Full Text

Introduction

Cyberwarfare is increasingly becoming an integral part of international conflicts (Courtney 2017; Connell & Vogler 2017; DeWeese 2009; Eom et al. 2012). This involves purely cyber conflicts, but also can have an impact in kinetic warfare. Many traditional conflict scenarios now involve a cyber component (Swanson 2010). The latter situation is primarily due to the increasing integration of technological augments to traditional military capabilities (Kannan & Manoharan 2018; Kott, Swami & West 2016; Zhang et al. 2015).

Regardless of the scale, motivation, or target for the cyber operation, malware is the most commonly used weapon in cyber conflicts. This is primarily due to the technical realities of the range of possible attacks. Many non-malware attacks are inadequate for the full-scope cyber operational needs. For example, Denial of Service (DoS) attacks frequently have a transient effect on the target and do not normally gain intrusion into the target. Another example is the fact that various web attacks are only plausible in the presence of specific vulnerabilities, which may or may not be present in the target. These are two examples of non-malware-based attacks, and why they can be inadequate for many cyber operations. Malware introduces a flexible attack platform that can address any attack vector. Furthermore, malware can incorporate other attack modalities such as the aforementioned Denial of Service attacks. For these reasons, malware is the ideal platform for any cyberattack. However, in at least some situations, the malware intended for a specific target has inadvertently caused collateral damage (Langner 2011; Lee 2016). The collateral damage not only undermines the operational goals of the cyber operation, but in some cases, it also brings the cyber operation to public attention. It is also noteworthy that in any...