Ransomware, Critical Infrastructure Security, Network Security

5 scenarios for how we might be attacked in the ongoing cyber war

A futuristic chess game with transparent, glowing chess pieces on a neon-lit board. The king piece stands out, symbolizing strategy, intelligence, and technological advancement in the digital age. Perfect for illustrating business, technology, and innovation concepts.

In October 2023, a coordinated cyberattack shut down parts of Denmark’s railway network, delaying trains nationwide. Just a month later, hackers linked to a state-backed group disabled Poland’s government document portal during a wave of geopolitical tension with Belarus. And in early 2024, a ransomware campaign targeted over 100 hospitals in the U.S. and Europe, forcing surgeries to be postponed and emergency patients rerouted.

These aren’t hypothetical scenarios. They’re documented, verifiable events from the last two years, and they point to a chilling truth: the frontline of modern conflict is increasingly digital.

With rising geopolitical tensions across Europe, the Middle East, and the Indo-Pacific, cyber attacks are being prepared on all sides. In the past years we have gotten so used to state sponsored cyber incidents that most rarely get a political or military response. For now. The perceived impunity of the digital realm and challenges of timely attribution make digital warfare an active endeavor of many geopolitical adversaries. 

Governments are taking notice. Cyber defense spending is increasing globally, with the U.S., EU, and NATO allocating record budgets to digital security and threat response. The UK's National Cyber Force has expanded recruitment. The EU has launched new cyber resilience initiatives. Even neutral countries like Switzerland are investing in cyber intelligence.

So what should we expect in the coming years?

We expect increasingly spectacular attacks and far-reaching consequences: collapsing infrastructure, interrupting emergency care, hijacking communications, and sowing public confusion in ways that deeply destabilize societies.

We look at the technical capabilities and track record of the different actors and have compiled a list of five most likely types.

1. Critical infrastructure attack

Critical infrastructure attacks target essential services such as power grids, water treatment plants, and transportation systems. These systems often include operational technology (OT) networks that are isolated from the internet (sometimes air-gapped) but still vulnerable. Attackers often gain initial access through phishing emails, infected USB drives, or exploiting weak remote access systems. Once inside, malware can move laterally into OT environments to sabotage physical systems.

These attacks can lead to blackouts, traffic control failures, poisoned water supplies, or even damaged hardware. They’re designed to cause civilian disruption and strain emergency services.

Real-world example: In 2024, Iranian-linked group CyberAv3ngers breached multiple U.S. water utilities by exploiting internet-connected industrial controllers. They successfully infiltrated systems used to manage chemical dosing in drinking water — raising the risk of contamination. The FBI confirmed the group targeted critical infrastructure across several states, using a mix of credential theft and unpatched device exploits.

2. DDOS attacks

Distributed denial-of-service (DDoS) attacks flood a target with massive volumes of traffic from botnets, overwhelming servers and making websites or online services unavailable to users. Attackers can command networks of compromised devices, ranging from IoT gadgets to servers, to send simultaneous, high-volume requests. Attacks may also use DNS amplification or multi-vector tactics to scale impact.

A successful DDoS strike can knock government portals offline, disrupt emergency services, stall financial systems, collapse the internet, and create chaos in digital communication channels.

The Baltic states have suffered a lot of outages due to DDoS attacks. These attacks which are politically inspired flood, specific systems, specific industries, and have in some occasions collapsed the whole internet in the region. An attack earlier this year targeted at least five different industries in Lithuania

3. DNS poisoning

DNS poisoning (or cache poisoning), is a tactic that allows attackers to redirect users trying to access legitimate websites, such as Google or Microsoft, to malicious lookalikes. By tampering with the Domain Name System, the “address book” of the internet, attackers can silently hijack traffic without ever needing to breach the target's infrastructure.

The method relies on injecting false DNS responses into the resolver cache, tricking it into associating a domain name with a fake IP address. When successful, it can enable identity theft, service disruption, and targeted espionage. Even a brief window of exposure can be enough to collect credentials, inject malware, or monitor communications.

Real-world example: This isn’t a theoretical risk. In March 2024, Google publicly acknowledged that DNS cache poisoning remains an active threat, even against hardened infrastructure. Their internal research showed how attackers could exploit predictable parameters in DNS lookups (like source ports or transaction IDs) to forge responses faster than legitimate servers. In response, Google hardened its public DNS resolvers with stronger randomness and further support for DNSSEC, while urging others to adopt similar defenses.

The implications go far beyond phishing. In the context of geopolitical conflict, DNS poisoning could be weaponized to cause widespread service outages, reroute sensitive data to hostile actors, or undermine public trust in digital platforms. In a cyber warfare scenario, this type of attack wouldn’t just target individual users, it could be used to compromise entire populations’ access to critical information.

4. Ransomware campaigns

Ransomware campaigns are sophisticated attacks in which cybercriminals infiltrate healthcare or corporate networks, encrypt critical files, and demand payment; often accompanied by threats to publish stolen data. These attacks typically begin with phishing emails, exploit outdated software, or exploit weak credentials. Once inside, attackers move laterally to target systems like electronic health records or manufacturing controls, before triggering encryption and data theft simultaneously, a tactic known as double extortion.

In May 2024, Ascension Health (one of the largest nonprofit health systems in the U.S.) fell victim to a major ransomware attack that exemplified the real-world impact of this threat. The attack crippled IT systems across multiple states, affecting 5.6 million patients and forcing clinicians to revert to pen-and-paper and fax machines to coordinate care and process patient data. Appointments, surgeries, and medication orders were delayed or canceled, and nurses were left handling forms manually, leading to near-miss incidents. The incident became widely discussed among healthcare professionals. This was not just a disruption of services, it was a clear danger to patient safety.

Such ransomware campaigns could play a significant role in a future digital war. Beyond financial hits, these attacks cripple operational capacity and strip sensitive data that could be weaponized. In a global conflict, strategic strikes against hospitals, utilities, and industrial targets might not only extract ransom, but could also destabilize entire regions, cripple morale, and even cause loss of life.

5. Telecom infrastructure compromise

Telecom operators are high-value targets in cyber conflict. These networks carry not only civilian traffic but also sensitive government and military communications. Compromising them gives adversaries access to metadata, call content, user locations, and the ability to intercept or disrupt messages.

Attacks often begin through phishing, exploitation of outdated networking equipment, or by purchasing access from other threat groups. Once inside, attackers can establish long-term surveillance - bypassing SMS-based multi-factor authentication, intercepting messages, and tracking users in real time by cell tower triangulation.

A striking example came in 2024, when China-linked APT group Salt Typhoon breached multiple U.S. telecom providers, including Verizon and AT&T, by exploiting flaws in core Cisco routers. According to public reports, the attackers accessed metadata and unencrypted communications from political and law enforcement targets. The intrusion extended into Canada in early 2025, where similar tactics were used to siphon traffic from major telecom networks.

In a major conflict, these capabilities could be used to track military units, compromise leadership communications, or disable emergency alerts. With telecom systems deeply embedded in every aspect of civilian life, their compromise represents a silent but powerful tool of modern warfare.

Preparing for the digital frontline

The cyber war has arrived, long before there are boots on the ground there are keys on keyboards. The tactics that are shaping it are already here, unfolding across civilian systems, critical infrastructure, and the devices we rely on every day. These aren’t hypothetical “future threats,” they’re warning shots, stress tests, and rehearsals.

For cybersecurity professionals, policymakers, and everyday users alike, the takeaway is not panic, but preparation. Building digital resilience isn’t just a job for governments or big tech. It affects all of us. It’s also about awareness, good hygiene, and knowing how attacks work before they happen.

Resilience for individuals starts with the basics: phishing awareness, strong password practices, regular software updates, and healthy skepticism online. These are simple but powerful habits that reduce exposure to the kinds of attacks already shaping the digital battleground.

For organizations, it is key not to try to invent the wheel. There are solid frameworks available that help organizations of any size or industry implement good structured security programmes, (examples: NIST CSF, OWASP SAMM, OWASP DSOMM, ISO standards). Like any quality control system it is all about analysis of the situation and iterative improvements.

Things evolve slowly until they happen all at once.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Dag Flachet

Dag Flachet is co-founder and CGO at Codific.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds