In October 2023, a coordinated cyberattack shut down parts of Denmark’s railway network, delaying trains nationwide. Just a month later, hackers linked to a state-backed group disabled Poland’s government document portal during a wave of geopolitical tension with Belarus. And in early 2024, a ransomware campaign targeted over 100 hospitals in the U.S. and Europe, forcing surgeries to be postponed and emergency patients rerouted.These aren’t hypothetical scenarios. They’re documented, verifiable events from the last two years, and they point to a chilling truth: the frontline of modern conflict is increasingly digital.With rising geopolitical tensions across Europe, the Middle East, and the Indo-Pacific, cyber attacks are being prepared on all sides. In the past years we have gotten so used to state sponsored cyber incidents that most rarely get a political or military response. For now. The perceived impunity of the digital realm and challenges of timely attribution make digital warfare an active endeavor of many geopolitical adversaries. Governments are taking notice. Cyber defense spending is increasing globally, with the U.S., EU, and NATO allocating record budgets to digital security and threat response. The UK's National Cyber Force has expanded recruitment. The EU has launched new cyber resilience initiatives. Even neutral countries like Switzerland are investing in cyber intelligence.So what should we expect in the coming years?We expect increasingly spectacular attacks and far-reaching consequences: collapsing infrastructure, interrupting emergency care, hijacking communications, and sowing public confusion in ways that deeply destabilize societies.We look at the technical capabilities and track record of the different actors and have compiled a list of five most likely types.
Real-world example: This isn’t a theoretical risk. In March 2024, Google publicly acknowledged that DNS cache poisoning remains an active threat, even against hardened infrastructure. Their internal research showed how attackers could exploit predictable parameters in DNS lookups (like source ports or transaction IDs) to forge responses faster than legitimate servers. In response, Google hardened its public DNS resolvers with stronger randomness and further support for DNSSEC, while urging others to adopt similar defenses.The implications go far beyond phishing. In the context of geopolitical conflict, DNS poisoning could be weaponized to cause widespread service outages, reroute sensitive data to hostile actors, or undermine public trust in digital platforms. In a cyber warfare scenario, this type of attack wouldn’t just target individual users, it could be used to compromise entire populations’ access to critical information.
1. Critical infrastructure attack
Critical infrastructure attacks target essential services such as power grids, water treatment plants, and transportation systems. These systems often include operational technology (OT) networks that are isolated from the internet (sometimes air-gapped) but still vulnerable. Attackers often gain initial access through phishing emails, infected USB drives, or exploiting weak remote access systems. Once inside, malware can move laterally into OT environments to sabotage physical systems.These attacks can lead to blackouts, traffic control failures, poisoned water supplies, or even damaged hardware. They’re designed to cause civilian disruption and strain emergency services.Real-world example: In 2024, Iranian-linked group CyberAv3ngers breached multiple U.S. water utilities by exploiting internet-connected industrial controllers. They successfully infiltrated systems used to manage chemical dosing in drinking water — raising the risk of contamination. The FBI confirmed the group targeted critical infrastructure across several states, using a mix of credential theft and unpatched device exploits.2. DDOS attacks
Distributed denial-of-service (DDoS) attacks flood a target with massive volumes of traffic from botnets, overwhelming servers and making websites or online services unavailable to users. Attackers can command networks of compromised devices, ranging from IoT gadgets to servers, to send simultaneous, high-volume requests. Attacks may also use DNS amplification or multi-vector tactics to scale impact.A successful DDoS strike can knock government portals offline, disrupt emergency services, stall financial systems, collapse the internet, and create chaos in digital communication channels.The Baltic states have suffered a lot of outages due to DDoS attacks. These attacks which are politically inspired flood, specific systems, specific industries, and have in some occasions collapsed the whole internet in the region. An attack earlier this year targeted at least five different industries in Lithuania.3. DNS poisoning
DNS poisoning (or cache poisoning), is a tactic that allows attackers to redirect users trying to access legitimate websites, such as Google or Microsoft, to malicious lookalikes. By tampering with the Domain Name System, the “address book” of the internet, attackers can silently hijack traffic without ever needing to breach the target's infrastructure.The method relies on injecting false DNS responses into the resolver cache, tricking it into associating a domain name with a fake IP address. When successful, it can enable identity theft, service disruption, and targeted espionage. Even a brief window of exposure can be enough to collect credentials, inject malware, or monitor communications.Real-world example: This isn’t a theoretical risk. In March 2024, Google publicly acknowledged that DNS cache poisoning remains an active threat, even against hardened infrastructure. Their internal research showed how attackers could exploit predictable parameters in DNS lookups (like source ports or transaction IDs) to forge responses faster than legitimate servers. In response, Google hardened its public DNS resolvers with stronger randomness and further support for DNSSEC, while urging others to adopt similar defenses.The implications go far beyond phishing. In the context of geopolitical conflict, DNS poisoning could be weaponized to cause widespread service outages, reroute sensitive data to hostile actors, or undermine public trust in digital platforms. In a cyber warfare scenario, this type of attack wouldn’t just target individual users, it could be used to compromise entire populations’ access to critical information.




