the evolution of cyberterrorism
what is cyberterrorism?
Cyberterrorism is different from other forms of cybercrime. For an act to qualify as Cyberterrorism, it must:
be politically motivated
involve technology and networks
must have malicious intent to intimidate a government or country/population.
Cybercrime in comparison is generally financially motivated or just vandalism created to disrupt a network. There is a debate about what the scope of cyberterrorism actually is, as some researchers view it as just cyberwar, the same way that modern terorrism and warfare arent easily defined.
Famous examples of cyberterrorism include the 2014 Sony pictures hack by North Korean group “the Guardians of Peace” in response to the making of the film The Interview. The group stole employee data, unreleased films, plans for future films. Then used a variation of the Shamoon wiper which is malware designed to target 32bit windows systems.
The Ukraine Power Grid Hack occurred in 2015. The group responsible was highly likely to be the Russian hacking group, Sandworm. On the 23rd of December 2015, they used BlackEnergy3 Malware to create bots to execute DDoS (distributed denial of service) attacks, BlackEnergy3 is shared through email attachments containing Microsoft powerpoints or words documents.
early on, Script kiddies and hacktivists
Cyberterrorism as an idea, can be traced back to the early days of the internet when people with basic programming skills, often referred to as "script kiddies," began experimenting with hacking. These early attacks were primarily motivated by less threatening ideas such as pure vandalism or curiosity
Hacktivism emerged as a more politically charged form of cybercrime, with groups like Anonymous using cyberattacks to promote social and political causes. While their actions often had a symbolic impact, they laid the groundwork for more serious threats. The idea of hacktivism is interesting because members of anonymous have described plans in the early days would start off with something like “what do we all dislike?” and the answer would be “pedophiles” or “beastiality” and while everyone had different political opinions they would bond over a shared hate.
Organised cybercrime
As the internet became more widely used, hacking and cybercrime became more lucrative. Organized criminal groups, either independent or state sponsored, recognized the potential for financial gain through cyberattacks. Ransomware, phishing, and data breaches became commonplace, blurring the lines between cybercrime and cyberterrorism.
MafiaBoy was a cybercrime group operating in the late 1990’s. A Canadian teenager, Michael Calce, led a group responsible for a series of Distributed Denial of Service (DDoS) attacks against major websites, including Amazon, eBay, CNN, and Yahoo!. These attacks showcased the potential for significant disruption through coordinated online activity.
The Shadow Crew was another group active in the early 2000’s. They ran an online marketplace before the dark web was a thing. It offered a platform where cybercriminals could buy and sell a loads of stolen goods and services such as credit card numbers, counterfeit items, drugs, everything. At its peak, the marketplace had thousands of registered users, processing transactions worth millions of dollars.
state sponsored atps
State sponsored cyberterrorism has become more prominent in recent years. Cyberattacks motivated by more than just financial gain have increased. Events such as the Morris Worm, Sony Pictures Attack, Wannacry Ransomware (debatable). State Sponsored Cyberterrorism is when a government funds hackers activities and directs them towards a certain target.
The main countries sponsoring ATP’s is China, Russia, and the US. They have funded attacks against countries critical infrastructure, politicians and economic state. The most well-known state sponsored adversary groups include Lazarus Group (North Korea), Cozy Bear (Russia), Double Dragon (China), Fancy Bear (Russia), Helix Kitten (Iran).
a new era of warfare
Cybercriminals are becoming increasingly skilled, with access to advanced tools and techniques. As they advance, we need to advance our defenses. As the number of connected devices grows exponentially and so does IOT (internet of things), so do the potential attack surfaces. Hackers could exploit vulnerabilities in IoT devices to launch large-scale attacks or infiltrate networks.
I believe with the rise of AI, Artificial intelligence will revolutionize both offense and defense. Malicious actors could employ AI to develop self-learning malware, automate attacks, and evade detection. We can also develop self-learning AI for our own penetration testing, and use it to advance our own defenses.
Nation-states will continue to invest heavily in cyber capabilities to gain strategic advantages. The lines between cyber espionage, cybercrime, and cyber warfare will blur further. Countries developing tools such as Pegasus and Predator Spyware, will only advance and become more dangerous.
increasing attack surface
As the IOT (internet of things) expands, so does the attack surface that needs to be protected. Most of our critical infrastructure is part of the internet of things, this includes transport, and power grids. The 2015 Ukraine power grid attack where the communication of electricity companies was disrupted, cutting off electricity for ukrainians. At the time, most of Ukraines power infrastructure was built when it was part of the Soviet Union and had been upgraded with Russian parts. Nonetheless, this is a clear example of an attack that we can prevent in the future. How?
Implement Zero trust/ Least privileged access- Nobody should have root user privileges or more privileges than they need on any surface.
Upgrading and patching- keeping hardware and software systems up to date and patching potential vulnerabilities.
Thinking like the opps- Pen testing our own critical infrastructure to find vulnerabilities.
Cyberterrorism is a growing field, as critical infrastructure becomes more reliant on networks, frameworks to protect them needs to be implemented. As well as safety measures and a bigger investment in cybersecurity.