Cyberterrorism | The Threat

Previous Relevant Articles

Cyber Attack, Today's Reality (February 2022)

Why is Two-Factor-Authentication (2FA) So Important?

Studying for my CISM? | Certified Information Security Manager

There is an old saying that death or loss of property are the side products of terrorism, the main purpose of such incidents is to?create terror?in peoples' minds and harm bystanders. If any incident in?cyberspace?can?create terror, it may be aptly called cyberterrorism. For those affected by such acts, the fears of cyberterrorism are quite real.

What is Cyberterrorism?

There is debate over the basic definition of the scope of cyberterrorism. These definitions can be narrow such as the use of Internet to attack other systems on the Internet that result to violence against persons or property. They can also be broad, those that include any form of Internet usage by terrorists, to conventional attacks on information technology infrastructure.

One way of understanding cyberterrorism involves the idea that terrorists could cause massive loss of life, worldwide economic chaos, and environmental damage by hacking into critical national infrastructure systems.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, to achieve political or ideological gains through threat or intimidation.

Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, programming scripts can all be forms of internet terrorism.

Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption.

Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

Cyberterrorism can be also defined as the intentional use of computers, networks, and public internet to cause destruction and harm for personal objectives. Experienced cyberterrorists, who are very skilled in terms of hacking can cause massive damage to government systems and might leave a country in fear of further attacks.

The objectives of such terrorists may be political or ideological since this can be considered a form of terror. The six components of a cyberterrorism taxonomy to explain what cyberterrorism is are as follows;

• An adversary with three distinct characteristics: non-state, terrorist, and secret.
• A motive can be political, sociological, economic, or ideological.
• An intent to persuade or induce someone to take some form of action, achieve an objective, or cause trouble.
• The method to carry out the crime, which includes using a computer and a network to access cyberspace and cross borders to commit acts of cyber warfare or crimes such as cyberattacks and threats of attacks.
• Violence, service interruptions, physical damage, psychosocial harm, monetary loss, or data breaches are some of the most common effects.
• A goal, usually civilians, information, and communication technology, data sources, government institutions, non-government organizations, or physical infrastructure, primarily critical national infrastructure.

Cyberterrorism might be used to destroy the information infrastructure’s physical machinery, remotely disrupting the Internet’s technological foundation, government computer networks, or critical civilian systems such as financial networks and mass media.

Hacktivism Vs. Cyberterrorism

Hacktivism is non-violent. It is an umbrella term for using illegal or ambiguous digital technologies to further a political cause. On the other hand, cyberterrorism refers to politically or ideological motivated assaults on data, computer systems, programs, and data that result in violence against its targets.

Cyberterrorism Vs. Cybercrime

Cyberattacks come in two forms: one against data, the other on control-systems.

The first type attempts to steal or corrupt data and deny services. The vast majority of Internet and other computer attacks have fallen into this category, such as credit-card theft, Web site vandalism and the occasional major denial-of-service assault.

Control-system attacks attempt to disable or take power over operations used to maintain physical infrastructure, such as "distributed control systems" that regulate water supplies or electrical transmission networks.

While remote access to many control systems have previously required an attacker to dial in with a modem, these operations are increasingly using the Internet to transmit data or are connected to a company's local network.

The primary distinction between cybercrime and cyberterrorism is the aim of the assault. Cybercriminals are normally motivated by money, while cyberterrorists may have a variety of goals, and will frequently attempt to inflict damage on the target.

Types of Cyberterrorism

Cyberterrorism is defined as the use of computer networks or systems to inflict intentional damage, cause disruption, and/or intimidate people. These are the most prevalent techniques.

Criminals and non-state adversaries employ several types of cyberterrorist attacks to access and corrupt government, military, and business databases, obtain sensitive information for profit, and collect money from governments and businesses, among other objectives.

Malware

Malware is malicious software that compromises computers and networks and causes harm to the victim and/or financial gain for the adversary. Phishing emails, attachments, unethical advertisements, deceptive installation programs, and infected USB drives are examples of popular malware distribution methods.

Ransomware, in which a file is encrypted and held hostage until a ransom is paid to decrypt it; viruses that harm when opened; worms that replicate themselves on the computer and from machine to machine; and spyware that records activities, records conversations, and downloads personal documents are just a few examples.

Advanced Persistent Threat (APT)

Advanced persistent threat (APT) assaults are sophisticated, purposeful penetrations that aim to acquire network access. The attackers remain undetected after entering the network to steal data. APT assaults often aim at high-value information, such as national defence, manufacturing, and within the financial sector.

Phishing or Social Engineering

Phishing is an assault that pretends to be an email to entice the receiver into running malware that gathers personal information or causes other damage. Cyberterrorists and other malefactors are increasingly using this method to infect their victims’ machines and networks.

Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware.?

Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating a website.

Ransomware

Ransomware is malicious software that prevents people from accessing their files and other resources, then releases them only if they pay a ransom, usually in the form of Bitcoin. Ransomware is often distributed via a phishing scam or more sophisticated spear-phishing attempt, which uses social engineering to deceive the victim into opening the file and executing the attack.

DDos Attacks

Hacker assaults in the form of DDoS attacks are used to try and prevent innocent users from gaining access to targeted computers, devices, or other computer networks. These attackers frequently target critical national infrastructure and government agencies.

Data Breaches

A hacker illegally accessing an individual’s or organization’s information is known as a data breach. Personal information and valuable data, such as financial transactions, consumer databases, user credentials, and email addresses are the most common targets of data breaches.

Data breaches can also occur from lack of user knowledge, for example weak organisational information security awareness and travel security programs, or inappropriately secured devices and data management systems, increasingly whilst travelling or away from your office space, for example leaving laptops unattended, and devices, and or physical documents unattended in hotel rooms and public spaces.

More on this within my above articles.

Impact

The expense of defending against increasingly sophisticated assaults is one of the consequences of cyber terror attacks on organizations and people. As ransomware becomes more popular, firms and individuals are becoming more susceptible to the cost of paying ransomware demands and data recovery due to a ransomware attack.

The World Economic Forum identifies the following cyber-security problems for businesses, governments, and individuals;

• Cyber-attacks are rising in number and sophistication, posing a serious threat to organizations, governments, and people.
• The growing dependency on technology and the simultaneous rise of cybercrime and espionage have made everyone more susceptible to attacks on government services, healthcare systems, transportation networks, and communication systems.
• National boundaries are eroding while distinctions between physical and digital realms become increasingly blurred.
• Because of growing industrial-financial integration, businesses and people rely more on a third-party with whom accountability is doubtful.
• The data security industry’s level of expertise cannot keep up with the cybercriminals’ evolving tactics and technologies. This leaves organizations and individuals scrambling to defend themselves against cyberattacks (reactive) rather than preventing them (proactive).

Examples

In March 2021, it was reported that Russian hackers had targeted Lithuanian officials and decision-makers. The cyber-espionage group APT29, which is said to have performed the assaults, exploited the country’s IT infrastructure against organizations involved in developing a COVID-19 vaccine.

In response to the threat of a Russian invasion of Ukraine in 2022, Anonymous launched several assaults on Russian computer networks. In March 2022, Anonymous carried out a cyberattack against Roskomnadzor. It is one of the most famous examples of what is cyberterrorism.

In April 2022, Taiwan News reported that Cyber Anakin, an Anonymous-affiliated hacker, had carried out a COVID-19 attack under the name “Operation Wrath of Anakin: No Time to Die,” which lasted for less than five days and hacked Chinese computer networks, including government websites, agricultural management systems, coal mine safety interfaces, nuclear power plant interfaces, and satellite interfaces as acts of protest. He had also defaced five Russian sites in response to Russia’s invasion of Ukraine.

British hacker Kane Gamble, was sentenced to 2 years in youth detention, posed as CIA chief to access extremely sensitive information. He also "cyber-terrorized" high-profile U.S. intelligence officials such as then CIA chief John Brennan or Director of National Intelligence James Clapper. The judge said Gamble engaged in "politically motivated cyber terrorism".

During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In addition, businesses, public organizations, and academic institutes received highly politicized virus-laden e-mails from a range of Eastern European countries, according to reports. Web defacements were also common. After the Chinese Embassy was accidentally bombed in Belgrade, Chinese hacktivists posted messages such as "We won't stop attacking until the war stops!" on U.S. government Web sites.

In early December 2021 it was reported at least nine U.S State Department employees had their phones hacked by an unknown attacker. All nine employees had Apple iPhones. The hack, which took place over several months, was done using iMessages that had a software attached that when sent, without needing to be interacted with, installed spyware known as Pegasus. The software used was developed and sold by an Israel-based spyware development company named NSO Group.

In December 2018, Twitter warned of "unusual activity" from China and Saudi Arabia. A bug was detected in November that could have revealed the country code of users' phone numbers. Twitter said the bug could have had ties to "state-sponsored actors".

Cryptocurrency is big business, so it’s no wonder that Crypto.com was subjected to a serious breach at the start of 2022. The attack took place on January 17th and targeted five hundred people’s cryptocurrency wallets.

Despite the blockchain being a secure transaction method, the thieves used a simple method to get the job done: they circumvented the site’s two-factor authentication 2FA. They stole $18 million of Bitcoin and $15 million of Ethereum.

You wouldn’t think anyone would want to attack the Red Cross, but that’s what happened in January 2022. An attack on a third-party contractor saw more than half a million records compromised – including documents that the Red Cross classed as “highly vulnerable”.

Thousands of people had their sensitive data stolen, and most of the victims are currently listed as missing or vulnerable. The Red Cross took servers offline to stop the attack and investigate this political breach, but no culprit has been identified.

Conclusion

Although it is possible for electronic intrusions to damage infrastructure and threaten physical danger, taking control of systems from the outside is extremely complex, requires a great deal of specialized knowledge and must overcome non-computerized fail-safe measures. It is still easier to bomb a target than to hack a computer.

The majority of cyberattacks have occurred against government institutions. However, businesses are increasingly becoming targets, which is a shift in the threat landscape. As a result, organizations and other groups must implement continuous monitoring systems, firewalls, antivirus software, employee awareness programs, and antimalware to safeguard themselves from ransomware and other cyber-attacks.?

Organizations also need to improve travel security awareness and information security awareness programs for its employees, to raise awareness of this complex, and ever evolving threat.

Organizations can reduce their liability exposure and increase their duty-of-care requirements by implementing a robust travel security program with proper approval controls and constant monitoring of international conditions.

Some of the best practices of a corporate travel security program include:

• A travel security program endorsed by executive management.
• The creation of a designated job function responsible for travel security.
• The development, communication, and regular updates of the travel security policy.
• The implementation of a travel management program to educate and track employees and monitor global situations in real time.
• Educate employees on the threats to information, how best to secure it, and their responsibilities, and how to appropriately manage devices, data, and social media.

Finally

We cannot expect an employee to know something that they have not been educated on or told. Employees that leak data often do so unintentionally due to lack of understanding of information security, to no fault of the employee.

Awareness programs within organizations are paramount, to one educate, and two make people accountable, accountability can only be achieved if people are educated and informed of their responsibilities, should this not happen, the organization, and the person responsible for an information security and the travel security program should be held accountable.

Regards,

Adam W.G. Green, MSyl, CSMP