Cyberwarfare is ultimately more cost-effective than terrorist attacks in intimidating a population or forcing governments to act. Longtime cybersecurity expert Nadir Izrael says we should brace for more cyberattacks in the near future.
Izrael, a former member of Unit 8200, Israel's equivalent of the American National Security Agency, was a Google Software engineer working on Google Maps. Approximately seven years ago, he co-founded Armis, mapping all organizations' assets to mitigate cybersecurity risks better.
"Armis is a technology meant to provide you with complete visibility and management capabilities for every single asset and device. It's like Google Maps of the organization," Izrael told me.
He praised Google Maps for giving context to any object you are looking for – if you search for, let's say, a coffee shop, Google Maps will tell you which one is closest to you, how to get there, does it have good ratings, what does it sell, and more.
"We strive to give a similar experience - it's not just about detecting everything within the environment, but also providing that rich context and the ability to understand the full breadth and depth of what you need to know about these assets and be able to ask questions about that map. Detecting the unknown is a huge piece of that," Izrael said.
He believes that every organization is a target these days, especially given the current geopolitical climate, and urges us to brace for more cyberattacks in the years to come.
What organizations have the biggest difficulty mapping their devices?
Healthcare and hospitals, in general, are uniquely vulnerable because they have a combination of immature security controls in the first place and many specialized devices and environments, and they are highly targeted. There's a reason we are seeing hospitals and healthcare networks left and right getting ransomware regularly. These are crucial businesses that need to run, and there's a lot of motivation to pay a ransom. It has become a very lucrative target.
Also, critical infrastructure. I don't blame them for being in the state that they are. If you look at utilities, power companies, and oil pipelines, those are environments that have things in them that are 40-50 years old where the guy who learned from the guy who learned from the guy who put that in is already gone. There are a lot of gaps in understanding what exactly is going on in those environments, and it's a highly vulnerable environment that's only recently been connected online for all the reasons we know. They are high above the list of targets, especially with the current geopolitical situation.
According to the latest Radware’s report highlighting that DDoS attacks are up by 203%, no organization in the world is safe from cyber retaliation at this time. Given the current geopolitical situation, do you reckon everyone’s a target?
There's a geopolitical element to this, and there's more like a macro-level cybersecurity element. First of all, I think if anyone has a perception that things we see happening, let's say, in Lithuania, or other places, can't or won't happen in the US or the West in general, they are mistaken. I think about events that occur in different places as weapon tests. Things are being shaped as tools to be used elsewhere.
There's also an element that we are all cognizant of. Over the last couple of years, a lot of the so-called cyberwarfare has been above ground and above board. Before, it was all very cloak-and-dagger, things that all operated under the surface.
Today, we are seeing things happening above the board all the time. There's a reason for that boldness. It's the future way of cost-effective warfare in the 2020s. Until now, terrorism was a pretty cheap asymmetric form of warfare, where you don't have to pay a lot to create it, but the other side needs to spend a lot on defense. Cyberwarfare is that on steroids.
Initiating a cyberattack is very cheap, and you can do it halfway across the world with no risk to people in the process, minimal logistics, and you don't need to carry out anything complex. The know-how exists, and there are a lot of motivated groups who would do that very cheaply.
On the other hand, as a defender, you need to constantly defend against an onslaught of these things.
Are we all on the frontline? The answer is, and I don't want to sound too doom and gloomy, but the answer is yes. We are not quite accustomed to cyberwarfare being a legitimate tool that a country can use, but the reality is that everybody is on the frontline. I guess the more critical you are from an infrastructure standpoint, the more likely this is the case. Every organization should think very carefully about its cybersecurity posture.
We were all used to thinking about warfare as something countries should protect us from. You expect your government to protect you from terrorism and your borders from invaders. In this particular cyberwar landscape, it's not the case. It's impractical. We all need to do our part, and organizations need to up their game.
Until a few years ago, the prevailing strategy of every organization, every CISO I knew, was, "look, if a nation-state is out there to get me, they are going to get me. So I'm protecting against criminals, against cybercrime." These days, you need to take into account that a nation-state could be targetting you, either directly or indirectly, to get your clients or a myriad of other things in between.
Will sanctions against Russia and crypto winter cause some shifts in the ransomware landscape? Has anything changed because of that?
Not noticeably, as far as I can tell. It's not that this strategy couldn't potentially work in the future. In general, this is another parallel to the world of terrorism. I think, the way to fight these things is economical – cut off the funding, and then things die out.
It's an excellent strategy to attack that, but realistically, when we are talking about criminals, they can usually get their hands on currency outside the realm of the normal system. The reality is that I don't think that this will be very effective, especially when you are dealing with countries that aren't part of the solution but part of the problem. Realistically, none of the changes in the crypto market and sanctions are very effective.
I would say that part of the reason we see a spillover of cyberwarfare is because the sanctions are effective, but they are almost the only weapon the West can use, and it's already used.
Cyberwarfare is a good way to, let's say, annoy the country or the public enough to change foreign policy. When people think of cyberwarfare, they usually think about taking down powerplants or killing people, but the reality is, imagine the world where three days out of a week, your Netflix is down or your cell service is down. How long would it take until people in the US say, 'why are we even involved in this? Why even do anything to Russia? Let's back off and let everything go.' It's easier to sway public opinion than people think. Sanctions are an effective weapon, but we must understand that they only provide cheaper alternatives to warfare.
Well, you probably wouldn't sway Russians’ opinions by taking their streaming services down, would you?
I'm not saying I have a better strategy. All I'm saying is it would be naive of us to think that there won't be repercussions of this around the cyberwarfare realm. Part of the reason why we do not see quite the onslaught yet is that the Ukraine conflict is still ongoing. The reality is that there's still a way to hurt Russia as long as this conflict is ongoing. Once it's not, Russia is going to take a look at this and say, 'ok, what they are going to do, double sanction me?' There will be a high motivation to apply everything to the cyber landscape.
The way to change something is to reach the public that could push for some changes?
Yes, but if I'm putting my pragmatic, realistic hat on. I think it's challenging to do that unless you are doing it over a long period. Mostly, what we need to do actionably, is brace ourselves for a significant uptick in cyberwarfare activity over the next few years for lots of reasons.
Will we see big cyberattacks? When it comes to DDoS, it can cause chaos but it might not be that devastating. Will we witness something more serious?
Historically, nation-states that have the most powerful tools to operate and have the ability to make persistent threats and get into some of the most sophisticated environments have been doing this for intelligence gathering. There's been a significant shift in preparing infrastructure for any attack. Given that it's very easy to attribute that to independent groups instead of the country itself, it has become very effective weaponry.
Ransomware, we've already come across it in the past, is just a mask. It's not ransomware. It's some wiper or something else masked as ransomware just to make it feel that it's a criminal operation, not a nation-state one.
Ultimately, when it comes to cyberwarfare, there are three kinds of attacks. Putting aside intelligence gathering, one is to disrupt operations, take something down and cause damage, steal information that might be valuable, and also wipe and destroy. No matter what form this takes, the reality is that those three things are still the things that matter at the end of the day.
Historically, just a few years back during pre-all the ransomware surge, people were only concerned about protecting the most valuable data. These days, though, everything is fair game. Operation disruption can be as lucrative from the aggressor's perspective as anything else. Ransomware is a super cheap and a highly effective weapon, but will we see more targeted specific weapons deployed? Absolutely. There's no reason not to.
More from Cybernews:
Subscribe to our newsletter