Blog

SANS Institute Researchers are some of the few to have approached the topic of asymmetric cyber warfare, adding to existing analysis about how asymmetry impacts traditional military conflict.

Asymmetric battles are defined as those that take place between adversaries that have unevenly balanced power. Although a logical expectation would be to assume that asymmetric warfare benefits the more powerful combatant - that much larger forces will swiftly do away with weaker adversaries: fringe combatants benefit from the use of strategic resourcefulness, unconventional tactics, and avoiding direct engagement to cause disproportionate amounts of damage to their more powerful opponents. 

Avoiding direct contact is trivial to achieve in cyber warfare using shadow cloud infrastructure providers (also known as bulletproof hosting), VPNs, and Tor networks to maintain anonymity. Low-skilled juvenile attackers (known as script kiddies) leveraging social engineering and push-button hacking toolkits engineered by more skilled developers are a significant risk to large organizations.  The asymmetric aspect of cyber warfare is also interesting from the other side of the imbalance. How can individuals or SMEs stand a chance against nation-state threat actors with large budgets and sophisticated cyber capabilities?  

In this article, we will look at the nature of asymmetric cyber warfare and what it means for defenders.

What is Asymmetric Warfare?

Asymmetric warfare, (also known as asymmetric conflict) occurs when opposing forces have significantly different levels of resources and military capabilities. One side possesses greater military power and resources, while the other is forced towards unconventional strategies for advantage to offset their opponent's technical superiority. In fact, significant disparity between belligerents has become a prominent feature of various contemporary armed conflicts.

Some characteristics of asymmetric warfare include:

• Imbalance of Power: Asymmetric conflicts arise when one party, typically a state or a well-organized military force, has overwhelming conventional military capabilities, such as superior firepower, technology, and resources, compared to the opposing force

• Unconventional Tactics: The weaker actor in an asymmetric conflict typically employs unconventional tactics and strategies that do not directly confront the superior force's strengths. An excellent example of unconventional tactics in cyber warfare is phishing attacks.  By using social engineering instead of a technical hack, attackers can circumvent the need to develop complex software exploits or malware while still gaining unauthorized access to a large corporation's IT assets

• Minimized Direct Confrontation: The weaker side avoids confrontation with the stronger force. Cyber warfare is exceptionally well suited to this tactic since digital communication can be used exclusively and originates from around the globe. Also, the attacker's identity can be masked using a variety of technologies and techniques making attack attribution very difficult or impossible

• Resourcefulness: Fringe actors often demonstrate extraordinary resourcefulness in acquiring weapons, funds, and support. This effect is greatly amplified in the cyber-theatre of war since exploit code and offensive strategy can be openly discussed and shared anonymously. The need for defenders to openly share their intelligence also gives attackers clear visibility and insight into which attacks are most disruptive and most importantly,  the related technical details

• Adaptability: Small groups and even individual threat actors can nonetheless be highly adaptable and evolve their tactics and strategies in response to changing circumstances. When defenders implement detection rules for a particular strain of malware, attackers can simply modify their code to avoid detection and retain the upper hand

• A Political Tone: Asymmetric actors often emphasize the political aspects of their goals using an oppressor vs oppressed paradigm to justify their aggressive actions. Fringe groups often gain supporters using illicit activity like smuggling or criminal activities that circumvent rules perceived as oppressive. Hacktivists are small hacking groups seeking to further their political goals against large corporate or political entities and also large nation-state-sponsored cyber attacks against non-government organizations seeking social justice against oppressive regimes

Other Ways That Asymmetric Cyber Threats Gain High Impact

Individual hackers and small hacking circles can disproportionately impact large enterprises or even government entities. Threat actors are known to form groups that specialize in very niche stages of a cyber attack such as DoS as a Service (DaaS), Ransomware as a Service, Initial Access Brokers (IAB), and Phishing as a Service groups and then outsource their specialized skills to other malicious actors.

The capabilities of a small threat actor group are quickly amplified by proof of concept (PoC) and functional exploit code that is often available online soon after a vulnerability is disclosed. But in many cases, software vendors may be reluctant to patch their vulnerable software unless pushed to do so by such measures.

Also, the technological complexity and pace of change in modern IT systems have resulted in an overwhelming number of newly available vulnerabilities that exacerbate defensive efforts and a cybersecurity talent shortage has resulted in organizations that can't find enough skilled IT workers and high burnout rates among defenders. 

Furthermore, as defenders try to support each other by sharing Cyber Threat Intelligence (CTI), this public information about new vulnerabilities can bolster attackers' strengths with fresh insight. CTI sharing frameworks such as CVE, CVSS, and MITRE ATT&CK are also used by attackers to hone their strategies. Basic training in digital forensics makes reverse engineering a software security patch trivial. Attackers simply identify what changes were made by a software update to see how they can attack systems that have not been patched. 

Conclusion

The asymmetric nature of the cyber threat environment challenges traditional security paradigms. Adversaries with fewer resources use unconventional tactics, like social engineering and leveraging public CTI, to quickly evolve their malicious tactics and disproportionately impact larger, more sophisticated IT entities, including nations and large corporations. 

This landscape is further complicated by the anonymity and global reach of digital platforms, allowing even low-skilled attackers to cause significant damage. The rapid evolution of technology and the prevalence of shared threat intelligence inadvertently aid attackers, highlighting a critical need for adaptive and comprehensive cybersecurity strategies. This article emphasizes the importance of understanding asymmetric cyber warfare to defend against these pervasive and looming threats effectively.

Looking for more actionable insights like these? Reach out to our team for your free, zero-obligation quote or sign up for our newsletter below.