Geopolitical unrest creates fertile ground for cyberattacks

As detailed in NETSCOUT’s 2H 2021 Threat Report, the total number of Distributed Denial of Service (DDoS) attacks increased from 5.4 million in the first half of 2021 to 4.4 million in the second half, totaling 9, 8 million DDoS attacks for the whole of 2021. Most geographies saw a decrease in attacks during the second half of 2021. But a notable exception was the Asia-Pacific (APAC) region, which recorded more than 1.2 million attacks during this period, an increase of 7% compared to the second half. of 2021. This becomes even more important in light of the fact that the last three Threat Intelligence reports show consecutive declines in this region.

One likely reason is geopolitical tensions between China, Hong Kong and Taiwan – as well as hostility against countries that support democratic governments in the APAC region. To better understand how cyberattacks are used in relation to geopolitical events, consider the following attacks or incidents related to the APAC region during this time period.

  • In mid-July, the People’s Republic of China (PRC) was publicly condemned for a series of cyberattacks, including ransomware, cyberextortion and cryptojacking, with the aim of stealing trade secrets, business information, intellectual property and vaccine research. United States. government, the European Union (EU), NATO and the Five Eyes – the intelligence alliance made up of the United States, United Kingdom, Australia, Canada and New Zealand – have carried charges against four Chinese nationals suspected of being part of APT40, a group linked to the PRC’s Ministry of State Security.
  • In November, the director of Taiwan’s cybersecurity department said government agencies in the country were hit by 5 million cyberattacks and investigations every day. Taiwanese officials say China has increased cyberattacks targeting the Taiwanese government and businesses in direct proportion to China’s efforts to make democratic Taiwan part of its own territory.
  • In December, the Microsoft Digital Crimes Unit (DCU) announced that it had been authorized to seize websites linked to Nickel, a China-based hacking group that attacked organizations in the United States and 28 other countries. A U.S. District Court approved the sites to be shut down, blocking Nickel’s access to victims and preventing it from using websites to launch attacks. The move was made in response to evidence that the attacks were carried out to gather intelligence from government agencies, think tanks and human rights organizations.
  • Also in December, at least 13 organizations in sectors including defence, health, energy and transport were targeted by an alleged Chinese cybersecurity campaign that was investigated by the Security Agency. National Security (NSA) and our partner organization, the Unit 42 division of Palo Alto Networks. . The breach was made possible by vulnerable software used by more than 600 US organizations, including universities, state and local governments, and healthcare organizations.

As these examples illustrate, DDoS attacks are often forms of geopolitical protest and conducted to impact governments and vital organizations in countries around the world.

Note: At the time of this blog post, the Russian-Ukrainian conflict is still ongoing. Prior to and during this time, the NETSCOUT ATLAS Security Engineering and Response Team (ASERT) monitored DDoS attacks targeting both Russian and Ukrainian assets.

Learn more about regional attack trends in the 2H Threat Report 2021

Copyright © 2022 IDG Communications, Inc.