Sadly, the arms race has changed in the last decade and the offensive digital capabilities of countries and some organized crime groups have strengthened. It no longer only focuses on developing weapons and drones with technologies such as artificial intelligence, but cyber attacks have been organized and promoted with the joint work of cyber militaries, hacker groups and cybersecurity companies to affect institutions in various countries. The battle in cyberspace is not seen in the public eye until an attack is carried out, and that makes it a much more complex situation.
One of the first cyber attacks between countries, which have been publicly known, and which resulted in irreversible damage to critical infrastructure, was the so-called Stuxnet in 2010, which is attributed to cooperation between the American and Israeli governments against of the Iranian government for its nuclear policy. In this attack, a piece of code was installed in the PLCs of a SIEMENS SCADA system, in order to modify the behavior of a cooling module of the nuclear plant.
However, from the first record of cyber warfare in 2011 in the Syrian civil war to the war between Ukraine and Russia we have seen a clear upward trend to a level that security researchers have not seen in previous conflicts.
Since last October 6, hacker activity has also been recorded prior to the start of the Israel - Hamas conflict, which was detonated after the ground attack in southern Israel. Less than an hour after Hamas launched rockets into Israel, more cyberattacks were recorded; to the “Red Alert” mobile alert application that warns Israeli civilians of missile attacks, to the Israel Electric Corporation, to a donation website and to the Jerusalem Post newspaper. A group of hackers also claims to have attempted to attack Israel's air defense system called "Iron Dome". These cyberattacks come from hacker groups related to the Hamas cause that are located in other countries such as Russia and Iran.
Image source: https://blog.cloudflare.com/internet-traffic-patterns-in-israel-and-palestine-following-the-october-2023-attacks/
For its part, Israel has also begun cyberattacks on Palestinian government institutions, a Palestinian newspaper, and Gaza University; there is little information about this. There have also been attacks by hackers related to their cause from India, a country that has now been the target of cyberattacks.
And the strategies are diverse, it has been recorded that social engineering and fake profiles are used on Linkedin that pretend to be Israeli human resources employees, project coordinators, software developers, among others, those who contact and send phishing messages and send malware to employees of Israeli organizations. DDos and defacement attacks have been used. Also, in this conflict we have detected a strategy very focused on misinformation on social networks, whether through publications with videos, notes or false statements sent by various media. Without a doubt, these will end up influencing all of us, the consumers of that information.
Unfortunately, for the most part, these types of attacks do not respect the principles of international law. Furthermore, attacks have become “cyberkinetic,” that is, attacks on the ground that are coordinated with attacks in cyberspace and have multiple objectives; whether financial, state, individual, or business.
It is known that hacker groups that have been supported in the war between Ukraine and Russia have begun to carry out attacks against other NATO targets. The mercenaries now have computers at hand and containing their actions is not possible. Furthermore, it has become difficult to coordinate these actions because it is no longer only the cyber military that participates in cyber warfare; any person related to the cause and with sufficient knowledge can inflict damage and carry out espionage activities. And their motivations, not only political, also governments offer large rewards for access to organizations that are war targets.
One of the responsibilities we have as an international community is to observe and learn from this situation and have a strategic plan for prevention, detection, protection, response and recovery, always taking into account the training of Internet users. In addition, regulatory frameworks must be provided that can be applied in the event of a conflict. For example, there is an organization in Geneva called CyberPeace Institute, which is responsible for analyzing attacks and attributions to define legal responsibility, tracking harm to civilians to protect them, and documenting legal instruments to drive regulatory changes. Efforts like this will become increasingly necessary as the theaters of war change.