Cyberterrorism: What you should know about it

Cyberterrorism is a politically motivated attack that uses computers and information technology to cause physical, social, or political damage and generate fear in the target population. The distinction between a cyberterrorist attack and a random act of hacking lies in its scope and the motivation behind it. Cyberterrorists try to inflict harm on a large number of people, and their actions have an underlying political or ideological motif.

Therefore, they target government agencies and the nation’s critical infrastructure. Media companies that present opposing views and large fintech companies that can potentially be drained of financial resources also find themselves on cybercriminals’ radar.

Cyberterrorists target computer networks which, if compromised or destabilized, would wreak the most havoc on a community. If these systems are not air gapped, they can be breached online. But how exactly?

Cyberterrorists use the same methods — from computer viruses to ransomware attacks — to gain unauthorized access to computer systems as regular hackers:

Hacking is the process of gaining unauthorized access to data stored digitally on computers, tablets, smartphones, and entire networks. It exploits the cybersecurity weaknesses of the computer network and spreads malware. However, some types of hacking exploit human nature for gaining information. For example, phishing refers to methods for tricking people into divulging personal or confidential information — read on to find out more.

Both computer viruses and worms fall under the category of malware. A virus is a malicious code that copies itself and runs rampant on your device, damaging programs, deleting files, and harming the hard drive along the way. Computer worms are also malicious programs, but they do not need human interaction to be activated and begin replicating and infecting connected devices. A worm slows down your device or makes it stop functioning altogether.

An advanced persistent threat (APT) is a long-term attack campaign. First, cybercriminals gain access to a computer network by spear phishing, then they use malware to create a backdoor and a few entry points to move freely and undetected. Next, they gain administrative access in order to view or steal data, spy on individuals, and track their online activity. Before leaving the network, they establish a backdoor for future use.

Denial-of-service (DoS) attacks are cyberattacks for making a computer or network unavailable to its users. DoS is accomplished by flooding the target with traffic to overload the system so that legitimate users cannot receive expected services. Also, attackers sometimes exploit the vulnerabilities of the system to destabilize or crash it, causing inconvenience for its users.

Ransomware is a type of malware that online criminals use to block access to their target’s computer system or encrypt their data to demand a ransom to restore it. A ransomware attack is carried out by sending phishing emails and creating fake websites that contain malicious links and files. Once clicked on/downloaded, they infect your files and encrypt them, so you have to pay up to regain access.

Cyberterrorists use the phishing scam technique to get information or money from their targets. They email, text, or call you to manipulate you into sharing confidential information, such as account passwords. Pretending to be someone else, they pressure you by asking for help, urging you to act fast, or intimidating you, so beware of emails and messages that:

• Pressure you to open attachments.
• Ask you to click on links.
• Have messy grammar and fonts.
• Their content seems unnatural.

You should always be alert and refrain from clicking on every link or file as soon as you receive it, especially if you work with sensitive data or classified information. Better yet, report this suspicious activity to your system administrator and you might just stop an APT attack in its tracks.

One type of cyberattack is cyber espionage, where terrorist groups spy on a rival country to gather confidential information, such as its political and military strategies. They can later use this information to further their goals. Most cyber espionage attacks fall under the category of APT and often involve social engineering.

If terrorists break down the cyber defenses of a computer network, they might disrupt websites, access classified information, and interfere with the functioning of critical infrastructures:

• Disruption of major websites. Cyberterrorists aim to make certain websites unavailable to the public because they disagree with the content. Attackers mostly target media outlets that present views opposing their ideology. However, they also target high-profile companies, tech firms, and government websites with the goal to inconvenience and scare the public.
• Unauthorized access. Cyberterrorists try to disable or interfere with computer and communication networks that control military installations and national defense systems to compromise homeland security.
• Disruption of critical infrastructure systems. A nation’s critical infrastructure is also among the cyberterrorists’ targets. They aim to cause destruction by cutting off water supply, causing a regional power outage or a nuclear power crisis, or at least instill fear and panic in the citizens. They also target air traffic control systems, transportation infrastructures, telecommunication networks, emergency services, and the banking industry.

The year 2022 has seen a large number of cyberattacks caused by cybercriminal groups, some of which are suspected of being backed by their governments, which blurs the line between cyberterrorism and cyber espionage.

According to the data provided by the Center for Strategic and International Studies, several pro-Russian and Russian-based hacking groups claimed responsibility for a number of significant cyber incidents and attacks this year:

• October. Pro-Russian hackers targeted websites of the Bulgarian presidential administration, the Ministry of Defense, the Ministry of the Interior, the Ministry of Justice, and the Constitutional Court in a DDoS attack, stating it was in reprisal “for betraying Russia and supplying weapons to Ukraine.” That same month, hackers targeted several major U.S. airports with a DDoS attack, affecting their websites.
• September. A Russian-based hacking group targeted the website of the U.K. intelligence agency MI5 with a DDoS attack and temporarily took the site down.
• August. Russian-affiliated cybercriminals targeted the website of the state energy agency responsible for the operations in Ukraine’s nuclear power plants. That same month, hackers targeted the Finnish Parliament with a DDoS attack that blocked access to the Parliament’s website. Also, they tampered with the website of the Latvian Parliament in a DDoS attack that temporarily disabled the website’s server, and carried out a similar DDoS campaign on the websites of Estonian government institutions and businesses.
• June. A Russian-linked hacker group temporarily took down several public and private sector websites in Lithuania by carrying out DDoS attacks against the National Secure Data Transfer Network, as well as governmental institutions and private companies. A pro-Russian group, Killnet, claimed responsibility for some of the attacks, stating that Lithuania was being punished for blocking the delivery of certain goods to the Russian troops positioned in Kaliningrad.

North Korea also has been linked to some significant cyberattacks in 2022:

• June. Hackers linked to North Korea targeted the Harmony Horizon blockchain bridge. The attack exposed large amounts of personal data and resulted in a theft of over $100 million.
• April. The Office of Foreign Assets Control of the U.S. Department of Treasury accredited the March 29 hack of the Ronin Network to a group from North Korea and imposed sanctions on the hackers. They stole over $540 million in Ethereum and USDC cryptocurrencies.

You will not be able to fend off all cybercrime on your own, but there are steps you can take to protect your personal data and mitigate the effects of a cyberattack:

• Assess network security before connecting to the internet. Is it password protected? Also, do not use public Wi-Fi with no encryption unless you are using a secure VPN.
• If an email looks wrong or you received it from an unknown individual or organization — do not open it and never download attachments.
• Scan all your downloads for malware before opening them.
• If you feel unsure about the legitimacy of a website — leave it immediately.
• Do not share your personally identifiable information online with suspicious individuals or entities.
• Limit data replication by sharing it, especially on multiple systems and mobile devices; share information only with trusted sources.
• Review the privacy settings of all your social media accounts and limit the use of your personal data.
• Use strong passwords and never reuse them for multiple accounts. Better yet, keep your login information safe by getting a secure password manager.
• Enable multi-factor authentication to make sure you are the only one who can access your accounts.
• Keep your computer software up to date.
• Encrypt your personal data so that third parties can’t view or misuse it.

Fighting cyberterrorism requires major effort on a national scale, as well as international cooperation. Apart from reporting suspicious activity, the best you can do is protect your privacy and stay vigilant. The more you protect your data online, the better chances you have at avoiding cyber threats and reducing the damage of such attacks.