Cybersecurity: why is everybody talking about it?

Since the breakout of war between Russia and Ukraine, there has been much talk of a second "invisible front line", regarding cybersecurity. But what exactly is a hybrid threat? The concept of a threat and more generally of warfare is described as "hybrid" when traditional physical approaches are combined with cyberattacks. This does not mean that every cyberattack should be considered an act of war, but certainly when we encounter situations where state actors are involved (state-sponsored attacks), there is a distinct possibility. The key is this: associating cyberattacks with specific parties and physical (conventional) actions perpetrated by them. We now know that there are tens of different groups that can be traced to national governments (including Russia and Ukraine), which carry out cyberattacks on their orders.

What can we take away from the situation in Ukraine? Recent attacks suffered by government institutions in Ukraine are only the latest in a long line of attacks experienced by the ex-soviet state. In 2015, the Ukrainian electricity grid was targeted causing a prolonged blackout, and in 2017 banks and transport companies were also struck. Aside from political responsibilities (almost never officially recognised by the attacker), there is a fact that brings analysis back to basic factors: the infection often occurs through a very normal email. Email is one of the main vectors for a cyberattack on a single user or organisation, as are common USB pens.

Some examples. An important case study is the Stuxnet virus, which infected numerous systems between the end of 2009 and 2010, including the Natanz nuclear power station in Iran, and perhaps represented the first case of cyberwarfare. Specifically, the attack was perpetrated with a USB device (probably a USB pen) connected by an employee at the plant. When it is not possible to gain external access, the attacker must find a way to achieve their objective using a strategy based on:

* exploitation of weaknesses of the end user, such as the curiosity to see what is on the USB pen or perhaps a lack of awareness of the risks involved in using it;

* social engineering (a form of psychological attack, in which the criminal attempts to obtain useful information about potential victims to make their criminal activity more effective): to understand how to reach the user and make them an unknowing accomplice.

Ransomware as a service. Another very notable case study is Wannacry, the ransomware (a specific type of malicious code or malware used to extract a ransom), which in 2017 infected tens of thousands of PCs all around the world (including some very important companies). This type of threat has been growing exponentially in the last two years as it is potentially profitable for criminals, so much so that the phrase "ransomware as a service" has been coined. What does this mean? Criminal organisations purchase the attack like a service, aware that once carried out, a significant ransom can be demanded. Victims are almost always willing to pay to have their data back, which has been encrypted by the infection.

Recent figures (Clusit report 2022). While 2020 was the worst year in terms of evolution of cyberthreats and related impacts, with the number of attacks increasing, along with their severity and damaging consequences, this negative trend continued strongly in 2021 as well. From a quantitative perspective, comparing 2018 figures with 2021 figures, the growth in serious attacks was almost 32% (from 1,554 a 2,049). In 2021, of the various attack techniques, the category with the highest numbers was certainly Malware (+9.7%), representing 41% of the total. The category for Unknown techniques came in at second place, with an increase of 16.4% on 2020, exceeding the category Vulnerabilities (which saw a worrying +60% increase) and Phishing/Social Engineering (down by -32.1%), while the category Multiple Techniques rose +19.8%. Compared to the total for the sample, serious attacks aimed at Distributed Denial of Service fell by 8.8%, as did those carried out via Identity Theft/Account Hacking (-15.6%).

Fake news: an unconventional new weapon. The growth in new tools for mass communications and the process of digitalisation have made it easier to communicate, sometimes with very damaging consequences, not only for the quality of information but also its truthfulness. In the past, propaganda was used to influence the masses. Today, it is facilitated by social networks and often with the unwitting help of the public themselves, who fuel the dissemination of content.

A new NATO domain: cyberspace. This situation has prompted leading international organisations to consider a series of factors, because it has created a new area of threat. A new domain, to be precise. Quite recently, NATO has added cyberspace to the four traditional domains (air, land, sea and space), precisely because of the significant increase in cyberattacks involving the North Atlantic Alliance both as attacker and target. In particular:

* the Wales summit in 2014 saw inclusion for the first time of the possibility to trigger the collective defence clause of article 5 also for cyberattacks, although subject to a case-by-case assessment.

* at the Warsaw summit in 2016, cyberspace was elevated to an operational domain, alongside air, land and sea, and the Cyber Defence Pledge was signed with the aim of committing all members to increase defence capabilities of infrastructure and national networks, as well as to improve resilience against cyberattacks. The Joint Intelligence and Security Division was also established, to improve NATO's capability to utilize a vast pool of intelligence and situational-awareness resources.