A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organisations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased with an alarming rate for the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).
A cyberattack may steal, alter, or destroy a specified target by hacking into a susceptible system. Cyberattacks can range from installing spyware on a personal computer to attempting to destroy the infrastructure of entire nations. Legal experts are seeking to limit the use of the term to incidents causing physical damage, distinguishing it from the more routine data breaches and broader hacking activities.
Since the late 1980s cyberattacks have evolved several times to use innovations in information technology as vectors for committing cybercrimes. In recent years, the scale and robustness of cyberattacks have increased rapidly, as observed by the World Economic Forum in its 2018 report: "Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents".
The increasing dependency of modern society on information and computer networks (both in private and public sectors, including the military) has led to new terms like cyber attack and cyber warfare.
In the first six months of 2017, two billion data records were stolen or impacted by cyber attacks, and ransomware payments reached US$2 billion, double that in 2016. In 2020, with the increase of remote work as an effect of the COVID-19 global pandemic, cybersecurity statistics reveal a huge increase in hacked and breached data. The worldwide information security market is forecast to reach $170.4 billion in 2022.
Cyberwarfare utilizes techniques of defending and attacking information and computer networks that inhabit cyberspace, often through a prolonged cyber campaign or series of related campaigns. It denies an opponent's ability to do the same while employing technological instruments of war to attack an opponent's critical computer systems. Cyberterrorism, on the other hand, is "the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population". That means the result of both cyberwarfare and cyberterrorism is the same, to damage critical infrastructures and computer systems linked together within the confines of cyberspace.
The financial crime expert Veit Buetterlin explained that organizations, including state actors, which cannot finance themselves through trade because of imposed sanctions, conduct cyber attacks on banks to generate funds.
The spectacularity factor is a measure of the actual damage achieved by an attack, meaning that the attack creates direct losses (usual loss of availability or loss of income) and garners negative publicity. On 8 February 2000, a Denial of Service attack severely reduced traffic to many major sites, including Amazon, Buy.com, CNN, and eBay (the attack continued to affect still other sites the next day). Amazon reportedly estimated the loss of business at $600,000.
The vulnerability factor exploits how vulnerable an organization or government establishment is to cyberattacks. Organizations without maintenance systems might be running on old servers which are more vulnerable than updated systems. An organization can be vulnerable to a denial of service attack and a government establishment can be defaced on a web page. A computer network attack disrupts the integrity or authenticity of data, usually through malicious code that alters program logic that controls data, leading to errors in the output.
Many professional hackers will promote themselves to cyber terrorists, for financial gain or other reasons. This means a new set of rules govern their actions. Cyberterrorists have premeditated plans and their attacks are not born of rage. They need to develop their plans step-by-step and acquire the appropriate software to carry out an attack. They usually have political agendas, targeting political structures. Cyberterrorists are hackers with a political motivation, their attacks can impact political structure through this corruption and destruction. They also target civilians, civilian interests, and civilian installations. As previously stated, cyberterrorists attack persons or property and cause enough harm to generate fear.
The attack can be active when it attempts to alter system resources or affect their operation: so it compromises integrity or availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources: so it compromises confidentiality.
An attack should lead to a security incident i.e. a security event that involves a security violation. In other words, a security-relevant system event in which the system's security policy is disobeyed or otherwise breached.
In order to detect attacks, a number of countermeasures can be set up at organizational, procedural, and technical levels. Computer emergency response team, information technology security audit and intrusion detection system are examples of these.
An attack usually is perpetrated by someone with bad intentions: black hatted attacks falls in this category, while other perform penetration testing on an organization information system to find out if all foreseen controls are in place.
The attacks can be classified according to their origin: i.e. if it is conducted using one or more computers: in the last case is called a distributed attack. Botnets are used to conduct distributed attacks.
Some attacks are physical: i.e. theft or damage of computers and other equipment. Others are attempts to force changes in the logic used by computers or network protocols in order to achieve unforeseen (by the original designer) result but useful for the attacker. Software used to for logical attacks on computers is called malware.
In detail, there are a number of techniques to utilize in cyberattacks and a variety of ways to administer them to individuals or establishments on a broader scale. Attacks are broken down into two categories: syntactic attacks and semantic attacks. Syntactic attacks are straightforward; it is considered malicious software which includes viruses, worms, and Trojan horses.
A Trojan horse is designed to perform legitimate tasks but it also performs unknown and unwanted activity. It can be the basis of many viruses and worms installing onto the computer as keyboard loggers and backdoor software. In a commercial sense, Trojans can be imbedded in trial versions of software and can gather additional intelligence about the target without the person even knowing it happening. All three of these are likely to attack an individual and establishment through emails, web browsers, chat clients, remote software, and updates.
Semantic attack is the modification and dissemination of correct and incorrect information. Information modified could have been done without the use of computers even though new opportunities can be found by using them. To set someone in the wrong direction or to cover your tracks, the dissemination of incorrect information can be utilized.
Within cyberwarfare, the individual must recognize the state actors involved in committing these cyberattacks against one another. The two predominant players that will be discussed is the age-old comparison of East versus West, China's cyber capabilities compared to United States' capabilities. There are many other state and non-state actors involved in cyberwarfare, such as Russia, Iran, Iraq, and Al Qaeda; since China and the U.S. are leading the foreground in cyberwarfare capabilities, they will be the only two states actors discussed.
But in Q2 2013, Akamai Technologies reported that Indonesia toppled China with a portion 38 percent of cyber attacks, a high increase from the 21 percent portion in the previous quarter. China set 33 percent and the US set at 6.9 percent. 79 percent of attacks came from the Asia Pacific region. Indonesia dominated the attacking to ports 80 and 443 by about 90 percent.
Hackers from Azerbaijan and Armenia have actively participated in cyberwarfare as part of the Nagorno-Karabakh conflicyber warfare over the disputed region of Nagorno-Karabakh, with Azerbaijani hackers targeting Armenian websites and posting Ilham Aliyev's statements.
China's People's Liberation Army (PLA) has developed a strategy called "Integrated Network Electronic Warfare" which guides computer network operations and cyberwarfare tools. This strategy helps link together network warfare tools and electronic warfare weapons against an opponent's information systems during the conflict. They believe the fundamentals for achieving success is about seizing control of an opponent's information flow and establishing information dominance. The Science of Military and The Science of Campaigns both identify enemy logistics systems networks as the highest priority for cyberattacks and states that cyberwarfare must mark the start of a campaign, used properly, can enable overall operational success. Focusing on attacking the opponent's infrastructure to disrupt transmissions and processes of information that dictate decision-making operations, the PLA would secure cyber dominance over their adversary. The predominant techniques that would be utilized during a conflict to gain the upper hand are as follows, the PLA would strike with electronic jammers, electronic deception, and suppression techniques to interrupt the transfer processes of information. They would launch virus attacks or hacking techniques to sabotage information processes, all in the hopes of destroying enemy information platforms and facilities. The PLA's Science of Campaigns noted that one role for cyberwarfare is to create windows of opportunity for other forces to operate without detection or with a lowered risk of counterattack by exploiting the enemy's periods of "blindness", "deafness" or "paralysis" created by cyberattacks. That is one of the main focal points of cyberwarfare, to be able to weaken your enemy to the full extent possible so that your physical offensive will have a higher percentage of success. 59ce067264