A new era of cyberwarfare is upon us – but is the world ready for it?

When American and Israeli operatives launched the Stuxnet cyberattack against Iran’s nuclear programme more than a decade ago, they patted themselves on the back. Without firing a single shot or sacrificing a single life, the spies, engineers and hackers told themselves they were able to severely damage Iran’s ability to produce enriched uranium, and slow down its nuclear programme.

That conclusion proved rather misguided, as Iran quickly used its know-how to continue ramping up its nuclear programme to even greater capacity. But even back then, there were worried grumbles in the still-nascent cybersecurity industry that the worm or something like it, which had been in development for years, could be reverse-engineered or emulated and used by its targets.

In fact, they were not gloomy enough. Stuxnet heralded a new era of global cyberwarfare, and increasingly, ordinary people are being caught in the crossfire.

Recall that before Stuxnet, cyberattacks were mostly seen as nuisances or criminal behaviour, used for corporate or intergovernmental espionage. The global cybersecurity industry was worth just a few billion dollars. In the next five years, it is expected to be worth more than $210bn (£159bn). Cyberwarfare has become part of many nations’ national security strategy, an essential tool of espionage, counterintelligence, sabotage, and pilfer. Every nation is scrambling to spruce up its cyberdefences as well as offensive capabilities.

Experts say Russia and China have tremendous cyberwar capabilities. But it is diplomatically isolated nations like Iran and especially North Korea that they worry about the most because they have so little to lose and so much to gain by deploying them.

“North Korea is very unique because they focus heavily and persistently on financial and business operations,” says Sherrod DeGrippo, an information security specialist at the cybersecurity firm, Proofpoint.

Among its main targets are cryptocurrency exchanges, attempting to harvest usernames and passwords to loot for softening the blow of international sanctions over its nuclear programme and belligerent behaviours.

A report released last month by Proofpoint described how a suspected North Korean-backed group called Kimusky, AKA Thallium or TA406, has been launching regular attacks targeting diplomats, foreign policy experts, journalists, and non-profit organisations across Europe, Asia, and North America.

What’s more, Proofpoint says the hackers are increasingly using malware that intrudes into IT systems and harvests data rather than old-fashioned phishing attempts that lure targets into giving up their passwords and usernames.

“Now that they have got their feet wet in malware-focused operations, they will likely implement more malware,” says DeGrippo.

What that means is that everyone working in any kind of sensitive field – from media or finance to foreign policy – must be exceptionally vigilant.

“They will come at you from many different directions – email, social media, phone call, text message,” she says. “You have to be careful across the board.”

But there is also a worry that short of dumping gasoline on your smartphone and setting it on fire, there is little people can do to avoid infiltration. The Israeli firm NSO has already developed a tool called Pegasus which can hack someone’s phone without the target clicking on or opening anything. Now that the IT whizzes in Iran and North Korea know such a programme is possible, how much longer before they reverse engineer it?

Perhaps some already have. Kevin Mandia, chief executive of cybersecurity firm Mandiant, recently warned that Iran’s cyber capabilities have expanded beyond the west’s ability to defend against it.

“They’re operating with efficiency; they’re operating with malware that can be updated,” Mandia told US business news channel CNBC last month. “They have a framework where they can update their malware super fast,” he said. “So they can be very efficient… leapfrogging our defences as they learn.”

Many worry an irreversible cycle of escalation has already begun, with nations trying to outdo each other in a cyberarms race. Just weeks after the west’s client Israel was accused in October of launching a cyberattack on Iran’s nationwide petrol stations, Tehran allegedly responded by hacking into Israeli LGBT+ dating and healthcare websites, and publishing the sensitive information it looted online.

To keep up to speed with all the latest opinions and comment sign up to our free weekly Voices Dispatches newsletter by clicking here

The Centre for Security and International Studies has amassed a worrying, and likely only partial, 62-page list of significant cyber attacks since 2006. Actors include suspected hackers in Brazil, China, Russia and Israel. Targets are increasingly civilian in nature, including ethnic minorities such as Kurds, activists seeking fair elections in Russia, small businesses and energy firms.

Perhaps it is time for some sort of global treaty regiment to govern the use, misuse and proliferation of cyber weapons the same way nuclear, chemical and biological weapons are regulated. But DeGrippo doubts any kind of international agreement would work. Unlike atom bombs, the source of cyberwarfare attacks can be easily obfuscated and stockpiles can’t be verified. A plausible ability to deny accusations is one of the main advantages of cyber weapons, making them impervious to regulation.

“There’s no incentive for cooperation on international nonproliferation,” she says. “It’s difficult to do attribution, so world governments may not be able to cooperate on cyberwarfare the way they cooperated on nuclear nonproliferation.”

The secretive developers of Stuxnet had the imagination to come up with a virus that could devastate computer systems from thousands of miles away, but they may have lacked the vision to foresee what kind of world such a weapon would create.