Undersea communications cables are becoming an increasing target for cyber threat actors whose incidents could cause massive disruption to the global Internet, a new report finds.
Recorded Future notes that recent geopolitical developments, such as the Russia-Ukraine conflict, China’s heavy-handed actions against Taiwan, and heightened tensions between the United States and China, “are very likely to be key drivers of the near-term risk environment.” It’s expensive,” he said.
Researchers believe these cables will become targets for sabotage and even spy attacks as tensions between nation-states rise. For example, the report highlighted that in February 2023, two submarine cables linking Taiwan to the remote island of Matsu were cut, possibly intentionally, by Chinese civilian ships within six days of each other.
In June 2023, Dmitry Medvedev, a close ally of Russian President Vladimir Putin, declared that Russia should free-hand destroy enemy submarine communications cables.
An estimated 99% of intercontinental Internet traffic and data and voice communications are carried through fiber optic submarine cables that run along the ocean floor, facilitating more than $10 trillion in financial transactions every day. It is also used to carry classified government communications, such as in support of military operations abroad.
Jamming of these cables by adversaries can have serious economic and social consequences for nations.
“These cables are literally the lifeblood of the internet, so we have to be very careful about potential new attack vectors,” said Craig Terron, Insikt Group Global Issues Director at Recorded Future. Information security Infosecurity Europe 2023 magazine.
Opportunity for cyber attackers
In addition to cutting cables underwater, Terron observed that a remote network management system was used to manipulate the cables, which “could be a target for cyber attackers.”
These systems almost always require connectivity to the Internet, the report notes, meaning that “third-party vulnerabilities are more likely to compromise the security and resilience of the entire cable system.” doing.
Terron added that these networks use systems such as Linux and Windows, which “attackers are already exploiting.”
The only known cyberattack on a submarine cable to date occurred in April 2022, when the U.S. federal government said it had thwarted an attack on a submarine cable connecting Hawaii to the Pacific region. . This attack was made possible by a credential-related compromise by a third party.
Few other details about the case have been released, but Theron believes this is the authorities’ deliberate approach to “not give anyone an idea.”
He also believes that similar attacks are likely occurring in other regions, but that information has not been shared by the relevant authorities.
The report argued that state-sponsored hacktivist groups were more likely than financially motivated cybercriminals to carry out cyberattacks against submarine cables to cause disruption and sabotage.
Terron said the serious consequences of this type of attack by authorities could deter many cybercrime gangs from targeting critical undersea cables. He highlighted ransomware attacks against the Colonial Pipeline in 2021. The attack quickly involved the U.S. Department of Justice (DoJ) due to the disruption of critical infrastructure.
Other data risks
According to Terron, a successful attack on an undersea cable could also cause ramifications of data problems. He said organizations using cloud hosting services with data centers based in places where the internet is blocked “result in disruption and impact access to their digital assets.” rice field.
Another problem associated with these cables is espionage. The report outlined that the growing role of Chinese state-owned enterprises as cable owners and providers has “increased China’s ability to manipulate, monitor and disrupt data flows around the world.” .
Teron said Information security: “Several governments have warned against China’s involvement in these undersea cable systems, citing potential hacking capabilities. Someone could obtain information through these information superhighways. ”
He said organizations and governments should encrypt communications to mitigate this risk.
