Nation-state cyberattacks see huge rise in 2020

representational image of a cloud firewall
(Image credit: Pixabay)

The world is edging closer to the brink of a fully-fledged, all-out global cyberwar, a new report from HP has warned. 

The company found that there had been a 100% rise in ‘significant’ nation-state incidents between 2017-2020. In almost half (40%) of the incidents analyzed, the damage was done in both cyber, and physical plains, something the paper describes as “hybridization”. For example, a cyberattack against an energy plant also has consequences in the physical world.

Most of the time, nation-state attackers are going after enterprises (35%), but cyber defense (25%), media and communications (14%), government bodies and regulators (12%), and critical infrastructure (10%) are popular targets, as well.

HP examined more than 200 cybersecurity incidents associated with nation-state activity since 2009 for the report, teaming up with Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, who also polled 50 IT security practitioners and acquired first-hand intelligence from informants across the dark web. 

“Nation-states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence gathering capabilities, and military strength through espionage, disruption, and theft,” Dr. McGuire said.

“Attempts to obtain IP data on vaccines and cyberattacks against software supply chains demonstrate the lengths to which nation-states are prepared to go to achieve their strategic goals.”

Nation-states are actively involved in dark web activities, as well, the report states, claiming that they often acquire tools from the black market, as well as place their own for others to use. For example, the Eternal Blue exploit, which was used in the WannaCry incident from 2017, was built by state-sponsored actors. 

Simple tools and treaties

Also, while many would think state-sponsored actors would only use advanced, state-of-the-art tools, the reality is somewhat different - 50% of the tools used were low-budget, straightforward ones that are easy to obtain on the darknet.

While surveillance and eavesdropping is the most common goal, attackers are also often looking to enable network incursion and positioning, to do some damage, or to steal data. 

To de-escalate the tensions, the report believes the world needs a cyber peace treaty. 

“Any prospect of a cyber-treaty will depend on two key factors: scope and consensus,” comments Dr. McGuire. “Any treaty would need to specify the parties included, the range of jurisdictions involved, and the activity it would cover. Nation-states also need to agree on the principles that would shape any cyber-treaty, such as weapons limitation. But these factors can be hard to define and achieve – just look at the recent proposal for a cybercrime treaty put to the UN. While the proposal did pass, 60 members voted against it and 33 abstained. A lack of international consensus would make any cyber-treaty unlikely to succeed.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.