• November 14, 2021
• By Cyberarch Admin

We are living in an era where most of the world’s population is connected to the internet for personal and professional needs. Day by day the number of connected people to the number of devices connected over the internet is increasing rapidly. People share information, do online banking, do fund transfer, store sensitive information, etc. Same way Private Organizations or Government Organizations also store and share sensitive information and guard it with high-level security like Firewall, network monitoring, IDS, IPS, Antivirus, etc. Due to the availability and connectivity of everything in the cyber world, cyber-attacks have become more prevalent. In recent years cyber-attacks have become more sophisticated and even a novice user also called script-kiddies are also trying to hack using the easily available tools which were once available only in the black market.

Cyber-attacks are not only confined to attacking a computer and stealing personal data or money but against organizations, government, etc. too. Targeted attacks have become more prevalent than in the past bringing down networks, infrastructures, power grids of a nation, banking systems, and many more. Nowadays NASA got hacked, Pentagon got hacked, Sony got hacked, and University got hacked kind of news is like a day to day news to us. Think of how sophisticated hackers have become as they were able to infiltrate even highly secured environments. If they were able to get into such secured networks, then think about common people and small Organizations getting wiped out.

Already many nations got involved in a new kind of warfare called Cyber-Warfare. Information is wealth and therefore attacking others and gathering secret information has become common nowadays as we hear a lot about hackers from different countries such as Russia, China, Iran, the US, etc., attacking each other by infiltrating into the highly secured environment and stealing sensitive government data. As the name suggests it is the war conducted in the cyber world where the conflict is between states, nations, and not individuals. The cause of an actual war can be easily traced whereas in cyberwar it is hard as many state-sponsored attacks go unclaimed leaving the experts without any clues as to who did this or what’s the root cause of such attack. Sometimes famous hacking groups will claim the attacks admitting to the crimes, but they are not linked with any government or organization in particular. 

A famous example of such an attack is Stuxnet which was a joint venture of Israel and the US to bring down Iran’s nuclear program. An employee of Iran’s underground nuclear enrichment facility located in Natanz inserted a USB stick embedded with the Stuxnet worm in one of the air-gapped network systems which resulted in exploiting multiple zero-days and searched for a particular program called centrifuge and commanded them to run faster and then slower for a particular period and again faster. From 2009 to 2010 Stuxnet had destroyed more than 1000 six and a half foot aluminum centrifuges.

Even though Stuxnet is one of the best examples of Cyber Warfare, significant events attributed to state-level attacks also happen a lot. One such example was a Distributed Denial of Service (DDoS) attack carried out unprecedentedly in the spring of 2007 which took down Estonia’s digital media platform, government websites, online banking systems, and almost everything on the web. This attack was carried out as a response to the government’s decision to move a statue of soviet-era which was a war memorial from the capital city Tallinn to a different location which angered the Russian-speaking minority leading to protest in the streets and attacks on the web. The attacks went on for weeks and were carried out from bots around the world which belonged to the Russian Cybercriminal groups.  

Another example is Russia being accused of conducting mass cyber-attacks against Ukraine in 2015 which cut of the power to 700,000 homes in the country which was called as Black Energy attack. Another country which is always in the limelight is North Korea which is said to be active in cyber-attacks which is linked to the dangerous hacking organization Hidden Cobra also known as Lazarus who is said to be responsible for the 2014 Sony Hack and Bangladeshi Bank in 2016. Back in 2008 one year after the attacks in Estonia, a Russian government-linked political Cyber-attack was carried out on its neighboring country Georgia directly with series of DDoS attacks which were later accompanied by physical invasion by sending tanks towards Georgian capital to protect their friendly separatists who were within the border of Georgia. But during that time internet users in Georgia was estimated to be 7% and these attacks merely tore down websites and defaced them.

 Apart from Cyber-Warfare we usually come across another term called as Cyber-Terrorism which results in both the Physical and Virtual world getting affected. Terrorism doesn’t directly target individual interests like life, property, etc. but try to take down a government; organisation, etc. which means terrorism targets a collective interest. The word “Cyber Terrorism” is of recent vintage and was coined by computer whiz Barry C. Collin. A widely accepted definition of cyber terrorism is “a criminal act perpetrated by the use of computers and telecommunication capabilities resulting in violence, destruction and/or disruption of services to create fear within a given population to influence a government or population to conform to a particular political, social or ideological agenda. 

Cyber terrorists attack private or government computer systems and cripple financial, service, military, etc. sectors causing severe data and monetary loss. Cyber-terrorism is not seen as a real threat like state-sponsored cyber-attacks, but still, it is destructive. For example, we can quote Wannacry and NotPetya Ransomware of 2017 which affected organizations across 150 countries and interrupted their business, and incurred losses over 300 million US Dollars as reported by some companies. The more technologically advanced a country is the more vulnerable to cyber-attacks against its infrastructure. Cyber terrorists use some of the popular attack methods such as DDoS, IP Spoofing, Phishing, VOIP Phishing called Vishing, etc. Among this Distributed Denial of Service is the most beloved attack of many as many terrorist group views this as asymmetric, low cost & low-risk warfare against nations.

There have been several incidents of Indian Websites getting hacked or defaced by hacking groups from Pakistan every year and in return individual hacking groups from India will conduct mass cyber-attack against Pakistan and deface 100s of government sites. These attacks are not state-sponsored but carried out by individual groups whose main motive is to bring down other government’s cyber presence and shame them by proudly sharing their hacks on social platforms. Not all cyber-crimes or cyber-attacks are called as cyber terrorism. Most of the attacks come under cyber-crime and not terrorism. The attacks that are carried out with politically or ideologically motivated attacks fall under this category of cyber terrorism. 

According to a report submitted by CRS (Congress Research Service) to US Congress, “the terrorists are exhibiting a similar level of web knowledge as by US government agencies.” The same report mentions that Al-Qaeda has opened web forums for its cadres to impart knowledge in the hacking of computers! If so how safe is we as a nation against the attacks from cyber terrorists is a big question. Even though cyber terrorism is on the rise, many experts state that that is not going to pose a threat to anybody or any nation. But things should not be taken lightly as underground hackers are always on the lookout to find zero-days which helps them to exploit the network/service/system, place a piece of obfuscated malware which will do the deed for them, and take down large infrastructures or demand ransom (money) to avoid damages/theft. There are no specific security measurements to stay safe from cyber warfare or terrorism. We already have plenty of security models, standards, checklists, manuals, etc. which helps us to understand and defend against such threats. The safety of an individual or organisation or a nation depends on how we plan, implement, and monitor the security.

Author : Meshach.M – Senior Security Consultant at Cyberarch Consulting