-evolving threat landscape.
The AI Battle in Cybersecurity
The AI arms race in cybersecurity is intensifying. “It is an AI battle, and we’re seeing it emerge. Deep fake videos have been used to extract money from banks,” says Morey. Defensive AI technologies, while advanced in detecting email attacks, still lag in handling phone calls, text messaging, and voice-based attacks.
“The rapid advancements in AI and machine learning have made it possible to create highly convincing fake audio and video, posing significant challenges for verification and authentication processes,” Morey elaborates.
Developing robust AI-driven detection and response systems is essential to mitigate these risks. “As threat actors continue to leverage AI to enhance their attacks, cybersecurity professionals will need to employ advanced AI and machine learning techniques to detect, prevent, and respond to these threats.”
The Future of Cybersecurity
Looking ahead, the future of cybersecurity lies in integrating security into operating systems and technologies from the outset. “The future of cybersecurity is not more layers but less. Security will be built into operating systems and technologies upfront,” Morey asserts. Biometrics and password-less technologies will make security user-friendly and efficient, reducing the need for multiple layers of protection.
Emerging technologies like blockchain and quantum computing will also play significant roles.
Blockchain can enhance transaction security and data integrity, while quantum computing promises to revolutionise encryption and decryption processes. However, these advancements bring new challenges that must be addressed through industry, academia, and government collaboration.
“We are already seeing trends where security is being integrated into the design and development of new technologies, making them inherently more secure,” Haber explains. This shift towards security by design will reduce the need for multiple layers of protection and simplify security management.
The cybersecurity landscape is evolving rapidly, with increasing activity, sophisticated attack methods, and a broader range of targets. Organisations must remain vigilant and proactive in their cybersecurity efforts to protect their assets and maintain operational continuity.
By adopting multi-layered defence strategies, investing in employee training, and leveraging advanced technologies, organisations can better prepare for and respond to the complex and ever-changing threat landscape.
Haber aptly states, “Building a resilient cybersecurity posture involves a combination of technology, processes, and people working together to protect critical assets and data.”
