These days, it seems like every time you turn on the news, you see another story about a cyber attack. The most recent hack shut down oil and gas provider Colonial Pipeline, causing fuel shortages and higher fuel prices throughout the east coast of the United States. Another attacked JBS, the biggest beef supplier in the world, forcing them to shut down their meat processing plants in the U.S. and Australia.
What Is a Cyber Attack?
A cyber attack is an attempt to gain unauthorized entry into a computer, computer network or computer system with the intent to disable, disrupt, destroy, control or alter them or steal their data. Because of the interconnectivity of computers through networks and the Internet, a cyber attack can be launched from anywhere.
People who initiate cyber attacks are called hackers or cybercriminals. Sometimes, cybercriminals work alone with the intent to cause mischief or for profit. Many recent cyber-attacks have been done by criminal syndicates, some of which are government-sponsored or government-condoned hacker groups. Government-sponsored hackers, or nation-state attackers, may attack rival government military, financial and other agencies as well as non-government entities like utility companies, businesses and nonprofits.
Objectives of Cyber Attacks
There are many objectives of cyber attacks, all of which are damaging to the victims:
- Financial gain – The majority of cyber attacks are for financial gain. A hacker may infiltrate a large retail company or bank and steal credit card numbers, for example. These may be sold or used to fraudulently buy things. Personal information like Social Security numbers is also a target of hackers because it can be sold to criminals.
- Sowing chaos – Cybercriminals sometimes launch attacks against government entities or companies to exact revenge by embarrassing them and damaging their reputations.
- Protest – Some cyber attacks are meant to promote a cause by striking at a company or organization that the hackers view as doing harmful things. This type of hacker is called a hacktivist; the most well-known group of hacktivists is called Anonymous.
- Cyberwarfare – Governments around the world have their own groups of hackers who use their skills to attack government entities in other countries. An example of this is the Israeli cyberattack that disabled the nuclear centrifuges in Iran to slow down their uranium enrichment program and nuclear arms capability.
How Do Cyber Attacks Work?
Some hackers do something called an untargeted attack in which they try to break into as many devices or systems as possible. An example of this is phishing, in which they email large numbers of people to trick them into clicking a link that will download malicious code onto their computers, or stealing saved passwords from Google Chrome web browsers so that they can break into multiple types of accounts.
Usually, the cyberattacks that make the news are targeted attacks, where the criminals target a specific company. They look for vulnerabilities in the organization’s computer code or try to get into the system using a stolen employee password. Once they are in, they institute one of various types of attacks.
Types of Cyber Attacks
- Malware – Malicious computer code is surreptitiously added to the organization’s system. The code might steal or copy sensitive data (data breaches), block access to files or processes or disrupt critical operations.
- Man-in-the-middle – In this type of attack, the hacker inserts himself between two parties, like customers and their financial institutions, either to block operations or steal data or money.
- Distributed denial of service (Ddos) – DDos attacks are most often used to create chaos or as a protest. The hackers flood an organization’s servers with simultaneous data requests which freeze up the whole system and bring their operations to a halt.
- Zero-day exploit – This is when hackers first discover a vulnerability in a computer system. They will try to establish malware so that they can control the system or steal from it in the future.
- Domain name system (DNS) tunneling – This is when hackers find a vulnerability and then continue to use that method, or tunnel to repeatedly get into the target’s system.
- Ransomware – This is when malicious code is inserted into a system, immobilizing it and preventing operations. A message is then sent to the organization demanding a ransom to release the system.
- Credential-based attacks – These attacks involve stealing the login information of IT employees and then using them to break into the organization’s system.
A Cyber Attack Epidemic
Although 2020 will be remembered primarily for the COVID-19 pandemic, the world experienced another pandemic that year – cybercrime. For example, the World Health Organization (WHO) reported that it experienced five times the number of cyberattacks compared to the previous year.
An organization called REvil which is purported to be Russian and supported or at least willfully ignored by the Russian government put up a website where it disseminated ransomware code for other hackers to use in their attacks. REvil ransomware code was used in the JBS and Colonial Pipeline, among over 200 other attacks on U.S. companies.
Russian hackers were also responsible for infiltrating numerous U.S. government servers including the Department of Defense and the Treasury Department at the end of 2020 through a software company called SolarWinds that provided services to those agencies. Authorities do not yet understand what information was taken or what code was inserted in the SolarWinds attack.
In July 2021, President Biden met with Russian President Putin and demanded that he put an end to Russian-based ransomware groups attacking American targets. Days later, REvil went offline. It is not clear if President Putin exerted pressure, if the U.S. Cyber Command took them down or if they went dark on their own because of the negative attention.
However, cyber-attacks, especially ransomware attacks, can be extremely lucrative making them attractive to cybercriminals. Although the U.S. government counsels companies not to pay ransomware demands, many of them do so to get their operations back online. Colonial Pipeline paid $4.4 million (almost half of which was later recovered by the FBI) and JBS paid $11 million. Costs are low, there is not much technical skill needed and rewards are high.
According to a recent survey, 60% of small and medium-sized businesses do not think their companies will be targeted by cybercriminals but the reality is that 18.5% of them were targeted within the previous year.
Only time will tell if cyber attacks continue to increase, but it still pays to be safe. Companies and organizations need to make sure that their systems are secure and individuals need to be vigilant about potential phishing or clicking on links that they are unsure of. From a government perspective, the U.S. government is working on building an international coalition to hold ransomware cybercriminals accountable.