Cyberattacks reshape modern conflict & highlight resilience needs

Recent cyberattacks on infrastructure, government, and healthcare demonstrate the increasing integration of digital tactics in contemporary conflicts.

The digital frontline

Incidents over the past two years highlight a clear shift in the landscape of modern conflict, with the digital realm now playing a significant role. In October 2023, parts of Denmark's railway network were shut down following a coordinated cyberattack, causing train delays nationwide. The following month, hackers disrupted Poland's government document portal at a time of geopolitical tension with Belarus. Early in 2024, a ransomware campaign affected over 100 hospitals in the United States and Europe, resulting in postponed surgeries and diversion of emergency patients.

These events underscore a trend where cyberattacks target both public infrastructure and critical services. Political and military responses to such attacks have so far been limited, partly due to challenges in attribution and the perceived impunity attached to digital operations. The press release notes, "The perceived impunity of the digital realm and challenges of timely attribution make digital warfare an active endeavour of many geopolitical adversaries."

Government responses

Governments worldwide are responding to the changing threat landscape. The United States, European Union, and NATO have increased spending on cyber defence and digital threat-response measures. The UK's National Cyber Force has broadened its recruitment initiatives, while the European Union has introduced new cyber resilience strategies. Even countries with neutral status, such as Switzerland, have begun investing more heavily in cyber intelligence.

Types of attacks

Analysis of recent incidents reveals five prominent categories of cyberattacks poised to have significant impacts in ongoing and future conflicts.

Critical infrastructure attacks

Critical infrastructure encompasses power grids, water systems, and transport networks. These environments often use operational technology (OT) networks that are separated from the internet but still have vulnerabilities. Attackers typically exploit mechanisms such as phishing, infected external drives, or unsecured remote access points to gain entry. In 2024, a group linked to Iran, called CyberAv3ngers, breached several US water utilities by targeting internet-connected control systems, raising risks of water contamination. The FBI confirmed a combination of credential theft and unpatched devices were used in these attacks.

DDoS attacks

Distributed Denial-of-Service (DDoS) attacks deploy networks of compromised devices to overwhelm targeted websites or services, making them inaccessible. Recently, DDoS campaigns caused outages across the Baltic region, affecting government services and private sector industries. An incident in early 2025 targeted multiple industries in Lithuania, illustrating the scale and political motivation behind such attacks.

DNS poisoning

DNS poisoning manipulates the Domain Name System to divert users from legitimate websites to malicious copies, potentially enabling espionage, service disruption, or data theft. A Google security report in March 2024 confirmed DNS cache poisoning remains a risk, even with advanced defences in place. DNS poisoning has broader implications, potentially disrupting access to critical information or services for entire populations during periods of heightened tension.

Ransomware campaigns

Ransomware attacks enable criminals to encrypt sensitive files and demand payments for decryption or to prevent the leak of stolen data. In May 2024, Ascension Health in the United States experienced such an attack, affecting 5.6 million patients, disrupting medical procedures, and forcing staff to use manual record-keeping processes. The event highlighted the risks to patient safety and service continuity in healthcare systems during digital attacks.

Telecom infrastructure compromise

Telecommunications providers are increasingly targeted due to the sensitive nature of the data they handle. In 2024, a group identified as Salt Typhoon, linked to China, exploited vulnerabilities in core networking equipment at major US and Canadian telecom providers. These breaches allowed the attackers to access metadata and unencrypted communications, particularly targeting political and law enforcement communications.

"The cyber war has arrived, long before there are boots on the ground there are keys on keyboards. The tactics that are shaping it are already here, unfolding across civilian systems, critical infrastructure, and the devices we rely on every day. These aren't hypothetical "future threats", they're warning shots, stress tests, and rehearsals," Dag Flachet, Co-Founder & CGO at Codific, said.

Strengthening resilience

Dag Flachet, Co-Founder & CGO at Codific, continued: "Resilience for individuals starts with the basics: phishing awareness, strong password practices, regular software updates, and healthy scepticism online. These are simple but powerful habits that reduce exposure to the kinds of attacks already shaping the digital battleground."

Organisations are advised against bespoke security models, with tried and tested frameworks such as NIST CSF, OWASP SAMM, and ISO standards cited as effective guides for structuring improvement. The statement continues, "Like any quality control system it is all about analysis of the situation and iterative improvements. Things evolve slowly until they happen all at once."

"For cybersecurity professionals, policymakers, and everyday users alike, the takeaway is not panic, but preparation. Building digital resilience isn't just a job for governments or big tech. It affects all of us. It's also about awareness, good hygiene, and knowing how attacks work before they happen."