Across the Cyber Divide: The New Face of International Espionage and Warfare
As the world shakes off the chill of winter and steps into the brisk vitality of spring 2023, the CNC Newsroom brings to the fore our latest edition, infused with the keen perspectives of Tim Dole, a notable figure in the realm of cyber expertise. In a time marked by global unease, we turn our attention to the shadowy trenches of cyber warfare, where digital skirmishes in the Middle East cast long shadows across our screens.
This discussion is set against the backdrop of a troubled world stage, where the dance of diplomacy and digital defence becomes ever more precarious in the wake of Cyber Awareness Month's 20th anniversary.
Amid the global chatter of statecraft, a dark undercurrent swirls—the relentless surge of cyber threats. Our shared digital airspace is clouded by the spectre of international conflict, as cyber arsenals grow more formidable and questions of international cyber regulation remain unanswered. With tensions simmering from the Middle East to the Ukraine crisis, there's a palpable dread for what the rest of 2023—and beyond—might unleash.
Featured in CNC on the 30th October 2023, the article sheds light on Boeing's current cybersecurity dilemma, with the aerospace titan confronting Lockbit ransomware's claim of stolen data. Under threat, Boeing has confirmed the breach, facing a ransom deadline of November 2 set by the hackers to prevent data disclosure. This alarming situation at Boeing is part of a broader pattern of cyber threats plaguing North American aviation, emphasising the dire need for fortified cyber defences.
Past attacks on entities like Air Canada, Delta, and American Airlines illustrate the persistent vulnerability within the industry. The rising sophistication of cyberattacks, as noted by CISA, necessitates a heightened industry-wide cybersecurity posture to prevent future incidents and protect the integral infrastructure of aviation.
During Australian Prime Minister Albanese's visit to the U.S., Microsoft announced a significant investment plan for Australia, committing A$5 billion to enhance cloud computing and AI capabilities. This marks the company's most substantial investment in Australia in 40 years, which will increase data centres in key cities and is expected to position Australia as a leading force in cloud computing by 2026. Alongside this, Microsoft is setting up the nation's first Data Centre Academy with TAFE NSW and expanding training programs to upskill 300,000 Australians for an AI-driven future.
In collaboration with the Australian Signals Directorate, Microsoft will develop the MACS initiative to strengthen cybersecurity. This partnership aims to create advanced defences against increasing cyber threats. Microsoft's investment is also part of a larger plan to achieve its 2030 environmental goals and to support the Australian government's aim to fill 1.2 million tech roles by 2030, reinforcing the country’s tech industry and economy against cyber threats.
On October 23, 2023, Cisco alerted users to a critical vulnerability in their software, discovered within the Web UI feature of the Cisco IOS XE software. Identified as CVE-2023-20198 and given the highest severity score of 10, this flaw could allow an attacker to gain full administrative rights and take control of affected routers. Cisco's Talos division reported the issue, initially detected through customer support inquiries, with incidents dating back to September 18.
Cisco recommends disabling the HTTP Server feature on devices connected to the internet as a temporary measure, as there is no patch available yet. The Cybersecurity and Infrastructure Security Agency (CISA) has issued similar advice. This vulnerability is particularly concerning because it allows attackers to create accounts on the compromised systems, gaining complete control. Cisco's findings indicate a potential pattern of targeted attacks, and experts advise vigilance for new or unexpected user accounts, which may indicate a breach. Qualys' Mayuresh Dani highlighted the risk to any internet-facing device using IOS XE with the web UI, estimating that around 40,000 devices could be exposed.
In the current landscape of Israel-Hamas tensions, the digital sphere has emerged as a critical battlefield alongside traditional conflict. Hacktivist groups like Anonymous Sudan have targeted Israeli infrastructure, with initial cyberattacks coinciding closely with the physical aggression from Hamas. As Israeli tech sectors, particularly startups, feel the war's impact, their resilience shines through, with cybersecurity proving vital to the nation's economic strength. With over 20,000 cybersecurity professionals, Israel's technological fortitude is evident, even as events like the Israeli Cyber Showcase are cancelled due to the conflict.
Amidst these digital skirmishes, the potential involvement of international state-backed groups adds complexity, hinting at a wider geopolitical cyber warfare narrative. This digital confrontation parallels the multifaceted nature of the 1967 Six-Day War, suggesting that cyber warfare could redefine future global conflicts, testing the adaptability of international policies and enterprises.
Elon Musk’s social media platform "X," formerly known as Twitter, finds itself at the centre of the Israeli-Palestinian conflict, as it grapples with allegations of spreading misinformation related to the crisis. The platform's commitment to free speech is challenged by the spread of manipulated content that has attracted widespread attention and concern, especially from European regulators. EU Commissioner Thierry Breton has highlighted the platform’s role in circulating potentially illegal content and has underscored the necessity of complying with the EU’s Digital Services Act, which mandates effective measures against misinformation. In response, Musk called for transparency and an open-source policy approach. In the past 48 hours, X has acted by removing Hamas-linked accounts and misinformation in accordance with EU guidelines, reflecting the urgent need for responsible digital governance amid the intensifying cyber dimensions of geopolitical conflicts.
Canada has joined the US and Europe in prohibiting Kaspersky and WeChat on government-issued mobile devices, citing significant privacy and security risks. Anita Anand, President of the Treasury Board, announced the immediate ban effective October 30th, referencing the apps' data collection practices which could compromise government information. This action aligns with steps taken by Western countries in response to cybersecurity concerns. In Europe, post-Ukraine invasion, Kaspersky faced heightened scrutiny, leading to bans in Germany, Lithuania, and Italy, fearing Russian exploitation of the software. Similarly, the US labelled Kaspersky a national security threat. The ban extends to TikTok in various countries, including EU institutions and the US, due to espionage concerns. While the Canadian public retains personal choice over app use, authorities advise caution.
The cyber breach at the International Criminal Court (ICC) on September 19, 2023, underscores the rising cyber-security threats facing global legal systems. This incident at The Hague, amid 17 serious investigations, illustrates the vulnerability of even the most secure justice institutions. Similar cyber-attacks have compromised state courts in Alaska, Georgia, and Texas, with Texas experiencing a significant ransomware attack. Russia's withdrawal from the Rome Statute amidst ICC investigations raises suspicions about its possible role in such cyber incidents. The Dutch National Cyber Security Centre is involved in the investigation, while the ICC's bar association president, Marie-Hélène Proulx, acknowledges the disruption to legal staff and advocates for swift resolution and strengthened security measures. ICC Prosecutor Karim Khan warns that cyber attacks could be investigated as war crimes, indicating a need for more robust defence mechanisms in legal institutions. This shift towards targeting legal entities in cyber warfare demands a reevaluation of security strategies to protect the pillars of international law and justice.