Cyberwarfare: nation-state hacking on the rise


It sounds like the plot to the latest Hollywood thriller. A hacking attack sponsored by an enemy nation takes 50 generators offline – generators that just so happen to supply power to the electrical grid of the entire North-eastern seaboard including in New York City and Washington DC. This attack triggers a blackout leaving more than 90 million people without power. Far from fiction, according to a study from Lloyd’s, such an attack could actually happen – and without doubt would  create massive chaos and systemic collapse.

Cyberwarfare is a form of conflict that uses cyberattacks to disrupt, damage, or destroy the assets or operations of a nation that is considered an enemy. And recent years have seen a concerning growth in attacks on critical infrastructure systems like energy, transportation, telecommunications, and public services.

How Cyberwarfare is Reshaping the Global Security Landscape

State-sponsored cyberattacks pose a significant threat to global security. In today’s landscape, nation-states have advanced technological capabilities through the use of intelligence agencies and skilled hackers. They can leverage sophisticated tools and techniques to carry out cyberattacks aimed at disrupting critical infrastructure, stealing sensitive information, undermining national and global security, and destabilizing economies and diplomatic relations.

Cyberwarfare may target physical infrastructure, such as the 2021 Colonial Pipeline attack – which caused a complete shutdown of the pipeline carrying petrol and jet fuel to the Southeastern United States. Digital infrastructure is also vulnerable to cyberattacks, like the global wave of data breaches on Microsoft Exchange Servers in 2021 that impacted organizations around the world, including the Norwegian Parliament and European Banking Authority.

As critical infrastructure becomes increasingly reliant on technology, there is a growing risk of being targeted for cyberwarfare. Critical infrastructure security can be challenging, as it is often complex and interconnected across geographies – so an attack in one location can have a widespread chain reaction.

What’s more, the physical operating technology contained in these networks often isn’t designed with internet connectivity in mind, lacking the necessary security controls to protect against cyberattacks. This is why it’s essential for governments and businesses to invest in building cyber resilience, and work together to share cyber threat intelligence and safeguard critical infrastructure security.

State Sponsored Hacking: Who Are the Actors and What Are Their Motives?

Nation-state cyberattacks are carried out by a state-sponsored individual or organization, rather than the state itself. Because operations are covert in nature, the attack can’t be directly traced back to the government that authorized it.

Countries may engage in cyberwarfare for political, economic, and military motives. Where critical infrastructure is targeted, the goal may be to cause financial losses, disrupt supply chains, and impact domestic or foreign trade. For example, an attack on the energy grid of an adversary country could cause a blackout which weakens the economy and threatens national security and public safety.

Cyberwarfare between nation-states often leads to significant strain in diplomatic relations and trust, upsetting the global geo-political landscape. In regions of conflict, cyberwarfare can be used as a strategy to gain an advantage over the enemy, as in Russia’s malware attacks on Starlink satellites to collect data on Ukrainian military movements in 2023.

Cyber Threats and Vulnerabilities: Understanding the Risks and How to Mitigate Them

To mitigate the risks of cyberattacks, it’s important to understand how they occur. While cybercriminals may use a range of techniques, one of the most common is “phishing” where individuals, such as employees, are encouraged to click on a link or download a file under false pretences. Once they open the link, malware is installed on their system, opening access for hackers.

Similarly, users might receive a phishing email asking them to enter personal information to confirm their identity – this data is then used to enter the company’s system. In the case of The Colonial Pipeline Company, a breached employee password was found on the dark web.

As cybercriminals develop tools to specifically target critical infrastructure, organizations should take steps to enhance cybersecurity including:

  • Training employees. People are the first line of defence against a cyberattack, making security awareness vital. Businesses need to educate employees around common forms of attack like phishing emails, and cybersecurity best practices.
  • Monitoring cybersecurity. Regular security assessments and vulnerability scanning can help identify any weaknesses in security infrastructure. Alerts should be set up to identify and respond to potential security threats as quickly as possible.
  • Controlling user access. Employees should only have access to the level of information they need, with limited accounts holding administrative privileges. Controls such as multi-factor authentication can help prevent unauthorized access to systems.
  • Preparing for cyberattacks. An incident response plan is critical for minimizing the impact of any potential cyberattacks, with roles and responsibilities assigned to different team members.

Global Cyberattack Trends: What to Expect in 2024 and Beyond


  1. Increased sophistication of attacks. Generative AI will enable hackers to automate and enhance their phishing and ransomware tactics, making them harder to detect.
  2. Targeting of Internet of Things (IoT). With many people working remotely and a proliferation of IoT devices, attacks on smart homes are likely to become more prevalent.
  3. Cyberattacks used as a weapon of war. The conflict in Ukraine has exposed the ability and willingness of states to deploy cyberwarfare targeting military and civilian infrastructure.
  4. Advanced Persistent Threats (APTs). APTs are targeted attacks that aim to give hackers long-term access to systems, and are predicted to become more widespread.
  5.  Attacks on mobile phones. Mobile devices are an increasingly attractive target for cybercriminals, leading to a rise in mobile-specific threats and malware.