What is the difference between cybercrime and a “cyber war”?
There are different elements of an attack that help us understand this: the targets, the threat actors behind it, as well as the tools used. But I think one of the most important aspects, something that drives all the other aspects, is also the answer to the question I posed earlier: intent.
I believe this difference in intent matters because it defines the threat itself. There are a lot of reports on different kinds of organizations being successfully victimized by targeted attacks, and it has become so overwhelming to the point that it has obscured our view of what kind of threats we’re dealing with. And though knowing the intent might not be able to help us stop an attack, it can enable us assess if we are a potential target.
Cyber war or Cybercrime?
For example, when a threat actor from country A conducts a targeted attack against several companies in country B, does it count as cyber war, or cybercrime? The answer, again, depends on the intent.
Cyber war, as Raimund Genes also said in his 2013 predictions, refer to politically motivated attacks that may destroy data or even cause physical damage to infrastructure of a specific country. So in my example above, if the goal of the attack is to destroy the companies’ data or their infrastructure with a political intent, it may be considered an act of cyber war.
However, if the attack is conducted in order to steal information from the companies with a pure financial intent, then it should be considered a form of cybercrime. Most of the cybercrime schemes we’ve seen in the past aimed to affect as many individual users as possible, but the cybercriminals have found a bigger and better target in companies.