17 Jan 2023

The Fusion of Special and Cyber Forces Makes Sense

There is increasing focus for U.S. Cyber Command (CYBERCOM) to try and replicate the ability of the U.S. Special Operations Command (SOCOM) – the unified combatant command with the mission of overseeing the special operations elements in the U.S. Armed Services – to bring capabilities directly into the battlespace.  At a recent meeting, the chief of CYBEROM is quoted as saying that the command is “trying to build our authorities much in the same way Special Operations Command did this.”  Indeed, per Politico, an unnamed Congressional aide confirmed that CYBERCOM’s evolution has been modeled on the same “legislative techniques” used for SOCOM.  The concept sounds reasonable, particularly as the conflicts being fought are moving to more agile, and quick operations.

Read More
14 Nov 2022

Exponential Disruption and The Cyber Criminal Adoption of the InterPlanetary File System

The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks. IPFS is often used for legitimate purposes, which makes it more difficult for security teams to differentiate between benign and malicious IPFS activity in their networks.
This cybersecurity incident is a really elegant case study that illustrates core concepts central to how we analyze a socio-technical system here at OODA Loop – core concepts we will return to often in the next couple of months as we provide a final analysis of certain research thematics (misinformation, AI innovation, etc.) and findings from our 2022 research agenda.

Read More
12 Oct 2022

Future Wars – Beyond Cyberconflict at OODAcon 2022

OODAcon 2022:  Future Wars – Beyond Cyberconflict Panel Description:  Twenty years ago, cybersecurity experts warned of attacks against power grids and planes falling from the sky. They predicted a future that has not manifested itself yet. Will it? Or will the future of war be a conflict waged for the

Read More
05 Oct 2022

Russia’s Cyber Attacks in Ukraine is Less About Testing New Attacks and All About Regime Survival

Leading up to and during its invasion of Ukraine, Russian cyber attacks have been well documented and tracked and have included standard offensives such as DDoS, malware, and phishing to impact their targets.  Indeed, according to the article, throughout the conflict, DDoS activity has increased 200 percent, malware attacks were up by 400 percent, and phishing attacks continued to rise by 300 percent.  Certainly, the volume and frequency of digital offensives have coincided with the more kinetic and conventional Russian military offensives against Ukraine, mimicking the reality occurring on the ground. There has been constant bombardment but no decisive maneuver or execution of an attack that has been instrumental in gaining an insurmountable advantage.

Read More
05 Oct 2022

OODAcon 2022:  Future Wars – Beyond Cyberconflict

OODAcon 2022:  Future Wars – Beyond Cyberconflict

Panel Description:  Twenty years ago, cybersecurity experts warned of attacks against power grids and planes falling from the sky. They predicted a future that has not manifested itself yet. Will it? Or will the future of war be a conflict waged for the hearts and minds of social media users? What about the future of conflict in the contested domain of space – not only regarding assets in orbit but space exploration and resource exploitation? What lessons will Russia use from its extensive use of cyber tools against Ukraine? What lessons should defenders learn?

Read More
20 Sep 2022

Severing Diplomatic Ties: A New Approach to Confronting State Cyber Aggression?

There is little doubt that cyber attacks are used by both state and nonstate actors a medium to support their geopolitical views and positions during times of regional and global crisis.  The Ukraine conflict has underscored what has been going on for several years – actors resorting to offensive cyber operations to register their displeasure against an offender and his allies.  In the early days, such as when NATO erroneously bombed the Chinese Embassy in Yugoslavia in 1999, or ongoing clashes over disputed territories like Kashmir, foreign policy decisions have been protested via an onslaught of cyber malfeasance.  Fast forward to today, and this type of hacktivism has greatly evolved, moving from primarily the work of aggrieved nonstate politically-minded online activists, to more organized groups, sometimes sponsored by a nation state, and even in some cases, directed by them or state agents. 

Read More
02 Aug 2022

The Cyber Mercenary Business is Booming

A recent report revealed several private sector Indian companies that have been involved in using corporate cyber espionage tactics against entities involved in litigation in an effort to influence their outcomes. What started off as a hacker-for-hire situation, quickly bloomed into an organized commercial endeavor for the hacker, who recruited and grew a small group of Indian colleagues to be hired out to private investigators employed by clients involved in lawsuits.  The reporting focused on three particular companies (BellTroX, CyberRoot, and Appin), though there are several more of these cyber mercenary groups whose customers have ranged from multinationals to individuals with personal grievances they are seeking to satisfy.

Read More
05 Jul 2022

Weaponizing Hacktivists Seems a Logical Progression for Russia

The Ukraine conflict has garnered substantial cyber activity drawing in not only the state cyber assets of both Russia and Ukraine, but sympathizers, volunteers, and non-state hacktivist actors supporting both sides. While much focus has scrutinized what Moscow could and could not do with respect to conducting brutal cyber offensives

Read More
01 Jul 2022

SOHO routers used as initial point of compromise in stealth attack campaign

An attack campaign that was undiscovered for nearly two years was exposed by Black Lotus Labs, an intelligence team in Lumen Technologies. The campaign is highly sophisticated. It targets small office or home office (SOHO) routers as a point of compromise.  The campaign works by first pushing an MIPS file

Read More
20 Jun 2022

Opportunities for Advantage: Mobilizing Innovation through the DHS Science and Technology Directorate

This review of the Department of Homeland Security, Science and Technology (S&T) Impact Series falls into two OODA Loop editorial and curation thematics:  Opportunities for Advantage and Innovation (Design Frameworks and Methodologies). Produced and archived over the course of 2021, the DHS S&T Impact series explores opportunities for advantage through an ongoing discussion within DHS on the definition of and framework for innovation within the agency (and private sector and interagency collaboration):   The DHS S&T Impact Series is a web and video series that “delves into the core homeland security mission areas and highlights how the Science and Technology Directorate (S&T) is helping agents, officers, first responders and decision-makers with some of their toughest challenges.”

Read More