When Do We Call a Cyber Attack an Act of Cyber War?

What is the difference between cybercrime and a “cyber war”?

There are different elements of an attack that help us understand this: the targets, the threat actors behind it, as well as the tools used. But I think one of the most important aspects, something that drives all the other aspects, is also the answer to the question I posed earlier: intent.

I believe this difference in intent matters because it defines the threat itself. There are a lot of reports on different kinds of organizations being successfully victimized by targeted attacks, and it has become so overwhelming to the point that it has obscured our view of what kind of threats we’re dealing with. And though knowing the intent might not be able to help us stop an attack, it can enable us assess if we are a potential target.

Cyber war or Cybercrime?

For example, when a threat actor from country A conducts a targeted attack against several companies in country B, does it count as cyber war, or cybercrime? The answer, again, depends on the intent.

Cyber war, as Raimund Genes also said in his 2013 predictions, refer to politically motivated attacks that may destroy data or even cause physical damage to infrastructure of a specific country. So in my example above, if the goal of the attack is to destroy the companies’ data or their infrastructure with a political intent, it may be considered an act of cyber war.

However, if the attack is conducted in order to steal information from the companies with a pure financial intent, then it should be considered a form of cybercrime. Most of the cybercrime schemes we’ve seen in the past aimed to affect as many individual users as possible, but the cybercriminals have found a bigger and better target in companies.

Ends vs. Means

Of course, although the end goals are different, there is a clear overlap between the two, that being the gathering of information. For example, gaining internal information in order to gain money is the goal of cybercrime, but in terms of cyber war, the same scheme can be just part of reconnaissance for a bigger operation. So if we look at it, the targeted attack itself is simply a tool in order to achieve the intent. The structures, techniques, and tools used can be the same, but the ending can be completely different.

Does It Matter?

So in the end, does the intent matter? Not that much. But how you protect yourself and your network does. Regardless of who you think is after you, any of them will be after your crown jewels. So act accordingly. It’s all a name game.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

When Do We Call a Cyber Attack an Act of Cyber War?