Cyberconflict and warfare

Conclusions on the UN Security Council’s open debate on cybersecurity

The UN Security Council held an open debate on cybersecurity as part of South Korea’s presidency for the month of June. The day-long debate centred on the evolving threat landscape in cyberspace, emphasising the need for digital advancements to be directed towards positive outcomes. During the ensuing debate, nearly 70 speakers shared national perspectives on the growing threats posed by rapidly evolving technologies wielded by state and non-state actors. 

UN Secretary-General António Guterres highlighted the rapid pace of digital breakthroughs, acknowledging their ability to unite people, disseminate information rapidly, and boost economies. However, he cautioned that the connectivity that fuels these benefits also exposes individuals, institutions, and nations to significant vulnerabilities. Guterres pointed to the alarming rise of ransomware attacks, which cost an estimated $1.1 billion in ransom payments last year. Nonetheless, he noted that the implications extended beyond financial costs to impact peace, security, and overall stability.

In response to these challenges, Guterres referenced the ‘New Agenda for Peace,’ which calls for concerted efforts by states to prevent conflicts from escalating in cyberspace. He stressed the importance of upholding the rule of law in the digital realm and highlighted ongoing discussions among member states regarding a new cybercrime treaty. Recognising the interconnectedness of cyberspace with global peace and security, he urged the Security Council to incorporate cyber-related considerations into its agenda.

Stéphane Duguin, CEO of the CyberPeace Institute, briefed the council, offering valuable insights into recent cyberattacks, including the ‘AcidRain’ incident affecting Ukraine and cybercriminal activities linked to the Democratic People’s Republic of Korea. Duguin emphasised the necessity of attributing cyberattacks to perpetrators to facilitate de-escalation efforts. In turn, Nnenna Ifeanyi-Ajufo, an expert in Law and Technology, highlighted the misuse of cyber technology by terrorist groups in Africa and the risks posed by states infringing on human rights under the guise of cybersecurity. She called for enhanced mechanisms to understand the cyber threat landscape across different regions.

In deliberating the Council’s role in the cyber domain, some representatives advocated for inclusive processes within the UN, particularly under the General Assembly, to establish equitable arrangements in addressing cyber threats. Others urged the Security Council to take a more active role. Several speakers stressed the Council’s potential to lead in building a secure cyberspace, bridging with existing UN efforts in cybersecurity and ensuring Global South perspectives are considered at every step of the process.

In contrast, the representative from Russia highlighted a lack of clarity in determining which malicious digital technology use could threaten international peace and security. In this regard, Russia criticised the West for attributing cyberattacks to what they called ‘inconvenient countries.’ Moreover, the representative opposed the Council’s involvement in this matter, stating that such a move would exclude states not part of the Council from the discussion.

Why does it matter?

Highlighting the urgency of addressing cyber threats, representatives stressed the need for the Council to facilitate dialogue and support capacity-building efforts, especially in developing countries lacking the resources and expertise to combat cyber threats. 

The discussions highlighted the critical need for proactive measures to address cyber threats, promote cybersecurity, and safeguard global peace and stability in an increasingly interconnected digital landscape.

Biden administration bans Kaspersky software sales and sanctions the company’s executives

The Biden administration is set to ban the sale of Kaspersky’s products in the US, citing national security concerns over the firm’s ties to the Russian government. The ban is aimed at mitigating the risks of Russian cyberattacks, as the renowned software’s privileged access to computer systems could allow it to steal sensitive information or install malware. The new rule, which leverages powers created during the Trump administration, will also add Kaspersky to a trade restriction list, barring US suppliers from selling to the company.

These restrictions, effective from 29 September, will halt new US business for Kaspersky 30 days after the announcement and prohibit downloads, resales, and licensing of the product. The decision follows a long history of regulatory scrutiny, including a 2017 Department of Homeland Security ban on Kaspersky products from federal networks due to alleged ties with Russian intelligence. Efforts by Kaspersky to propose mitigating measures were deemed insufficient to address these risks.

Furthermore, the U.S. Treasury Department sanctioned twelve executives and senior leaders from Kaspersky on Friday, marking another punitive measure against the cybersecurity company. The Office of Foreign Assets Control (OFAC) targeted the company’s chief operating officer, top legal counsel, head of human resources, and leader of research and development, among others. However, the company itself, its parent and subsidiary companies, and its CEO, Eugene Kaspersky, were not sanctioned.

This action follows a final determination by the Commerce Department to ban the Moscow-based company from operating in the U.S., citing national security risks and concerns about threats to critical infrastructure.

Why does it matter?

Another reaction from the authorities stresses the administration’s strategy to counter potential cyber threats amid the ongoing conflict in Ukraine. And while the impact of the entity blacklisting on Kaspersky’s operations remains to be seen, it appears now that it could significantly affect the company’s supply chain and reputation. Kaspersky, which operates in over 200 countries, has previously denied all accusations and, in response to these restrictive measures, has been operating a networks of Transparency Centers under its Global Transparency Initiative (GTI) where the company provides its source code for an external examination.

Ransomeware group involved in cyberattack to London hospitals declares political motives

A ransomware group known as Qilin has recently come under fire for its involvement in a cyberattack that caused significant disruptions at London hospitals. In a surprising turn of events, the group expressed remorse for the harm caused by the attack but vehemently denied any responsibility. Instead, the group framed the incident as a form of political protest. The group engaged in a conversation with the BBC via an encrypted chat service, qTox, where they attempted to justify their actions as a retaliatory measure against the UK government’s involvement in an unspecified war.

Despite Qilin’s claims of seeking revenge, cybersecurity experts, including Jen Ellis from the Ransomware Task Force, remain skeptical of the group’s motives, explaining cyber gangs often lie. Above all, she emphasises that the consequences of the attack carry more weight than understanding the reasons behind the attack. The cyberattack resulted in the postponement of more than 1,000 operations and appointments, prompting the healthcare system to declare a critical incident. The disruption caused by the attack has raised serious concerns about the vulnerability of critical infrastructure to malicious cyber activities in the country.

Qilin, believed to be operating from Russia, has refrained from disclosing specific details about its location or political affiliations. The lack of transparency has added to the complexity of the situation, as authorities and cybersecurity experts work to understand the group’s objectives and the potential future attack vectors. This represents the group’s first declaration of a political motivation behind their cyber intrusions. Qilin has been under observation since 2022, during which time it has executed targeted attacks at educational establishments, medical facilities, corporations, governmental bodies, and healthcare organisations.

Why does it matter?

The aftermath of the cyberattack demonstrates the urgent need for cybersecurity  preparedness within critical sectors such as healthcare. As organisations strive to recover from such incidents, the focus remains on safeguarding sensitive data, restoring disrupted services, and preventing future attacks. The evolving nature of cybercrime, as seen with groups like Qilin, shows the ongoing challenges faced by cybersecurity professionals in protecting critical infrastructure from malicious actors.

Chinese scientists develop world’s first AI military commander

China’s AI military commander substitutes for human military leaders in simulated war games hosted by the Joint Operations College of the National Defence University, amidst growing tensions with the US over the use of militarised AI in combat. The bots, the first of their kind, are completely automated, possess the perception and reasoning skills of human military leaders, and are learning at an exponential rate. They have also been programmed to illustrate the weaknesses of some of the country’s most celebrated military leaders such as General Peng Dehuai, and General Lin Biao. 

The AI arms race between the two countries can be likened to the chicken and egg analogy, in that both countries have expressed interest in regulating the use of these unmanned implements on the battlefield; yet, there are increasing media coverage of either on-going experiments or caged prototypes in both countries. These include the rifle-toting robot dogs, and surveillance and attack drones, some of which reportedly have already been used in battlefields in Gaza and in the Ukraine. The situation renders international rule-making in the space increasingly difficult, particularly as other players, such as NATO seek to ramp up investments in tech-driven defence systems. 

NATO to upgrade defence capabilities with cutting-edge technologies

In a bid to innovate in the area of defence, with the aim to replace the now old-school armoury, selected tech companies have received funds to begin work on upgrading key components of NATO’s defence system. Recipients include the British-based Fractile and German ARX Robotics, as well as a computer chip manufacturer and a robot designer.

Others include startups such as iCOMAT and Space Forge, which are companies that operate in the manufacturing space arena. This signals the first outlay of the €1.1 billion NATO Innovation Fund (NIF), which is slated to increase given partnerships with venture capitalists like Space Ventures, Squared Ventures, OTB Ventures and Join Capital. The project seeks access to key technologies to ensure a safe and secure future on the European continent.

Cisco to open cybersecurity centre in Taiwan

Cisco announced plans on Monday to establish a cybersecurity centre in Taiwan, collaborating with the government to bolster the workforce in this critical sector. The initiative comes as part of Cisco’s Taiwan Digital Acceleration Plan 3.0, aimed at addressing the global talent shortage in cybersecurity and enhancing the island’s digital infrastructure.

Taiwan, a democratically governed territory claimed by China, has faced numerous cyberattacks attributed to Beijing, targeting government officials and tech firms. Although China denies these accusations, the frequency and sophistication of such attacks have prompted significant concern. Cisco’s initiative includes partnering with tech associations to develop a security centre in Taiwan, focusing on improving threat intelligence and cyber readiness.

Guy Diedrich, Cisco’s global innovation officer, emphasised the company’s commitment to Taiwan, highlighting the flexible nature of the digital acceleration program, which encompasses areas such as AI in transport and sustainability operations at Kaohsiung port. While Diedrich did not disclose specific investment amounts, he affirmed that the program allows ongoing investment opportunities.

The launch event, attended by Taiwan’s Vice President Hsiao Bi-khim, underscored the strong partnership between Cisco and Taiwan. Vice President Hsiao expressed gratitude for Cisco’s sustained support and looked forward to potential future investments under the program.

US lawmakers press Microsoft president on China links and cyber breaches

At Thursday’s House of Representatives Homeland Security panel, Microsoft President Brad Smith addressed tough questions about the tech giant’s security measures and connections to China. The scrutiny follows a significant breach last summer when China-linked hackers accessed 60,000 US State Department emails by infiltrating Microsoft’s systems. Additionally, earlier this year, Russia-linked cybercriminals spied on emails of Microsoft’s senior staff, further intensifying concerns.

Lawmakers criticised Microsoft for failing to prevent these cyberattacks, which exposed federal networks to significant risk. They highlighted a report by the Cyber Safety Review Board (CSRB) that condemned Microsoft for lack of transparency regarding the China hack, labelling it preventable. Smith acknowledged the report’s findings and stated that Microsoft acted on most of its recommendations. He emphasised the growing threat posed by nations like China, Russia, North Korea, and Iran, which are increasingly sophisticated and aggressive in their cyberattacks.

During the hearing, Smith defended Microsoft’s role, saying that the US State Department’s discovery of the hack demonstrated the collaborative nature of cybersecurity. However, Congressman Bennie Thompson expressed dissatisfaction, stressing that Microsoft is responsible for detecting such breaches. Given its substantial investments there, panel members also inquired about Microsoft’s operations in China. Smith noted that the company earns around 1.5% of its revenue from China and is working to reduce its engineering presence in the country.

Despite facing significant criticism over the past year, some panel members, including Republican Congresswoman Marjorie Taylor Greene, commended Smith for accepting responsibility. In response to the CSRB’s findings, Microsoft has pledged to prioritise security above all else, launching a new cybersecurity initiative in November to bolster its defences and ensure greater transparency moving forward.

Surge in cyberattacks hits Switzerland ahead of Ukraine peace summit, authorities report

Switzerland is facing a significant rise in cyberattacks and disinformation campaigns ahead of this weekend’s summit, where representatives from 90 countries will convene to discuss the resolution of the Ukraine conflict. During a press briefing on Monday, Swiss President Viola Amherd mentioned the recent spike in cyber assaults but refrained from providing specific details. Foreign Minister Ignazio Cassis underscored the evident intention to disrupt the impending peace negotiations.

While refraining from directly attributing the incidents to any particular nation, Swiss officials have hinted at Russia as a probable suspect, given its exclusion from the summit and vocal criticism of the event’s validity, based on President Volodymyr Zelensky’s peace proposals.

The summit will take place near Lucerne and will draw participants from various regions, including Europe, the Americas, Africa, the Middle East, and Asia. In anticipation of potential threats, the Swiss National Cyber Security Centre (NCSC) has urged local organisations to bolster their security measures. Emphasising the vulnerability of large-scale international events to cyberattacks, the NCSC plans to establish an emergency centre for technical analysis and communication support. Additionally, Swiss authorities plan to deploy nearly 4,000 military personnel to ensure event security, including air transportation and surveillance support.

Despite ongoing tensions, Switzerland has refrained from expelling Russian diplomats, a measure undertaken by other European nations and the US in response to Russia’s actions in Ukraine. Swiss intelligence suggests that a significant portion of Russian diplomats may engage in intelligence activities.

Apple refuses bug bounty to Kaspersky researchers despite iPhone spy vulnerabilities disclosure

Apple has declined to award a bug bounty to Kaspersky, the cybersecurity company, after disclosing four zero-day vulnerabilities in iPhone software. These vulnerabilities were reportedly exploited to spy on Kaspersky employees and diplomats from Russia. A spokesperson for Kaspersky stated that their research team believed their findings were eligible for Apple’s Bug Bounty rewards. However, upon inquiry, they received a decline from Apple’s Security team, citing the company’s policy.

Bug bounties serve as incentives for researchers to disclose vulnerabilities to companies, rather than selling them to malicious actors. Kaspersky’s disclosure last year revealed a highly sophisticated spying campaign dubbed ‘Operation Triangulation.’ Eugene Kaspersky, the company’s CEO, described it as ‘an extremely complex, professionally targeted cyberattack’ affecting several dozen iPhones of top and middle-management employees.

The campaign, suspected to be state-sponsored due to its sophistication and intelligence-focused targeting, utilised 13 separate bullet points in its attack chain. Simultaneously, Russia’s Federal Security Service (FSB) accused the United States and Apple of collaborating to spy on Russian diplomats.

The FSB’s allegations aligned with Russia’s computer security agency’s claim that both campaigns shared the same indicators of compromise. A critical concern was a vulnerability known as CVE-2023-38606, which affected an unusual hardware feature unused by iOS firmware. Kaspersky suggested it may have been included in the iPhone operating system mistakenly or for debugging purposes. Apple refuted claims of collaboration with any government to insert backdoors into its products, emphasising its commitment to user privacy and security.

Dutch authorities reveal extensive Chinese cyber-espionage operation

The Dutch military intelligence and security service (MIVD) has raised alarms over a global Chinese cyber-espionage campaign, that successfully targeted ‘a significant number of victims’, including Western governments, international organisations and the defense industry. The Netherlands’ National Cyber Security Centre (NCSC) provided the details of this operation in the warning sharing how state-sponsored hackers exploited a vulnerability in FortiGate devices for ‘at least two months before Fortinet announced the vulnerability.’

This vulnerability, identified as CVE-2022-42475, was leveraged during a ‘zero-day period’ to compromise around 14,000 devices in Netherlands. In particular, the warning says that the had successfully breached the internal computer network of the Dutch Ministry of Defence. After gaining access, the hackers deployed a remote access trojan (RAT) named COATHANGER to perform reconnaissance and exfiltrate user account information from the Active Directory server. It, however, remains unclear how many of these systems were infected with the COATHANGER malware. The MIVD warned that identifying and removing these infections is particularly challenging.

“The NCSC and the Dutch intelligence services therefore state that it is likely that the state actor still has access to systems of a significant number of victims,” the report cautioned, emphasizing the ongoing threat posed by this extensive cyber-espionage campaign.