Security Experts:

Connect with us

Hi, what are you looking for?



Guerilla Cyber Warfare: Are We Thinking Defensively?

Thinking Beyond Traditional Cyber Attacks: Are We Prepared for the Boom of Internet Connected Devices?

Thinking Beyond Traditional Cyber Attacks: Are We Prepared for the Boom of Internet Connected Devices?

While U.S. military experts state that cyber warfare will never become its own domain—rather, cyber is a complement the existing ground, sea, or air capabilities of any nation—there is the potential for developing nations to use cyber force as an equalizer. A developing nation, one that lacks the resources of a powerful army, could mount a very credible yet comparably inexpensive cyber attack against just about anyone in the world. Consider North Korea.

Embedded Device SecurityThis week the Washington Post reported that 30 million customers of the Nonghyup agricultural bank in South Korea were unable to use ATMs or online services for several days after half of the servers for the bank crashed one day last April. Digital forensics pointed to servers in China known to be associated with North Korea.

If such a sophisticated plot seems beyond North Korea’s capabilities, in recent years an alleged North Korean spy tried to obtain confidential records of the Seoul railway system. The railway uses the same PLC industrial software that was targeted by Stuxnet, a worm that damaged nuclear centri­fuges in Iran in 2010. And in 2009, someone from North Korea penetrated the South Korean military network in an attempt to obtain the locations of toxic chemical manufacturers, according to the Washington Post.

The two Koreas provide a classic study. South Korea has high-speed Internet access reaching ninety-five percent of its citizenry — the highest rate of any nation today. With this national emphasis on connectivity, South Koreans typical store their medical records digitally as well as bank and shop online. This makes there networks more vulnerable to attacks: there are personal assets associated with those networks.

By contrast North Korea has very little Internet connectivity, and is therefore not as vulnerable to outside online attacks. Who would attack North Korea’s Internet? By strongly restricting who has access to the Internet, North Korea can focus its limited resources on a few universities that may be the launch point for the recent cyber attacks, currently focused on their neighbor and rival South Korea but someday could be used on countries in the West. Generically, these are called asymmetric threats, in which David is virtually equal to Goliath.

Something similar is happening with Iran. This week F-Secure and other sites reported that someone in Iran created a digital certificate through the Dutch certificate authority Diginotar for * properties. This would include (Gmail), (Google Docs), and (Google Plus). As the F-Secure blog points out, a nation or very large ISP would have to direct all its Google traffic through this particular certificate authority. While this would affect only users within Iran, it nonetheless is much simpler solution than creating a vast spy network to eavesdrop on the email of millions of people. The work of a few criminal hackers could equal the resources of a vast agency.

But shutting down bank services or forging a certificate authority is just the beginning. The United States and other nations have traditionally focused on threats from land, sea, and air—countries without those resources were considered less of a threat. But with cyber resources increasingly making all things virtually equal, the threat to our infrastructure could now come from anywhere. Are we thinking outside the box yet?

Cyber WarWith the active implementation of IPv6, just about every gadget in the universe will have its own IP address. This will increase our dependence on these new gadgets many fold. Except device manufacturers aren’t yet thinking defensively. They’re not thinking about North Korea or Iran attacking their specific gadget—they’re only thinking about next generation’s new product features.

The PC-based security industry is pretty-well equipped to deflect Denial of Service (DoS) attacks, to detect malware, and to keep networks open by distributing loads and diversifying the location of data (think the Cloud). But the device manufacturers who are increasingly linking to the Internet, and who will soon have no excuse not to connect once all the addresses in IPv6 becomes widely available, aren’t really prepared. Instead of just stopping our ATM or online payment services for a few days or reading our Gmail, or even shutting down parts of the electrical grid, someone could just as easily remotely tinker with a medical device, crash our digital TVs, or even muck around with the antilock brake system on our new cars. A DoS on a medical device or a speeding car could cost lives.

Protecting these devices from the start and protecting them at the chip level needs to be a priority. But do we really need a full-scale cyber attack to make that so?

Learn More in the Smart Device Security Resource Center

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.