Amazon said the lines between cyberattacks and physical, real-world attacks are blurring quickly — prompting the tech giant to call for a new category of warfare: cyber-enabled kinetic targeting.
Nation-states have combined and understood how logical systems and the physical world interact for a long time, but more non-traditional attackers are showcasing expertise in using cyberattacks to enable and amplify the impact of kinetic military operations, according to Amazon Threat Intelligence.
“The collective industry and our customers have to really pay attention to this and change the way we’re doing things,” Steve Schmidt, chief security officer at Amazon, told CyberScoop in a phone interview. “Physical and digital security cannot be treated as separate domains with separate domains and approaches.”
Governments traditionally have requirements for actions to occur or access to specific information, and oftentimes those objectives were treated separately. Yet, now when governments want to achieve military objectives, military planners are asking for more precise details about the target, Schmidt said.
While nation-state attackers can compromise networks that contain data identifying those targets, those details are typically generalized. To get more exact information, nation-state attackers are compromising closed-circuit television (CCTV), or security cameras, on the target itself.
This allows military planners to “see where the [target] is physically and actually do live adjustments of targeting while you have weapons in flight,” Schmidt said.
Amazon provided two case studies as examples of cyber-enabled kinetic targeting in a blog post Wednesday. The most recent attack involves MuddyWater, a threat group linked to Iran’s Ministry of Intelligence and Security, that provisioned a server in May and used that infrastructure a month later to access another compromised server containing live CCTV streams from Jerusalem.
When Iran launched missile attacks on Jerusalem on June 23, Israeli authorities said Iranian forces were using real-time intelligence from compromised security cameras to adjust missile targeting, Amazon said.
Cyber-enabled kinetic targeting employs common tools and tactics that display advanced skills in anonymizing virtual private networks, using their own servers for command-and-control capabilities, compromising enterprise systems such as CCTV systems or maritime platforms, and gaining access to real-time data streams, according to Amazon.
These multi-layered, collaborative attacks require critical infrastructure operators and threat intelligence professionals to expand their remit, Schmidt said.
“Traditional cybersecurity frameworks treat the digital and the physical threats as really separate domains, but we realized, through our own internal work and our research, of course, that this separation is not only artificial but actually detrimental,” he said.
“You have to think about these things as integrated wholes, because even physical world assets, like a ship, are really a cyber asset as well. And multiple nation-state threat groups are pioneering a new operational model where cyber reconnaissance directly enables kinetic targeting,” Schmidt added.
Amazon said this is a warning and call to action for defenders to consider how compromised systems might be used to support physical attacks and recognize that their systems might be valuable targeting aids for kinetic operations. This also demonstrates the need for threat intelligence sharing across the private sector and government to work through more complex attribution response frameworks, the company said.
Multiple nation-states will increasingly employ cyber-enabled kinetic targeting, CJ Moses, chief information security officer of Amazon Integrated Security, said in the blog post.
“Nation-state actors are recognizing the force multiplier effect of combining digital reconnaissance with physical attacks,” he said. “This trend represents a fundamental evolution in warfare, where the traditional boundaries between cyber and kinetic operations are dissolving.”
Many seemingly espionage-focused attacks that have already been made public might ultimately be an entry point for kinetic targeting, according to Schmidt.
Countries that have both advanced cyber capabilities and military strength are most likely to succeed at cyber-enabled kinetic targeting, he said.
The most prominent threats come from nation-state attackers who are more specialized in their targeting. “The targeting of maritime navigation systems is a relatively unique skill, and it is different from the targeting of a cryptocurrency exchange,” Schmidt said.
“It takes different knowledge, and so you’re seeing groups pop up onto the radar, which we may not have followed before because there wasn’t that volume of activity.”
The post Amazon warns of global rise in specialized cyber-enabled kinetic targeting appeared first on CyberScoop.
The company said the boundaries between cyber and physical attacks are dissolving as nation-states use network intrusions to aid military targeting in real time.
The post Amazon warns of global rise in specialized cyber-enabled kinetic targeting appeared first on CyberScoop. Read MoreCyberScoop
