COMMENTARY: Cyber and geopolitical tensions have escalated globally today, and organizations find themselves at the center of a high-stakes struggle for control over digital networks.
Security teams are no longer simply defending against isolated attacks: they operate within a shifting battlefield where cyber threats intersect with strategic maneuvers by powerful and well-funded nation-states.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Recent cyber operations—ranging from ransomware attacks on critical infrastructure to influence campaigns aimed at undermining political elections—highlight the urgency of this new landscape. In this era of unprecedented complexity, adapting to these converging threats isn’t just prudent: it’s essential for business survival.
In our long experience as cybersecurity professionals working in military and intelligence operations, we've witnessed how the lines between cyber threats and geopolitical tensions are increasingly blurred. The convergence of these domains has reshaped the global threat landscape, making the implications for security teams more profound than ever. Here are three trends security pros need to know about:
- Infostealers: A security epidemic.
We've observed an alarming surge in infostealers in recent years—lightweight malware that scrapes sensitive data from devices, often with devastating consequences. These simple, yet potent tools contribute to a thriving underground economy, where stolen data gets traded at scale, feeding a vicious cycle of cybercrime and espionage. The ease with which attackers can deploy infostealers has made them a mainstay, not just for isolated cybercriminals, but also for state-sponsored actors seeking an efficient way to gather intelligence and sow discord. As nation-states become more active in the digital sphere, infostealers are now integral to complex campaigns aiming to undermine targets globally. For instance, attackers use data scraped from infostealer logs to seed disinformation efforts or compromise critical systems, allowing hostile actors to execute multi-faceted attacks that blur the boundaries between traditional cybercrime and geopolitical aggression.
- The ransomware explosion.
Ransomware remains a significant and persistent threat, with incidents rising 84% in 2023 alone. Efforts by law enforcement to disrupt major groups like LockBit have only partly stemmed the tide, as these organizations adapt quickly. LockBit alone launched 428 attacks in early 2024, demonstrating how sophisticated and relentless these groups have become. It’s now part of a larger trend where ransomware attacks are not isolated incidents: they often act as springboards for broader state-sponsored campaigns. Cybercriminals, with potential ties to nation-states, exploit Ransomware-as-a-Service (RaaS) models to launch highly profitable, coordinated attacks that destabilize economies, disrupt government operations, and erode trust in institutions. The synergy between criminal organizations and state actors means that ransomware incidents are increasingly becoming geopolitical tools, wielded to erode an adversary’s capabilities and control global narratives.
Today's Cold War revolves around cyber
Today, we are living through a new Cold War, but it’s playing out on digital battlegrounds instead of physical ones. Nation-states such as Russia, China, Iran, and North Korea are leveraging cyberspace to project power and influence on an unprecedented scale. This isn’t merely about stealing secrets or disrupting critical infrastructure: it’s about challenging democratic institutions, sowing discord among allies, and gaining influence over global narratives. For example, Russian cyber campaigns have continued targeting U.S. elections, leveraging cyber tools to interfere with democratic processes. Meanwhile, Chinese actors focus on technological influence, with escalated scrutiny surrounding platforms like TikTok and recent hacks on the mobile devices of U.S. political figures. In Iran, cyber operations are increasingly aligned with influence campaigns, seeking to amplify divisive narratives, while North Korean campaigns exploit ransomware and cryptocurrency theft as critical revenue streams to sustain their regime.
These activities signal a sophisticated, long-term strategy where cyber capabilities are essential to a nation-state’s geopolitical objectives. In this environment, traditional, segmented defenses are no longer sufficient. Security teams now face a highly interconnected threat landscape where lone hackers, criminal syndicates, and state-sponsored groups operate in concert. Each actor brings distinct methods and motives, but all contribute to a complex web of threats with profound consequences for national and economic security.
Adapt to the new world order
The convergence of cyber threats with geopolitical strategy calls for a proactive, holistic approach to cybersecurity. Organizations must recognize that cybersecurity does not present merely a technical challenge, but a strategic imperative woven into the fabric of the global order. This means adopting a risk-based approach to cybersecurity that prioritizes defending critical assets and adjusting defenses in real time to evolving threats.
Vulnerability management becomes crucial in this context, requiring more than just routine patching: it demands continuous monitoring and rapid response capabilities. An intelligence-driven approach, drawing on insights from sources like the deep and dark web, has become essential for understanding the broader threat landscape and discerning the motivations and methods of attackers.
The need to collaborate
Addressing this new era of cyber and geopolitical convergence requires unprecedented collaboration across sectors. Governments, businesses, and security professionals must work together, sharing resources and information to build a resilient defense against these threats. Our collective security depends on a united front, where knowledge and expertise are shared to counter the ever-evolving tactics of both cybercriminals and nation-states.
The need for robust, adaptive, and collaborative cybersecurity has never been greater. This new digital Cold War demands that security teams not just respond to threats, but also anticipate and prepare for them.
Andrew Borene, executive director, international markets and global security; Ian Gray, vice president of cyber threat intelligence operations, Flashpoint
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
