In the past year, we have been following many regional and internal conflicts and tracking the effect they have on the cyber realm. Cyber-attacks have been added to the arsenal of these conflicts a long time ago, and we have seen this trend rising in the past year. Attacks are carried out by all sides in the struggles, when both hacktivists and nation-backed actors participate in the war.
We have seen the significance cyber-attacks hold in the Syrian civil-war, in the Indian-Pakistani conflict, in the Arab-Israeli conflict, conflicts in South-East Asia and just recently in the Ukrainian uprisings. In all of the cases, many threat actors have tried to use cyber-attacks in order to achieve their top-most objectives – denial of service or “blackouts” of communications; embarrassment and damaging of reputation by defacements and data leaks; theft and even destruction of sensitive data.
What caught our eye in all these cases are the impacts these conflicts have on foreign entities caught in the way. In many cases we have seen foreign, mostly western organizations residing in those Geo-Political areas, being targeted by the same means and objectives. The most targeted sectors are the government diplomatic corps (including embassies), banks and financial institutions, IT and industry. Attackers participating in internal cyber-wars consider these targets as having a high-profile and see them as valuable for gaining reputation, “paybacks” and training, alongside more political and nationalistic objectives.
Organizations operating in conflict zone should consider themselves as viable targets for hacktivists, sensationalists and nation-backed actors and understand that they are likely to be targeted. In some cases the attacks are merely ricochets from the war but we have seen many direct attacks on foreign entities.