With all of the malware attacks flying through the Internet on a daily basis, it can be difficult to see patterns which could potentially tell a deeper story. That’s why recent Security research offers a revealing look at how nation state hacking may be playing a very significant role in geopolitical conflicts around the world. What cybersecurity experts have discovered is that not all malware attacks are purely coincidental.
Malware attacks spiked in Turkey
Threat researchers at Comodo, a cybersecurity firm based in New Jersey, were monitoring network vulnerabilities last New Year’s Eve when they noticed the largest single spike in malware detections they had ever seen in Turkey.
Not long after that, news flashed around the globe of a major terrorist attack on an Istanbul nightclub that resulted in 39 deaths. According to subsequent news reports, the attackers were affiliated with the Islamic State (ISIS).
The Comodo Threat Research Labs are set up to monitor web-based threat activity on a 24/7 basis which, according to the company, translates into more than 100 million security incidents and 10 million potential pieces of malicious emails per day. This constant monitoring of global endpoints has allowed them to gather information into a database that contains more than 5 billion unique incidents. “With that much data, it’s hard to hide certain kinds of activity,” said Dr.
Kenneth Geers, a senior research scientist at Comodo who was interviewed specifically for this story. “I’ve got data from every country on the planet.”
What Geers and his colleagues have seen from a close analysis of that information is that when a particular nation stages a major attack or military move, it is often accompanied by a sharp rise in malware activity in the affected region.
As geopolitical events and nation state hacking rise around the world, computers themselves are becoming a weapon of choice.
When Israel launched a ground invasion on the Gaza strip in 2014, Geers and his team saw a concurrent spike in malware attacks. This has also been documented by Arbor Networks, who noticed an increase in denial-of-service (Internet blocking) attacks on the Palestinian State in the week preceding Israel’s move.
In the days following the Israeli invasion, the attacks shifted the other way against Israel.
Network disruption used as a weapon of war
Geers confirms that we are seeing a growing trend where nations will deploy malware attacks as part of their strategy involving a major global conflict. In this scenario, a strong attack on the Internet can distract other nations who might otherwise intervene to protect their interests. “If China wants to invade Taiwan, they could hit New York City with major malware attacks,” said Geers, thus distracting the U.S. government who conceivably might be more concerned with the impact of computer problems in the financial center of the country.
Malware itself has become such a common commodity that online sites in the Darknet (the anonymous Internet where criminals can buy hacking tools) offer potential buyers ratings and reviews to guide purchases.
Nations or terrorists can acquire what they need with little or no effort and exploits have become a major enterprise. Mark Loman, a security researcher for Sophos, delivered a presentation at the RSA cybersecurity conference in San Francisco last month that provided an analysis which showed how malware compile times corresponded neatly with business hours in Russia.
Comodo is planning to take a closer look at the kinds of malware that are being used in conjunction with the global threats they are seeing, especially among NATO countries. “Different kinds of malware are being used in different situations,” said Geers. As terrorist activity continues to expand around the world, he and his colleagues will likely become even busier in the years ahead.