Changing Domains - The Cyber Info Realm 2023.pdf

CHANGING
DOMAINS: THE
CYBER/INFO
REALM
Benjamin Ang (twitter.com/benjaminang)
Senior Fellow, Head Digital Impact Research,
Dy Head Centre of Excellence for National Security
RSIS, NTU

WHAT ARE THE DOMAINS?
LAND : Earth’s
surface ending at the
high-water mark and
overlapping with the
maritime domain in
the landward
segment of the
littorals.
SEA: The oceans,
seas, bays, estuaries,
islands, coastal
areas, and the
airspace above these,
including the littorals.
AIR: The atmosphere,
beginning at the
Earth’s surface,
extending to the
altitude where its
effects upon
operations become
negligible.
SPACE : The area
above the altitude
where atmospheric
effects on airborne
objects become
negligible.
DOD Dictionary of Military and Associated Terms, January 2021, Accessed May 17, 2021
from https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/dictionary.pdf?ver=2019-05-29-162249-290

CYBER DOMAIN • CYBERSPACE: A global domain
within the information
environment consisting of the
interdependent networks of
information technology
infrastructures and resident data,
including the Internet,
telecommunications networks,
computer systems, and
embedded processors and
controllers.
7/19/2023 Sample Footer Text 3

GOALS OF CYBER
AT TACKS: C, I, A
Confidentiality
Integrity
CIA Triad
Availability
Confidentiality
- Data breach (SingHealth)
- Trade secrets
Integrity
- Software (Solarwinds)
- Nuclear power plant
(Stuxnet)
Availability
- Ransomware or
wiperware (NotPetya)
- DDOS

CYBER INCIDENTS IN ASEAN
• Singapore, 2018
• SingHealth: 1.5 million patients' non-
medical personal data stolen, including PM
• Singapore, 2019
• 2,400 MINDEF/ SAF personnel, by phishing
ST Logistics (3rd party)
• Singapore, 2019
• 14,200 people diagnosed with HIV, taken by
ex-lover of a doctor with access
• Thailand and Vietnam
• Toyota customer data, no details given
• Malaysia, 2017
• 46.2 million mobile subscribers’ data
• Philippines, 2018
• 82,150 customers of Wendy’s
• Philippines, 2019
• 900,000 customers of pawnshop Cebuana
• Thailand, 2018
• 45,000 customers of True Corp mobile
• [source: CSO Online]

CYBER INCIDENTS IN ASEAN IN 2020
Palo Alto State of Cybersecurity Report ASEAN 2022

APTS AND TARGETS IN ASIA
APT Target countries Target entities
FunnyDream (C) Malaysia, Philippines, Thailand,
Vietnam
High-level government
organisations; political parties
Platinum Indonesia, Malaysia, Vietnam Diplomatic and government entities
Cycldek (C) Laos, Philippines, Thailand,
Vietnam
Government, defence, and energy
sectors
HoneyMyte Myanmar, Singapore, Vietnam Government organisations
Finspy Indonesia, Myanmar, Vietnam Individuals
PhantomLance Indonesia, Malaysia, Vietnam Entities
Zebrocy (R) Malaysia, Thailand Entities [source: Kaspersky]
Economic and
Geopolitical
intelligence
gathering

FIRELAND
PROBLEMS: AT TRIBUTION IS HARD
WATERLAND
(not aware)
AIRLAND
INFECTED
INFECTED
We’ve been
cyber-attacked!
Where did it come
from?
The malware
must have
come from
WATERLAND!

FIRELAND
PROBLEM: AT TRIBUTION IS HARD
WATERLAND
(not aware)
AIRLAND
INFECTED
INFECTED
WATERLAND, if you
attacked us, we will take
countermeasures
against you!
We’re
innocent!
Ha ha ha
(evil
laughter)

Source: Md Faizal, G Haciyakupoglu, J Yang, D Leong, YL Teo, B Ang, Countermeasures Against Foreign Interference, RSIS Policy Report
Definition
• Foreign interference
occurs when a
foreign entity (state
or non-state actor),
• with hostile intent,
• takes actions to
deliberately,
covertly and
deceptively
• disrupt the politics
and policies of the
target state
RSIS FRAMEWORK OF INFORMATION,
INFLUENCE, AND INTERFERENCE

RISKS OF FOREIGN
INTERFERENCE:
POLITICAL LEADERS

RISKS OF FOREIGN INTERFERENCE:
RELIGIOUS LEADERS

RISKS OF FALSE INFORMATION:
NARRATIVES THAT DAMAGE COHESION
• “Putin is the man”, “Ukraine war was
US/NATO’s fault”, “US has secret bio-labs
in Ukraine that started pandemic”
• Anti-vax conspiracy theories
e.g., “vaccines contain graphene oxide, are
for population culling / implanting 5G chips
/ Plandemic”
• QAnon – “a cabal of Satanic, cannibalistic
child molesters are operating a global child
sex trafficking ring”
• Gender issues – “LGBTQ activists are
coming for your children”

WHAT LESSONS CAN
WE LEARN FROM
RECENT CYBER/INFO
DOMAIN CONFLICT?

CASE STUDY: RUSSIA V UKRAINE
• Source: Fog of war: how the Ukraine conflict transformed the cyber threat landscape, published
by Google TAG (Threat Analysis Group)
• Overview
• 1. Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to
gain a decisive wartime advantage in cyberspace, often with mixed results.
• 2. Moscow has leveraged the full spectrum of IO – from overt state-backed media to covert
platforms and accounts – to shape public perception of the war.
• 3. The invasion has triggered a notable shift in the Eastern European cybercriminal ecosystem
that will likely have long term implications for both coordination between criminal groups and
the scale of cybercrime worldwide.

1. MULTI-
PRONG CYBER
TACTICS
• Russian government-
backed attackers have
engaged in an aggressive,
multi-pronged effort to
gain a decisive wartime
advantage in cyberspace,
often with mixed results.
7/19/2023 16

MULTI-TACTIC
AND TARGET
• Spear phishing (targeted emails) up 250% in Ukraine,
up 300% in NATO countries in 2022
• Destructive attacks on gov / mil / critical
• Hack and leak (of sensitive info)
• Android apps pretending to be DDOS weapons

MULTI TACTIC
AND TARGET
Media: To plant false information
Energy provider, shipping and trains: To disrupt
Drone manufacturer: To disable weapons
7/19/2023 18

MULTI COUNTRY
Targets included think tanks,
nuclear research labs, NGOs
7/19/2023 19

MULTI-PHASE TIMELINE
2019 – JAN
2022
• Cyber
espionage +
Pre-
positioning
FEB – APR 2022
• Destructive
ops (wipers)
+ Military
invasion
MAY – JUL 2022
• Sustained
targeting
(wipers)
AUG – SEP 2022
• Maintaining
footholds
OCT – DEC 2022
• Renewed
destructive
attacks
(ransomware,
wipers)
7/19/2023 20
Attackers need months
to setup access before
launch attacks, then
they lose access

WHAT LESSONS CAN WE LEARN ABOUT THE
CYBER DOMAIN?

2. FULL SPECTRUM
INFORMATION
OPERATIONS
• Moscow has leveraged the
full spectrum of IO – from
overt state-backed media
to covert platforms and
accounts – to shape public
perception of the war
1. Undermine the Ukrainian
government
2. Fracture international
support for Ukraine; and
3. Maintain domestic
support in Russia for the
war.
7/19/2023 22

TYPES OF INFO OPS
Russian IO focused
on domestic
audiences
• Spikes before
military activity
• Narrative of
“De-Nazification”
IO actors using
overt and covert
methods
• Fake accounts,
news sites,
YouTube
• Telegram groups
• Duplicate sites
Resurgence of
hacktivists
• Linked to Russian
intelligence

CYBER CRIMINALS
INVOLVED
Ransomware gangs leaked Personal
Identification Information (PII) of soldiers
and government officials
7/19/2023 27

WHAT LESSONS CAN WE LEARN ABOUT THE
INFORMATION DOMAIN?

DEFENDING THE CYBER/INFO DOMAIN
• Sources: Defending Ukraine: Early Lessons from
the Cyber War (Microsoft)*
1. Defense against a military invasion now
requires for most countries the ability to
disburse and distribute digital operations and
data assets across borders and into other
countries.
2. Recent advances in cyber threat intelligence
and end-point protection have helped Ukraine
withstand a high percentage of destructive
Russian cyberattacks.
3. As a coalition of countries has come together
to defend Ukraine, Russian intelligence
agencies have stepped up network penetration
and espionage activities targeting allied
governments outside Ukraine.
4. In coordination with these other cyber
activities, Russian agencies are conducting
global cyber-influence operations to support
their war efforts.
5. This calls for a coordinated and
comprehensive strategy to strengthen
defenses against the full range of cyber
destructive, espionage, and influence
operations.

DEFENCE LESSONS, IN DEPTH
Distribute digital
ops and assets
globally
• Attackers bombed
data centres
Good defences can
stop cyberattacks
• Cyber threat
intelligence
• Connected end-point
protection
Allies also need
defence
• NATO countries
• Denmark, Norway,
Finland, Sweden,
Turkey

DEFENCE LESSONS, IN DEPTH
New tools are
needed to stop IO
• AI, new analytics
tools, data sets, and
experts to track and
forecast
Coordinated
response needed
• Governments
• Tech companies
• Civil society
• Academia

PUT TING
STRONTIUM IN
A SINKHOLE
The Strontium group was
targeting Ukrainian institutions,
media organizations, and
government institutions and think
tanks in the United States and the
European Union
Microsoft got court orders 16
times to redirect internet traffic
from Strontium domains into a
‘sinkhole’

MSN, META, TIKTOK BLOCK SPUTNIK

DEFENDING FROM INFO OPS
• Public coverage and exposure
• Clear counter-messages
• Legislation
• Build media and digital literacy
• Work with citizens, influencers
• Detect and expose fake accounts
Active measures
• Work strategically, not reactively
• Build a strong narrative that is more
attractive than the adversary

WHAT LESSONS CAN WE LEARN ABOUT
DEFENDING THE CYBER/INFO DOMAIN?

Changing Domains - The Cyber Info Realm 2023.pdf

Recommended

Recommended

More Related Content

Similar to Changing Domains - The Cyber Info Realm 2023.pdf

Similar to Changing Domains - The Cyber Info Realm 2023.pdf (20)

More from Benjamin Ang

More from Benjamin Ang (20)

Recently uploaded

Recently uploaded (20)

Changing Domains - The Cyber Info Realm 2023.pdf