• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber warfare
  • Intelligence
  • Security
  • Cyber Weapons

Cyber Weapons

Pierluigi Paganini April 03, 2012

Article Published on The Hacker New Magazine – April Edition “Cyber_Warfare”

First let’s try to provide a definition of cyber-weapon, to do this I get inspiration from an article written by experts Thomas Rid and Peter McBurney. Correctly define cyber weapon has significant legal and political consequences as well as the security itself. The line between what is a cyber-weapon and what is not a cyber-weapon is subtle.

But drawing this line is important. For one, it has security consequences: if a tool has no potential to be used as a weapon and to do harm to one or many, it is simply less dangerous.

Secondly, drawing this line has political consequences: an unarmed intrusion is politically less explosive than an armed one. Thirdly, the line has legal consequences: identifying something as a weapon means, at least in principle, that it may be outlawed and its development, possession, or use may be punishable.

It follows that the line between weapon and non-weapon is conceptually significant: identifying something as not a weapon is an important first step towards properly understanding the problem at hand and to developing appropriate responses. The most common and probably the most costly form of cyber-attack aims to spy.

The two expert define “cyber weapon” as “a computer code that is used, or designed to be used, with the aim of threatening or causing physical, functional, or mental harm to structures, systems, or living beings“

Over the years many cyber weapons have been identified, without a doubt the most famous of which is the virus Stuxnet, and this has led to introduce many different classification for their qualifications.

An interesting classification of cyber weapons is based on spectrum of action, in this scale we introduce the following categories:

  • Low potential end of the spectrum is a malware able to affect systems from outside but that is not able to penetrate the target or to create a direct harm. To this category tools and software to generate traffic to overload a system create damage to its services with a temporary effect (e.g. Denial of Service attack) without damaging.
  • Medium potential end of the spectrum, any malicious intrusion  we can identify that is not able to influence the final target that is anyway able to create functional and physical damage. In this category are included generic intrusion agent like malware able to rapidly spread.
  • High potential end of the spectrum is an agent that is capable to penetrate the target avoiding any protection creating a direct harm to the victim. That could be the case of a sophisticated malware that could harm a specific system like the virus Stuxnet. Inside this category we introduce a further distinction between  learning agent and intelligent agent. Stuxnet is an intelligent weapon without learning capabilities, maybe this features will be part of next generation of cyber weapons.

Cost and complexity of this cyber threats are related to the category the belong, consider also that behind high potential agents there is a long and considerable content of intelligence used to acquire information on final target and develop the weapon specific for it.

In recent years one of the topics of greatest interest in the international scientific community has been the development of new cyber weapons to use against hostile countries.
What dominates, without any doubt, was the use of viruses and other malware to attack critical infrastructure of the opponents.
The Stuxnet case did school, for sure behind its development there are government structures, most likely in the U.S. and Israel.

Why the use of a cyber weapon has proved a winner?

  • First, the disclosure of such agents is silenced for the nature of the vulnerabilities that are exploited. The study of new zero-day vulnerability provides a real advantage to those who attack and the related risks of failure of operations is minimal. We consider that attacks perpetrated in this way, because of the anonymous nature of the offense, allow you to circumvent the approval by the world community to a military offensive.
  • The costs involved in developing solutions such as that at issue are relatively low compared to other conventional weapons.
  • The choice of cyber weapon allows those who use the solution to remain anonymous until military strategies deem it appropriate. The main strategies that use of such malware are mainly aimed at:
    • Probing the technological capabilities of the enemy. The ability of an agent to infect enemy structures is symptomatic of inadequate cyber defense strategy that may suggest additional military options.
    • Undermine those that are considered critical structures whose operation depends on the opponent’s vital functions of the governmental structure of a country.
  • No doubt regarding the efficacy of these weapons. Events have proved that they are offensive weapons designed with the intent to infect opposing structures. The cyber weapons can be designed to hit specific targets while minimizing the noise related the usage of the weapon that can result in causing the discovery. The vector of infection can be of various kinds, such as a common USB support, being able to hit a very large number of targets in a small time interval.
  • Another significant factor is the ability to predict and to observe the development of a cyber weapon by agencies intelligence. In a classical context the development of a conventional weapon can be easily identified through intelligence operations on the ground and via satellite observations can be easily identified a garrison used to develop military systems. The development of a cyber weapon is rather difficult to locate and thus hinder , even a private home may be suitable for the purpose.

To understand the real evolution of cyber weapons will propose again taken from a slide part of the presentation “Preparing for a Cyber ​​Attack” by Kevin G. Coleman.

Easy to understand how is grown over the years the technology in the development of a cyber arsenal and how dangerous are the cyber weapons of the next future.

But what are the objectives to be attacked with weapons of this kind?
The series is very wide, it is known that through a malware can affect any system in which there is a control component. To cite some examples:

  • Industrial control systems, particular concern are those components that oversee the operation of such plant for energy production and delivery of services of various kinds, such as water utilities.
  • Systems for territory controls
  • Hospitals and government controls
  • Communications networks
  • Defence systems

Several intelligence studies demonstrate that more over 140 countries have a cyber weapon development program, starting from 2006 the the equity investment is a hundred times higher, with a sensible increase in the number of countries that are pursuing this kind of weapon or acquiring knowledge in the sector.

 THE cyber weapon is a unique prerogative of governments?

Unfortunately not, although behind the development of a cyber weapon there is a painstaking intelligence work and investment still large, we must keep in mind that such weapons can also be developed by groups of criminal and hacktivist with unpredictable and disastrous. As anticipated the development of a cyber weapon requires a long process of research, however, groups of hackers and cyber criminals may be able, through processes of reverse engineering, to analyze the sources code of existing weapons modifying it according their design. In this way could proliferate cyber weapons characterized by increasingly complexity and unpredictable behavior.

Let’s clarify that a cyber weapon not necessary must be used with offensive purpose, during last months a news has been circulating in some media about the Fujitsu company has subscribed a contract with the Japanese Ministry of Defense developed for a development of a new virus.
The news confirms therefore the approach introduced in this article, viruses are used as a weapon inside a cyber strategy. I cite this example to the uniqueness of the case. This time the project for the virus development should not be but for the offense purpose but for defense. That is another interesting usage of a cyber weapon, developed to defend systems and track back any cyber threats.

Regarding the project, for an approximate cost of U.S. $ 2.3 million, appears that Japan is keen to have a tool that seeks out infected computers, hopping from PC to PC, and cleans them up.
The debate on the efficacy of the method adopted is open.

Are we ready to face a cyber attack?

No doubt in recent years, international opinion was strongly sensitized on this issue and there have been huge investments in warfare. Numerous studies have demonstrated the need for adequate cyber strategy, defensive as offensive. Unfortunately the news is not good, too many critical infrastructures are still vulnerabilities to attacks carried out with this type of weapon, it is therefore necessary to monitor, with an international collaboration, the development and proliferation of these threats. The key critical infrastructures all over the world must be identified and must be defined a common defense policy … we still have much work to do.

About the Author : Pierluigi Paganini, Security Specialist

CEH – Certified Ethical Hacker, EC Council

Security Affairs ( http://securityaffairs.co/wordpress  )

Email : pierluigi.paganini@securityaffairs.co

References

http://www.tandfonline.com/doi/abs/10.1080/03071847.2012.664354

 


facebook linkedin twitter

China Cyber attacks Cyber Crime cyber espionage cyber threat cyber threats cyber weapon cyber weapons cyberwarfare duqu Espionage Hackers Hacking Hacktivism Incident Intelligence Large scale infiltration malware stuxnet Trojan virus warfare

you might also like

Pierluigi Paganini July 24, 2025
SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks
Read more
Pierluigi Paganini July 24, 2025
DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Coyote malware is first-ever malware abusing Windows UI Automation

    Malware / July 24, 2025

    SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

    Security / July 24, 2025

    DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

    Security / July 24, 2025

    Stealth backdoor found in WordPress mu-Plugins folder

    Malware / July 24, 2025

    U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 24, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT