A cyberattack is any offensive maneuver that targets
computer information systems
An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people ...
,
computer network
A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections ar ...
s,
infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of
cyber warfare or
cyberterrorism. A cyberattack can be employed by
sovereign state
A sovereign state or sovereign country, is a polity, political entity represented by one central government that has supreme legitimate authority over territory. International law defines sovereign states as having a permanent population, defin ...
s, individuals, groups, societies or organisations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a
cyber weapon. Cyber attacks have increased with an alarming rate for the last few years
A cyberattack may steal, alter, or destroy a specified target by
hacking into a susceptible system.
Cyberattacks can range from installing
spyware on a personal computer to attempting to destroy the infrastructure of entire nations. Legal experts are seeking to limit the use of the term to incidents causing physical damage, distinguishing it from the more routine
data breaches and broader
hacking activities.
Cyberattacks have become increasingly sophisticated and dangerous.
User behavior analytics and
Security Information and Event Management
Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time a ...
(SIEM) can be used to help prevent these attacks.
Definitions
Since the late 1980s cyberattacks have evolved several times to use innovations in
information technology
Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of data . and information. IT forms part of information and communications technology (ICT). An information technology system ...
as vectors for committing
cybercrimes. In recent years, the scale and robustness of cyberattacks have increased rapidly, as observed by the
World Economic Forum
The World Economic Forum (WEF) is an international non-governmental and lobbying organisation based in Cologny, canton of Geneva, Switzerland. It was founded on 24 January 1971 by German engineer and economist Klaus Schwab. The foundation, ...
in its 2018 report: "Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents".
[Alt URL]
In May 2000, the
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
defined attack in RFC 2828 as:
:''an
assault
An assault is the act of committing physical harm or unwanted physical contact upon a person or, in some specific legal definitions, a threat or attempt to commit such an action. It is both a crime and a tort and, therefore, may result in cri ...
on system security that derives from an intelligent
threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the
security policy of a system.''
CNSS Instruction No. 4009 dated 26 April 2010 by
Committee on National Security Systems of the United States of America
[CNSS Instruction No. 4009](_blank)
dated 26 April 2010 defines an attack as:
:''Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.''
The increasing dependency of modern society on information and computer networks (both in private and public sectors, including the military) has led to new terms like cyber attack and
cyber warfare.
CNSS Instruction No. 4009
[ define a cyber attack as:
:''An attack, via cyberspace, targets an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.''
As cars begin to adopt more technology, cyber attacks are becoming a security threat to automobiles.
]
Prevalence
In the first six months of 2017, two billion data records were stolen or impacted by cyber attacks, and ransomware payments reached , double that in 2016. In 2020, with the increase of remote work as an effect of the COVID-19 global pandemic, cybersecurity statistics reveal a huge increase in hacked and breached data. The worldwide information security market is forecast to reach $170.4 billion in 2022.
Cyber warfare and cyberterrorism
Cyberwarfare utilizes techniques of defending and attacking information and computer networks that inhabit cyberspace, often through a prolonged cyber campaign or series of related campaigns. It denies an opponent's ability to do the same while employing technological instruments of war to attack an opponent's critical computer systems. Cyberterrorism, on the other hand, is "the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population". That means the result of both cyberwarfare and cyberterrorism is the same, to damage critical infrastructures and computer systems linked together within the confines of cyberspace.
The financial crime expert Veit Buetterlin explained that organizations, including state actors, which cannot finance themselves through trade because of imposed sanctions, conduct cyber attacks on banks to generate funds.
Factors
Three factors contribute to why cyberattacks are launched against a state or an individual: the fear factor, the spectacularity factor, and the vulnerability factor.
Spectacularity factor
The spectacularity factor is a measure of the actual damage achieved by an attack, meaning that the attack creates direct losses (usual loss of availability or loss of income) and garners negative publicity. On 8 February 2000, a Denial of Service attack severely reduced traffic to many major sites, including Amazon, Buy.com, CNN, and eBay (the attack continued to affect still other sites the next day). Amazon reportedly estimated the loss of business at $600,000.
Vulnerability factor
The vulnerability factor exploits how vulnerable an organization or government establishment is to cyberattacks. Organizations without maintenance systems might be running on old servers which are more vulnerable than updated systems. An organization can be vulnerable to a denial of service attack and a government establishment can be defaced on a web page. A computer network attack disrupts the integrity or authenticity of data, usually through malicious code that alters program logic that controls data, leading to errors in the output.[Linden, Edward. Focus on Terrorism. New York: Nova Science Publishers, Inc., 2007. Web.]
Professional hackers to cyberterrorists
Professional hackers, either working on their own or employed by government agencies or the military, can find computer systems with vulnerabilities lacking the appropriate security software. Once those vulnerabilities are found, they can infect systems with malicious code and then remotely control the system or computer by sending commands to view content or to disrupt other computers. There needs to be a pre-existing system flaw within the computer such as no antivirus protection or faulty system configuration for the viral code to work.
Many professional hackers will promote themselves to cyber terrorists, for financial gain or other reasons. This means a new set of rules govern their actions. Cyberterrorists have premeditated plans and their attacks are not born of rage. They need to develop their plans step-by-step and acquire the appropriate software to carry out an attack. They usually have political agendas, targeting political structures. Cyberterrorists are hackers with a political motivation, their attacks can impact political structure through this corruption and destruction.[Prichard, Janet, and Laurie MacDonald. "Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks." Journal of Information Technology Education. 3. (2004): n. page. Web.] They also target civilians, civilian interests, and civilian installations. As previously stated, cyberterrorists attack persons or property and cause enough harm to generate fear.
Types of attack
An attack can be ''active'' or ''passive''.[
: An "active attack" attempts to alter system resources or affect their operation.
: A " passive attack" attempts to learn or make use of information from the system but does not affect system resources (e.g., ]wiretapping
Telephone tapping (also wire tapping or wiretapping in American English) is the monitoring of telephone and Internet-based conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitori ...
).
An attack can be perpetrated by an ''insider'' or from'' outside'' the organization;[
: An "inside attack" is an attack initiated by an entity inside the security perimeter (an "insider"), i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.
: An "outside attack" is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.]
:
A resource (both physical or logical), called an asset
In financial accounting, an asset is any resource owned or controlled by a business or an economic entity. It is anything (tangible or intangible) that can be used to produce positive economic value. Assets represent value of ownership that ca ...
, can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. As a result, the confidentiality, integrity
Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values.
In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. In ...
or availability of resources may be compromised. Potentially, the damage may extend to resources in addition to the one initially identified as vulnerable, including further resources of the organization, and the resources of other involved parties (customers, suppliers).
The so-called CIA triad is the basis of information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthori ...
.
The attack can be ''active'' when it attempts to alter system resources or affect their operation: so it compromises integrity or availability. A "''passive attack''" attempts to learn or make use of information from the system but does not affect system resources: so it compromises confidentiality.
A threat is a potential for violation of security, which exists when there is a circumstance, capability, action or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado).[
A set of policies concerned with information security management, the information security management systems (ISMS), has been developed to manage, according to risk management principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country.][
]
An attack should lead to a ''security incident'' i.e. a ''security event'' that involves a ''security violation''. In other words, a security-relevant system event in which the system's security policy is disobeyed or otherwise breached.
The overall picture represents the risk factors of the risk scenario.
An organization should take steps to detect, classify and manage security incidents. The first logical step is to set up an incident response plan and eventually a computer emergency response team.
In order to detect attacks, a number of countermeasures can be set up at organizational, procedural, and technical levels. Computer emergency response team, information technology security audit and intrusion detection system are examples of these.[
]
An attack usually is perpetrated by someone with bad intentions: black hatted attacks falls in this category, while other perform penetration testing on an organization information system to find out if all foreseen controls are in place.
The attacks can be classified according to their origin: i.e. if it is conducted using one or more computers: in the last case is called a distributed attack. Botnets are used to conduct distributed attacks.
Other classifications are according to the procedures used or the type of vulnerabilities exploited: attacks can be concentrated on network mechanisms or host features.
Some attacks are physical: i.e. theft or damage of computers and other equipment. Others are attempts to force changes in the logic used by computers or network protocols in order to achieve unforeseen (by the original designer) result but useful for the attacker. Software used to for logical attacks on computers is called malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
.
The following is a partial short list of attacks:
* Passive
** Computer and network surveillance
** Network
*** Wiretapping
Telephone tapping (also wire tapping or wiretapping in American English) is the monitoring of telephone and Internet-based conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitori ...
*** Fiber tapping
*** Port scan
*** Idle scan
The idle scan is a TCP port scan method that consists of sending spoofed packets to a computer to find out what services are available. This is accomplished by impersonating another computer whose network traffic is very slow or nonexistent (t ...
** Host
*** Keystroke logging
*** Data scraping
*** Backdoor
* Active
** Denial-of-service attack
*** DDos or Distributed Denial of service attack is an attempt made by the hacker to block access to a server or a website that is connected to the Internet. This is achieved using multiple computerized systems, which overloads the target system with requests, making it incapable of responding to any query.
** Spoofing
** Mixed threat attack
** Network
*** Man-in-the-middle
*** Man-in-the-browser
*** ARP poisoning
In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends ( spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the a ...
*** Ping flood
*** Ping of death
*** Smurf attack
** Host
*** Buffer overflow
*** Heap overflow
*** Stack overflow
*** Format string attack
* By modality
** Supply chain attack
** Social engineering Social engineering may refer to:
* Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale
* Social engineering (security), obtaining confidential information by manipulating and/or ...
** Exploit
Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably.
Exploit can mean:
* Exploitation of natural resources
*Exploit (computer security)
* Video game exploit
*Exploita ...
In detail, there are a number of techniques to utilize in cyberattacks and a variety of ways to administer them to individuals or establishments on a broader scale. Attacks are broken down into two categories: syntactic attacks and semantic attacks. Syntactic attacks are straightforward; it is considered malicious software which includes viruses, worms, and Trojan horses.
Syntactic attacks
Viruses
A virus is a self-replicating program that can attach itself to another program or file in order to reproduce. The virus can hide in unlikely locations in the memory of a computer system and attach itself to whatever file it sees fit to execute its code. It can also change its digital footprint each time it replicates making it harder to track down in the computer.
Worms
A worm does not need another file or program to copy itself; it is a self-sustaining running program. Worms replicate over a network using protocols. The latest incarnation of worms make use of known vulnerabilities in systems to penetrate, execute their code, and replicate to other systems such as the Code Red II worm that infected more than 259 000 systems in less than 14 hours. On a much larger scale, worms can be designed for industrial espionage to monitor and collect server and traffic activities then transmit it back to its creator.
Trojan horses
A Trojan horse is designed to perform legitimate tasks but it also performs unknown and unwanted activity. It can be the basis of many viruses and worms installing onto the computer as keyboard loggers and backdoor software. In a commercial sense, Trojans can be imbedded in trial versions of software and can gather additional intelligence about the target without the person even knowing it happening. All three of these are likely to attack an individual and establishment through emails, web browsers, chat clients, remote software, and updates.
Semantic attacks
Semantic attack is the modification and dissemination of correct and incorrect information. Information modified could have been done without the use of computers even though new opportunities can be found by using them. To set someone in the wrong direction or to cover your tracks, the dissemination of incorrect information can be utilized.
Cyberattacks by and against countries
Within cyberwarfare, the individual must recognize the state actors involved in committing these cyberattacks against one another. The two predominant players that will be discussed is the age-old comparison of East versus West, China's cyber capabilities compared to United States' capabilities. There are many other state and non-state actors involved in cyberwarfare, such as Russia, Iran, Iraq, and Al Qaeda; since China and the U.S. are leading the foreground in cyberwarfare capabilities, they will be the only two states actors discussed.
But in Q2 2013, Akamai Technologies reported that Indonesia toppled China with a portion 38 percent of cyber attacks, a high increase from the 21 percent portion in the previous quarter. China set 33 percent and the US set at 6.9 percent. 79 percent of attacks came from the Asia Pacific region. Indonesia dominated the attacking to ports 80 and 443 by about 90 percent.
Azerbaijan
Hackers from Azerbaijan
Azerbaijan (, ; az, Azərbaycan ), officially the Republic of Azerbaijan, , also sometimes officially called the Azerbaijan Republic is a transcontinental country located at the boundary of Eastern Europe and Western Asia. It is a part of th ...
and Armenia
Armenia (), , group=pron officially the Republic of Armenia,, is a landlocked country in the Armenian Highlands of Western Asia.The UNbr>classification of world regions places Armenia in Western Asia; the CIA World Factbook , , and ...
have actively participated in cyberwarfare as part of the Nagorno-Karabakh conflicyber warfare over the disputed region of Nagorno-Karabakh
Nagorno-Karabakh ( ) is a landlocked region in the South Caucasus, within the mountainous range of Karabakh, lying between Lower Karabakh and Syunik, and covering the southeastern range of the Lesser Caucasus mountains. The region is mos ...
, with Azerbaijani hackers targeting Armenian websites and posting Ilham Aliyev
Ilham Heydar oghlu Aliyev ( az, İlham Heydər oğlu Əliyev, ; born 24 December 1961) is the fourth president of Azerbaijan, serving in the post since 31 October 2003.
The son and second child of the former Azerbaijani leader Heydar Aliyev ...
's statements.
Canada
"Chinese state-sponsored actor" attacked a research facility in Canada in 2011. Unknown hackers attacked Canada's foreign ministry in 2022.
China
China's People's Liberation Army
The People's Liberation Army (PLA) is the principal military force of the People's Republic of China and the armed wing of the Chinese Communist Party (CCP). The PLA consists of five service branches: the Ground Force, Navy, Air Force, ...
(PLA) has developed a strategy called "Integrated Network Electronic Warfare" which guides computer network operations and cyberwarfare tools. This strategy helps link together network warfare tools and electronic warfare weapons against an opponent's information systems during the conflict. They believe the fundamentals for achieving success is about seizing control of an opponent's information flow and establishing information dominance. ''The Science of Military'' and ''The Science of Campaigns'' both identify enemy logistics systems networks as the highest priority for cyberattacks and states that cyberwarfare must mark the start of a campaign, used properly, can enable overall operational success.[Krekel, Bryan. People's Republic of China. The US-China Economic and Security Review Commission.Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation. Virginia: Northrop Grumman, 2009. Web.] Focusing on attacking the opponent's infrastructure to disrupt transmissions and processes of information that dictate decision-making operations, the PLA would secure cyber dominance over their adversary. The predominant techniques that would be utilized during a conflict to gain the upper hand are as follows, the PLA would strike with electronic jammers, electronic deception, and suppression techniques to interrupt the transfer processes of information. They would launch virus attacks or hacking techniques to sabotage information processes, all in the hopes of destroying enemy information platforms and facilities. The PLA's ''Science of Campaigns'' noted that one role for cyberwarfare is to create windows of opportunity for other forces to operate without detection or with a lowered risk of counterattack by exploiting the enemy's periods of "blindness", "deafness" or "paralysis" created by cyberattacks. That is one of the main focal points of cyberwarfare, to be able to weaken your enemy to the full extent possible so that your physical offensive will have a higher percentage of success.
The PLA conducts regular training exercises in a variety of environments emphasizing the use of cyberwarfare tactics and techniques in countering such tactics if it is employed against them. Faculty research has been focusing on designs for rootkit usage and detection for their Kylin Operating System which helps to further train these individuals' cyberwarfare techniques. China perceives cyber warfare as a deterrent to nuclear weapons, possessing the ability for greater precision, leaving fewer casualties, and allowing for long-ranged attacks.
On March 2, 2021, Microsoft released an emergency security update to patch four security vulnerabilities that had been used by Hafnium, a Chinese nation-state-sponsored hacking group that had compromised at least 30,000 public and private Microsoft exchange servers.
Estonia
The 2007 cyberattacks on Estonia were a series of cyberattacks that began on 27 April 2007 and targeted websites of Estonia
Estonia, formally the Republic of Estonia, is a country by the Baltic Sea in Northern Europe. It is bordered to the north by the Gulf of Finland across from Finland, to the west by the sea across from Sweden, to the south by Latvia, and t ...
n organizations, including Estonian parliament, banks, ministries, newspapers, and broadcasters, amid the country's disagreement with Russia
Russia (, , ), or the Russian Federation, is a transcontinental country spanning Eastern Europe and Northern Asia. It is the largest country in the world, with its internationally recognised territory covering , and encompassing one-eigh ...
about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn
Tallinn () is the most populous and capital city of Estonia. Situated on a bay in north Estonia, on the shore of the Gulf of Finland of the Baltic Sea, Tallinn has a population of 437,811 (as of 2022) and administratively lies in the Harju '' ...
. The attacks triggered a number of military organizations around the world to reconsider the importance of network security to modern military doctrine. The direct result of the cyberattacks was the creation of the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn.
Ethiopia
In an extension of a bilateral dispute between Ethiopia
Ethiopia, , om, Itiyoophiyaa, so, Itoobiya, ti, ኢትዮጵያ, Ítiyop'iya, aa, Itiyoppiya officially the Federal Democratic Republic of Ethiopia, is a landlocked country in the Horn of Africa. It shares borders with Eritrea to the Er ...
and Egypt
Egypt ( ar, مصر , ), officially the Arab Republic of Egypt, is a transcontinental country spanning the northeast corner of Africa and southwest corner of Asia via a land bridge formed by the Sinai Peninsula. It is bordered by the Med ...
over the Grand Ethiopian Renaissance Dam, Ethiopian government websites have been hacked by the Egypt-based hackers in June 2020.
India and Pakistan
There were two such instances between India and Pakistan that involved cyberspace conflicts, started in 1990s. Earlier cyber attacks came to known as early as in 1999. Since then, India and Pakistan were engaged in a long-term dispute over Kashmir which moved into cyberspace
Cyberspace is a concept describing a widespread interconnected digital technology. "The expression dates back from the first decade of the diffusion of the internet. It refers to the online world as a world 'apart', as distinct from everyday re ...
. Historical accounts indicated that each country's hackers have been repeatedly involved in attacking each other's computing database system. The number of attacks has grown yearly: 45 in 1999, 133 in 2000, 275 by the end of August 2001. In 2010, Indian hackers laid a cyber attack at least 36 government database websites going by the name "Indian Cyber Army". In 2013, Indian hackers hacked the official website of Election Commission of Pakistan in an attempt to retrieve sensitive database information. In retaliation, Pakistani hackers, calling themselves "True Cyber Army" hacked and defaced ~1,059 websites of Indian election bodies.
In 2013, India
India, officially the Republic of India ( Hindi: ), is a country in South Asia. It is the seventh-largest country by area, the second-most populous country, and the most populous democracy in the world. Bounded by the Indian Ocean on the ...
's Ministry of Electronics and Information Technology (MeitY) which was then known as Department of Electronics and Information Technology
The Ministry of Electronics and Information Technology (MeitY) is an executive agency of the Union Government of the Republic of India. It was carved out of the Ministry of Communications and Information Technology on 19 July 2016 as a standalon ...
(DeitY), unveiled a cybersecurity policy framework called National Cyber Security Policy 2013 which officially came into effect on July 1, 2013.
According to the media, Pakistan's has been working on effective cyber security system, in a program called the "Cyber Secure Pakistan" (CSP). The program was launched in April 2013 by Pakistan Information Security Association and the program has expanded to country's universities.
In 2020, according to the Media reports, Pakistan Army confirms the series of Cyber Attacks that has been identified on Pakistani Government and private websites by the Indian Intelligence. ISPR also advised the government and private institutions to enhance cyber security measures.
Iran
On 8 February 2020, the telecommunication network of Iran
Iran, officially the Islamic Republic of Iran, and also called Persia, is a country located in Western Asia. It is bordered by Iraq and Turkey to the west, by Azerbaijan and Armenia to the northwest, by the Caspian Sea and Turkm ...
witnessed extensive disruptions at 11:44 a.m. local time, which lasted for about an hour. The Ministry of Information and Communications Technology of Iran confirmed it as a Distributed Denial of Service (DDoS) attack. The Iranian authorities activated the "Digital Fortress" cyber-defense mechanism to repel. Also known as DZHAFA, it led to a drop of 75 percent in the national internet connectivity.
On the noon of 26 October 2021, A cyberattack caused all 4,300 fuel stations in Iran to disrupt and disable government-issued cards for buying subsidized fuel. This cyberattack also caused digital billboards to display messages against the Iranian government.
Ireland
On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.
It was the most significant cybercrime attack on an Irish state agency and the largest known attack against a health service computer system. The group responsible was identified as a criminal gang known as Wizard Spider
Wizard Spider, also known as Trickbot, is a cybercrime group based in and around Saint Petersburg in Russia. Some members may be based in
Ukraine. They are estimated to number about 80, some of them may not know they are employed by a criminal ...
, believed to be operating from Russia. The same group is believed to have attacked Ireland's Department of Health with a similar cyberattack.
Israel
In April 2020, there were attempts to hack into Israel
Israel (; he, יִשְׂרָאֵל, ; ar, إِسْرَائِيل, ), officially the State of Israel ( he, מְדִינַת יִשְׂרָאֵל, label=none, translit=Medīnat Yīsrāʾēl; ), is a country in Western Asia. It is situated ...
's water infrastructure of the Sharon central region by Iran, which was thwarted by Israeli cyber defenses. The cyberattack intended to introduce dangerous levels of chlorine
Chlorine is a chemical element with the symbol Cl and atomic number 17. The second-lightest of the halogens, it appears between fluorine and bromine in the periodic table and its properties are mostly intermediate between them. Chlorine is ...
into the Israeli water supply.
North Korea
Norway
In August 2020 the Norwegian parliament ''Storting
The Storting ( no, Stortinget ) (lit. the Great Thing) is the supreme legislature of Norway, established in 1814 by the Constitution of Norway. It is located in Oslo. The unicameral parliament has 169 members and is elected every four years ...
et'' suffered a cyberattack on the email system belonging to several officials. In December 2020, the Norwegian Police Security Service said the likely perpetrators were the Russian cyber espionage group Fancy Bear
Fancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level ...
.
Russia
During the 2018 FIFA World Cup, Russia countered and stopped around 25 million cyber-attacks on IT Infrastructure.
In June 2019, Russia
Russia (, , ), or the Russian Federation, is a transcontinental country spanning Eastern Europe and Northern Asia. It is the largest country in the world, with its internationally recognised territory covering , and encompassing one-eigh ...
has conceded that it is "possible" its electrical grid is under cyberattack by the United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., federal district, five ma ...
. The ''New York Times'' reported that American hackers from the United States Cyber Command
United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integr ...
planted malware potentially capable of disrupting the Russian electrical grid.
On 19 October 2020, the US justice department charged six Russian military officers of a worldwide hacking campaign, which attacked targets like French election, the 2018 Winter Olympic Games
The Winter Olympic Games (french: link=no, Jeux olympiques d'hiver) is a major international multi-sport event held once every four years for sports practiced on snow and ice. The first Winter Olympic Games, the 1924 Winter Olympics, were he ...
opening ceremony, US businesses and Ukraine's electricity grid. The campaign was believed to have cost billions of dollars for the mass disruption it caused.
Ukraine
A series of powerful cyberattacks began 27 June, 2017, that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. In January 2022, Microsoft
Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
disclosed activity of a ransomware and DoS attack on various government agencies and organizations.
United Arab Emirates
In 2019, Reuters
Reuters ( ) is a news agency owned by Thomson Reuters Corporation. It employs around 2,500 journalists and 600 photojournalists in about 200 locations worldwide. Reuters is one of the largest news agencies in the world.
The agency was est ...
reported that United Arab Emirates
The United Arab Emirates (UAE; ar, اَلْإِمَارَات الْعَرَبِيَة الْمُتَحِدَة ), or simply the Emirates ( ar, الِْإمَارَات ), is a country in Western Asia ( The Middle East). It is located at ...
launched a series of cyberattacks on its political opponents, journalists, and human rights activists under Project Raven
DarkMatter Group is a computer security company founded in the United Arab Emirates (UAE) in 2014 or 2015. The company describes itself as a purely defensive company, but several whistleblowers have alleged that it is involved in offensive cybe ...
, on an espionage platform namely Karma. The team included ex-US intelligence agents. Project Raven commenced in 2009 and was planned to be continued for the coming ten years.
United Arab Emirates, used and asked for help from couple of countries providing their best calibres to overcome this crisis, and to confine the damage and consequences upon Project Raven
DarkMatter Group is a computer security company founded in the United Arab Emirates (UAE) in 2014 or 2015. The company describes itself as a purely defensive company, but several whistleblowers have alleged that it is involved in offensive cybe ...
, and indeed big names did participate to help like the American master, Graham Dexter, and the Egyptian phenomenal name in cybersecurity, Elhamy Elsebaey.
United States
In the west, the United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., federal district, five ma ...
provides a different "tone of voice" when cyberwarfare is on the tip of everyone's tongue. The United States provides security plans strictly in the response to cyberwarfare, basically going on the defensive when they are being attacked by devious cyber methods. In the U.S., the responsibility of cybersecurity is divided between the Department of Homeland Security, the Federal Bureau of Investigation, and the Department of Defense. In recent years, a new department was created to specifically tend to cyber threats, this department is known as Cyber Command. Cyber Command is a military subcommand under US Strategic Command and is responsible for dealing with threats to the military cyber infrastructure. Cyber Command's service elements include Army Forces Cyber Command, the Twenty-Fourth Air Force, Fleet Cyber Command and Marine Forces Cyber Command. It ensures that the President can navigate and control information systems and that he also has military options available when defense of the nation needs to be enacted in cyberspace. Individuals at Cyber Command must pay attention to state and non-state actors who are developing cyberwarfare capabilities in conducting cyber espionage and other cyberattacks against the nation and its allies. Cyber Command seeks to be a deterrence factor to dissuade potential adversaries from attacking the U.S., while being a multi-faceted department in conducting cyber operations of its own.
Three prominent events took place which may have been catalysts in the creation of the idea of Cyber Command. There was a failure of critical infrastructure reported by the CIA where malicious activities against information technology systems disrupted electrical power capabilities overseas. This resulted in multi-city power outages across multiple regions. The second event was the exploitation of global financial services. In November 2008, an international bank had a compromised payment processor that allowed fraudulent transactions to be made at more than 130 automated teller machines in 49 cities within a 30-minute period. The last event was the systemic loss of U.S. economic value when an industry in 2008 estimated $1 trillion in losses of intellectual property to data theft. Even though all these events were internal catastrophes, they were very real in nature, meaning nothing can stop state or non-state actors to do the same thing on an even grander scale. Other initiatives like the Cyber Training Advisory Council were created to improve the quality, efficiency, and sufficiency of training for computer network defense, attack, and exploitation of enemy cyber operations.
On both ends of the spectrum, East and West nations show a "sword and shield" contrast in ideals. The Chinese have a more offensive minded idea for cyberwarfare, trying to get the pre-emptive strike in the early stages of conflict to gain the upper-hand. In the U.S. there are more reactionary measures being taken at creating systems with impenetrable barriers to protect the nation and its civilians from cyberattacks.
According to ''Homeland Preparedness News'', many mid-sized U.S. companies have a difficult time defending their systems against cyber-attacks. Around 80 percent of assets vulnerable to a cyber-attack are owned by private companies and organizations. Former New York State Deputy Secretary for Public Safety Michael Balboni said that private entities "do not have the type of capability, bandwidth, interest or experience to develop a proactive cyber analysis."
In response to cyberattacks on 1 April 2015, President Obama issued an Executive Order establishing the first-ever economic sanctions. The Executive Order will impact individuals and entities ("designees") responsible for cyber-attacks that threaten the national security, foreign policy, economic health, or financial stability of the US. Specifically, the Executive Order authorizes the Treasury Department to freeze designees' assets.
According to Ted Koppel's book, in 2008, the United States in collaboration with Israel, ran a cyber-attack on Iran's nuclear program, becoming "the first to use a digital weapon as an instrument of policy".
Consequence of a potential attack
Consequences can include a multitude of direct and indirect effects. In September 2020, media reported of what may be the first publicly confirmed case of a civilian fatality as a nearly direct consequence of a cyberattack, after ransomware disrupted a hospital in Germany.
A whole industry is working to minimize the likelihood and the consequences of a cyberattack.
For a partial list see: Computer security software companies.
Activities, often offered as products and services, may be aimed at:
* Studying all possible attacks category
* Publishing books and articles about the subject
* Discovering vulnerabilities
* Evaluating the risks
* Fixing vulnerabilities
* Inventing, designing and deploying countermeasures
* Setting up a contingency plan
A contingency plan, also known colloquially as Plan B, is a plan devised for an outcome other than in the usual (expected) plan. It is often used for risk management for an exceptional risk that, though unlikely, would have catastrophic conseque ...
in order to be ready to respond
Many organizations are trying to classify vulnerability and their consequences. The most popular vulnerability database is the Common Vulnerabilities and Exposures.
Computer emergency response teams are set up by governments and large organizations to handle computer security incidents.
Infrastructures as targets
Once a cyberattack has been initiated, there are certain targets that need to be attacked to cripple the opponent. Certain infrastructures as targets have been highlighted as critical infrastructures in times of conflict that can severely cripple a nation. Control systems, energy resources, finance, telecommunications, transportation, and water facilities are seen as critical infrastructure targets during conflict. A new report on the industrial cybersecurity problems, produced by the British Columbia Institute of Technology, and the PA Consulting Group, using data from as far back as 1981, reportedly has found a 10-fold increase in the number of successful cyberattacks on infrastructure Supervisory Control and Data Acquisition (SCADA) systems since 2000. Cyberattacks that have an adverse physical effect are known as cyber-physical attacks.
Control systems
Control systems are responsible for activating and monitoring industrial or mechanical controls. Many devices are integrated with computer platforms to control valves and gates to certain physical infrastructures. Control systems are usually designed as remote telemetry devices that link to other physical devices through internet access or modems. Little security can be offered when dealing with these devices, enabling many hackers or cyberterrorists to seek out systematic vulnerabilities. Paul Blomgren, manager of sales engineering at cybersecurity firm explained how his people drove to a remote substation, saw a wireless network antenna and immediately plugged in their wireless LAN cards. They took out their laptops and connected to the system because it wasn't using passwords. "Within 10 minutes, they had mapped every piece of equipment in the facility," Blomgren said. "Within 15 minutes, they mapped every piece of equipment in the operational control network. Within 20 minutes, they were talking to the business network and had pulled off several business reports. They never even left the vehicle."[Lyons, Marty. United States. Homeland Security. Threat Assessment of Cyber Warfare. Washington, D.C.:, 2005. Web.]
Energy
Energy is seen as the second infrastructure that could be attacked. It is broken down into two categories, electricity and natural gas. Electricity also known as electric grids power cities, regions, and households; it powers machines and other mechanisms used in day-to-day life. Using US as an example, in a conflict cyberterrorists can access data through the Daily Report of System Status that shows power flows throughout the system and can pinpoint the busiest sections of the grid. By shutting those grids down, they can cause mass hysteria, backlog, and confusion; also being able to locate critical areas of operation to further attacks in a more direct method. Cyberterrorists can access instructions on how to connect to the Bonneville Power Administration which helps direct them on how to not fault the system in the process. This is a major advantage that can be utilized when cyberattacks are being made because foreign attackers with no prior knowledge of the system can attack with the highest accuracy without drawbacks. Cyberattacks on natural gas installations go much the same way as it would with attacks on electrical grids. Cyberterrorists can shutdown these installations stopping the flow or they can even reroute gas flows to another section that can be occupied by one of their allies. There was a case in Russia with a gas supplier known as Gazprom, they lost control of their central switchboard which routes gas flow, after an inside operator and Trojan horse program bypassed security.
The 2021 Colonial Pipeline cyberattack caused a sudden shutdown of the pipeline that carried 45% of the gasoline, diesel, and jet fuel consumed on the East Coast of the United States
The East Coast of the United States, also known as the Eastern Seaboard, the Atlantic Coast, and the Atlantic Seaboard, is the coastline along which the Eastern United States meets the North Atlantic Ocean. The eastern seaboard contains the ...
.
Finance
Financial infrastructures could be hit hard by cyberattacks as the financial system is linked by computer systems. Money is constantly being exchanged in these institutions and if cyberterrorists were to attack and if transactions were rerouted and large amounts of money stolen, financial industries would collapse and civilians would be without jobs and security. Operations would stall from region to region causing nationwide economic degradation. In the U.S. alone, the average daily volume of transactions hit $3 trillion and 99% of it is non-cash flow. To be able to disrupt that amount of money for one day or for a period of days can cause lasting damage making investors pull out of funding and erode public confidence.
A cyberattack on a financial institution or transactions may be referred to as a cyberheist. These attacks may start with phishing that targets employees, using social engineering Social engineering may refer to:
* Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale
* Social engineering (security), obtaining confidential information by manipulating and/or ...
to coax information from them. They may allow attackers to hack into the network and put keyloggers on the accounting systems. In time, the cybercriminals are able to obtain password and keys information. An organization's bank accounts can then be accessed via the information they have stolen using the keyloggers. In May 2013, a gang carried out a US$40 million cyberheist from the Bank of Muscat.
Telecommunications
Cyberattacking telecommunication infrastructures have straightforward results. Telecommunication integration is becoming common practice, systems such as voice and IP networks are merging. Everything is being run through the internet because the speeds and storage capabilities are endless. Denial-of-service attacks can be administered as previously mentioned, but more complex attacks can be made on BGP routing protocols or DNS infrastructures. It is less likely that an attack would target or compromise the traditional telephony network of SS7 switches, or an attempted attack on physical devices such as microwave stations or satellite facilities. The ability would still be there to shut down those physical facilities to disrupt telephony networks. The whole idea on these cyberattacks is to cut people off from one another, to disrupt communication, and by doing so, to impede critical information being sent and received. In cyberwarfare, this is a critical way of gaining the upper hand in a conflict. By controlling the flow of information and communication, a nation can plan more accurate strikes and enact better counter-attack measures on their enemies.
Transportation
Transportation infrastructure mirrors telecommunication facilities: by impeding transportation for individuals in a city or region, the economy will slightly degrade over time. Successful cyberattacks can impact scheduling and accessibility, creating a disruption in the economic chain. Carrying methods will be impacted, making it hard for cargo to be sent from one place to another. In January 2003 during the "slammer" virus, Continental Airlines was forced to shut down flights due to computer problems. Cyberterrorists can target railroads by disrupting switches, target flight software to impede airplanes, and target road usage to impede more conventional transportation methods. In May 2015, a man, Chris Roberts, who was a cyberconsultant, revealed to the FBI that he had repeatedly, from 2011 to 2014, managed to hack into Boeing and Airbus flights' controls via the onboard entertainment system, allegedly, and had at least once ordered a flight to climb. The FBI, after detaining him in April 2015 in Syracuse, had interviewed him about the allegations.
Water
Water as an infrastructure could be one of the most critical infrastructures to be attacked. It is seen as one of the greatest security hazards among all of the computer-controlled systems. There is the potential to have massive amounts of water unleashed into an area which could be unprotected causing loss of life and property damage. It is not even water supplies that could be attacked; sewer systems can be compromised too. There was no calculation given to the cost of damages, but the estimated cost to replace critical water systems could be in the hundreds of billions of dollars. Most of these water infrastructures are well developed making it hard for cyberattacks to cause any significant damage, at most, equipment failure can occur causing power outlets to be disrupted for a short time.
Hospitals
Hospital as an infrastructure is one of the major assets to have been impacted by cyberattacks. These attacks could "directly lead to deaths." The cyberattacks are designed to deny hospital workers access to critical care systems. Recently, there has been a major increase of cyberattacks against hospitals amid the COVID-19 pandemic
The COVID-19 pandemic, also known as the coronavirus pandemic, is an ongoing global pandemic of coronavirus disease 2019 (COVID-19) caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). The novel virus was first identified ...
. Hackers lock up a network and demand ransom to return access to these systems. The ICRC and other human rights group have urged law enforcement to take “immediate and decisive action” to punish such cyberattackers.
See also
* Asset (computing)
* Common Vulnerabilities and Exposures
* Computer emergency response team
* Computer insecurity
* Computer security
Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
* Contingency plan
A contingency plan, also known colloquially as Plan B, is a plan devised for an outcome other than in the usual (expected) plan. It is often used for risk management for an exceptional risk that, though unlikely, would have catastrophic conseque ...
* Countermeasure (computer)
* Exploit (computer security)
An exploit (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unant ...
* Factor Analysis of Information Risk
* Hacking: The Art of Exploitation Second Edition
* Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
* Information technology security audit
* Information Security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthori ...
* Intrusion detection system
* IT risk
* List of cyber warfare forces
* Metasploit
* Month of Bugs
A month of bugs is a strategy used by security researchers to draw attention to the lax security procedures of commercial software corporations.
Researchers have started such a project for software products where they believe corporations have ...
* National Information Assurance Glossary
* Network lateral movement
* Penetration test
* Risk factor
In epidemiology, a risk factor or determinant is a variable associated with an increased risk of disease or infection.
Due to a lack of harmonization across disciplines, determinant, in its more widely accepted scientific meaning, is often us ...
* Security control
* Security service (telecommunication)
* Threat
* Vulnerability
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally."
A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
* Vulnerability management
* Web application attack and audit framework (w3af)
* List of cyberattacks
* Access control
In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
* Security controls
* Security management
References
* Sanaei, M. G., Isnin, I. F., & Bakhtiari, M. (2013)
Performance Evaluation of Routing Protocol on AODV and DSR Under Wormhole Attack
International Journal of Computer Networks and Communications Security, Volume 1, Issue 1, .
Further reading
*
External links
July 2015 Cyber Attacks Statistics
– Hackmageddon
Norse Attack Map
Term in FISMApedia
{{Authority control
Cybercrime
Attacks by method
Security compliance
Wikipedia articles with ASCII art