Russia, Belarus, and China have taken some definite steps towards breaking off their internet into a separate entity that is controlled by the state. Russia has had a history of conducting tests to disconnect itself from the internet. China has already its version of the WWW complete with an ecosystem of developers and government controls. This may just be a sneak preview of things to come as more countries invest in ways and means to fragment the internet into manageable pieces.
The lowest common factor among all these countries is the increasing need being felt by their governments to control what citizens get to see, read and interact with. Though in its early days, we can be sure that the move to balkanize the internet is surely gaining momentum and soon we may not just have state-level internets but some countries may even join hands to form internet blocks (groups) to ensure greater control and more ‘digital sovereignty.
One aspect of this balkanization that has not been studied extensively is its impact on web cybersecurity. Since the internet is primarily a vehicle for the transfer of not just data, but also malware and threat vectors, this is an aspect that merits greater scrutiny.
Will Splinternet lead to a deterioration in the cyber risk environment globally?
The short answer is yes. Let me explain why. Splinternet essentially is not going to be just a simple fragmentation of the internet. Instead, with greater digital control over the digital data transfer, state-backed APT groups could get a dedicated digital corridor to try out new tactics and malware while staying hidden from any form of scrutiny or exposure. Malware and breach tactics could be tried in isolation till a certain level of maturity is attained for using them to target critical infrastructure installations connected to the wider internet.
North Korea’s Kwangmyong (Bright Light or bright star’) essentially a digital “walled garden” offers some insights into how some of these fragmented intranets may evolve in the future. North Korean hackers have been accused of stealing $400 mn worth of digital assets through 7 attacks on cryptocurrency platforms last year. The hackers used a series of methods including phishing, code exploits, and malware to exfiltrate funds from hot wallets.
In 2019, a UN panel focused on sanctions on North Korea, issued a report suggesting that it had raised two billion dollars through cybercrime. That’s a lot of money and in addition to funding state coffers, it could also sustain multi-stage and multi-state hacking operations for years to come. A bigger concern is the level of discipline and patience shown by North Korean hackers who are said to have waited for a whopping 17 months after their first reconnaissance attack before returning to target Bangladesh Central Bank.
Sectrio has recorded the footprint of the Lazarus group in attacks on financial services entities across the globe. This includes low-grade phishing attacks on banks that specialize in micro-finance or small-scale credits to small and medium businesses. The growing capabilities of North Korean hackers point to the specialized training they receive on focused digital platforms in addition to psyop techniques to orient hackers to stay loyal.
Such efforts will gather momentum with Splinternet. Further, with reduced and select information being made available to citizens, it will be easier to put together freshly minted and newly indoctrinated recruits for expanding existing hacking teams. Such teams will get to work on dedicated intranet fragments and then unleash mayhem on WWW once they are ready.
For cyber defenders, CERT teams, protectors of critical infrastructure, and those involved in IoT and OT cybersecurity, Splinternet will add another layer of intrigue and make it harder to pinpoint individual hackers who will be emboldened due to the extra protection offered by the new digital boundaries.
The impact of Splinternet on cybersecurity can be summed up as below:
- The rise in the number of cyberattacks and cyber threats
- Faster evolution of new APTs with dedicated targets (country or industry level)
- More exfiltration of Intellectual Property
- Hackers may connect with Ponzi scheme operators to launder money into rogue countries
- Persecution of such hackers will be next to impossible and so will be determining the exact set of individuals involved (in case travel bans are to be imposed on them)
- Attacks on critical infrastructure will certainly grow and most of these hackers will eventually target them in case of geopolitical tensions
To learn more about North Korean hackers and their operational footprint, get your hands on the latest copy of our IoT and OT threat landscape assessment report.
Stay ahead of hackers with our contextual threat intelligence feeds for IoT and OT security
Join our upcoming webinar: Key Takeaways from the Sectrio’s Global Threat Landscape Assessment Report 2022
To learn more about how to improve your compliance posture, download our compliance kits.
We also have the right cybersecurity solutions for your critical infrastructure. Allow us to give you a sneak preview of its capabilities through a no-obligation demo.