New APT groups emerge as more nations join the global cyber-arms race
New APT groups emerge as more nations join the global cyber-arms race
Many nations are now developing cyber-weapons or sponsoring cyber-espionage campaigns against rival nations or various industries either to protect national security, attain economic superiority or to pre-empt cyber-attacks on themselves, finds security firm FireEye.

Even though a large number of advanced persistent threat groups (APTs) have either been found to be based in China or Russia or sponsored by either of the two countries, new advanced persistent threat groups with significant cyber-capabilities are now being attributed to other nations such as Vietnam, Iran, and North Korea.

According to security researchers at FireEye, several nations now have advanced cyber-tools in their possession which they have the ability to use either in offensive or defensive operations. Such cyber-weapons allow some nations to interfere in other countries' politics, attack industrial systems, and create instability without having to wage a real war.

For other nations who are mostly at the receiving end of cyber-attacks that are either sponsored by other nations or carried out by hackers to satisfy their respective motives, the possession of cyber-weapons is essential for the very survival and sustenance of their economies and the well-being of their citizens. Recent cyber-attacks carried out by GCHQ against the Islamic State's digital assets in Europe is a case in point.

Then there are some nations who were never known to be developers of cyber-weapons or sponsors of hacker groups but are now found indulging in both activities. According to FireEye researchers, this is not only because improving cyber-capabilities is often more cost-effective than other traditional defensive or offensive measures, but also because sitting out of the cyber-arms race will not inoculate them from being targeted in the future.

However, according to Joseph Carson, chief security scientist at Thycotic, even though hostile nations like Iran and North Korea have heavily invested in developing cyber-capabilities for offensive or defensive purposes, the West is still fixated on nuclear capabilities and it is unclear if the likes of the UK or the United States will ever launch a pre-emptive strike on such capabilities as they can be hidden anywhere and are extremely difficult to locate or attribute.

If it is really so pointless to try and locate an enemy's cyber-weapons or to destroy them, are nations just developing and stockpiling their own cyber-weapons to promote deterrence using the principle of MAD (mutually assured destruction)? 

"Absolutely and this has been happening for many years already. Developing cyber-offensive weapons today is more cost-effective than nuclear weapons and can achieve the same political goals," Carson added.

Ross Rustici, senior director of intelligence services at Cybereason told SC Magazine UK that cyber-weapons can be used for deterrence only if both sides in the altercation know that the other side has an offensive strike capability that is overwhelmingly destructive and that there is no way to prevent that strike should it be launched.

"The inability to verify offensive capabilities in cyberspace coupled with the perishable nature of the vulnerabilities makes it almost impossible to use cyber as a deterrent especially against a country with superior conventional military capabilities. Cyber-weapons at their core are weapons of deferment. This allows mid-tier countries like North Korea, Vietnam, Iran, to hold the United States or China at risk in ways that their conventional military can't.

"However, the conventional military balance is such that should a core national interest be involved, the stronger country will protect it because at the end of the day, while cyber-weapons can have incredible effects, so too do cruise missiles. Cyber is a way to increase the cost of otherwise stronger powers meddling in regions where they don't have a vital interest at stake," he said.

On the question of whether the UK or the US can pre-empt or deter cyber-attacks launched by advanced persistent threat groups sponsored by Vietnam, Iran or North Korea, he said that given the current set of technologies available to both attackers and defenders, policy makers should not presume that their countries have an effective way to defang adversary cyber-programmes when making decisions.

"Each country has different laws which makes the individual calculations different, but overwhelmingly the US, UK, and Europe are positioned to respond when something happens rather than disrupt capabilities beforehand. Ultimately the West is now faced with two decisions. First, how many domestic reprisals am I willing to undergo for policies abroad. 2) What level of cyber-activity warrants a cross domain, kinetic retaliation.

"Each country will have a different answer to both of those questions, but to date, no country has witnessed a cyber-attack that has invoked a response that would deter other countries from conducting similar activity. This makes the odds of successfully pre-empting the next wave of cyber-attacks even less likely," he added.

Such lack of deterrent action is also encouraging many smaller nations to actively develop cyber-weapons for various purposes such as stealing intellectual property, conducting economic espionage during international business or investment deals, opportunistically monitoring the communications of executives who are traveling within the country, and pre-positioning themselves on corporate networks within non-allied nations.

It remains to be seen how long it will take the world to create a global body to monitor the development and use of cyber-weapons globally. Considering how adept cyber-criminals are at hiding their activities and their location and how difficult it is to attribute certain cyber-attacks to particular nations, it could be a long time before the use of cyber-weapons could be curtailed through the use of superior technical expertise or global agreements.