What is cyberterrorism? Examples and threats explained

What is cyberterrorism?

As defined by the North Atlantic Treaty Organization (NATO), cyberterrorism is a cyberattack that uses computers and communication networks to cause significant destruction or disruption to generate fear or intimidate society into a particular ideological goal. The distinction between a cyberterrorist attack and a random act of hacking lies in its scope and motivation. Cyberterrorists try to inflict harm on a large number of people, and their actions have an underlying political or ideological motif.

Therefore, they target government agencies and the nation’s critical infrastructure. Media companies that present opposing views and large fintech companies that can potentially be drained of financial resources also find themselves on cybercriminals’ radar.

Cyberterrorists target computer networks, which, if compromised or destabilized, would wreak the most havoc on a community. If these systems are not air-gapped, they can be breached online. But how exactly?

Methods used for cyberterrorism

Cyberterrorists use the same methods — from computer viruses to ransomware attacks — to gain unauthorized access to computer systems as regular hackers:

Hacking

Hacking is gaining unauthorized access to data stored digitally on computers, tablets, smartphones, and entire networks. It exploits the cybersecurity weaknesses of the computer network and spreads malware. However, some types of hacking exploit human nature to gain information. For example, phishing refers to methods for tricking people into divulging personal or confidential information.

Computer viruses and worms

Both computer viruses and worms are malware. A virus is a malicious code that copies itself and runs rampant on your device, damaging programs, deleting files, and harming the hard drive along the way. Computer worms are also malicious programs, but they do not need human interaction to be activated and begin replicating and infecting connected devices. A worm slows down your device or makes it stop functioning altogether.

Advanced persistent threat

An advanced persistent threat (APT) is a long-term attack campaign. First, cybercriminals gain access to a computer network by spear phishing. Then, they use malware to create a backdoor and a few entry points to move freely and undetected. Next, they gain administrative access to view or steal data, spy on individuals, and track their online activity. Before leaving the network, they establish a backdoor for future use.

DoS attacks

Denial-of-service (DoS) attacks are cyberattacks that make a computer or network unavailable to its users. DoS is accomplished by flooding the target with traffic to overload the system so that legitimate users cannot receive expected services. Attackers sometimes exploit the system’s vulnerabilities to destabilize or crash it, causing inconvenience for its users.

Ransomware

Ransomware is a type of malware that online criminals use to block access to their target’s computer system or encrypt their data to demand a ransom to restore it. A ransomware attack is carried out by hackers sending phishing emails and creating fake websites that contain malicious links and files. Once clicked on/downloaded, they infect and encrypt your files, so you have to pay up to regain access.

Phishing

Cyberterrorists use the phishing scam technique to get information or money from their targets. They email, text, or call to manipulate you into sharing confidential information, such as account passwords. Pretending to be someone else, they pressure you by asking for help, urging you to act fast, or intimidating you — so beware of emails and messages that:

• Pressure you to open attachments.
• Ask you to click on links.
• Have messy grammar and fonts.
• Provide unclear information.

You should always be alert and refrain from clicking on every link or file as soon as you receive it, especially if you work with sensitive data or classified information. Better yet, report this suspicious activity to your system administrator, and you might just stop an APT attack in its tracks.

Cyber espionage

One type of cyberattack is cyber espionage, where terrorist groups spy on a rival country to gather confidential information, such as its political and military strategies. They can later use this information to further their goals. Most cyber espionage attacks fall under the category of APT and often involve social engineering.

Cyberterrorism examples

Examples of cyberterrorism include large-scale disruption of digital networks via tools such as computer viruses, phishing, malicious software, and programming scripts. If terrorists break down the cyber defenses of a computer network, they might:

• Disrupt daily life. Cyberterrorists aim to make certain websites unavailable to the public because they disagree with the content or want to cause chaos. Attackers can target high-profile companies, tech firms, and government websites to cause inconvenience and scare the public. For example, in 2021, US Colonial Pipeline’s equipment suffered a ransomware attack that caused fuel shortages, gas price jumps, and even a regional emergency. The company was forced to pay a ransom of $4.4 million to the DarkSide hacking group to regain control of its systems.
• Gain unauthorized access. Cyberterrorists try to disable or interfere with computer and communication networks that control military installations and national defense systems to compromise homeland security. The infamous 2020 SolarWinds hack is one of the best examples of malicious actors gaining unauthorized access to a system used by government agencies and businesses alike. While the perpetrators of the SolarWinds hack remain unknown to this day, authorities suspect nation-state-sponsored hackers, making the SolarWinds attack an act of cyberterrorism.
• Disrupt critical infrastructure systems. A nation’s critical infrastructure is also among the cyberterrorists' targets. They aim to cause destruction by cutting off the water supply, causing a regional power outage or a nuclear power crisis, or at least instilling fear and panic in citizens. They also target air traffic control systems, transportation infrastructures, telecommunication networks, emergency services, and the banking industry. An example of such assault is the 2021 Florida water treatment plant attack, during which a malicious actor gained unauthorized access to the plant’s network and tried to alter the chemical levels in the water supply. Fortunately, the plant operator noticed the attack on time, reversing the processes and thwarting the cyberterrorism attempt before anyone got hurt.
• Spread misinformation. Cyberterrorists target news outlets and information networks to spread misinformation or remove content that goes against their beliefs. One such example took place in 2015 when a group claiming to be associated with ISIS hijacked the French TV5Monde TV channel’s broadcasting systems, social media accounts, and websites to spread propaganda and messages supporting the terrorist group. As a result, the network had to be taken off the air for at least a few hours.

Recent cyberterrorism attacks (2023-2024)

In the last few years, a large number of cyberattacks have been caused by cybercriminal groups, some of which are suspected of being backed by their governments. This has blurred the line between cyberterrorism and cyber espionage.

• NATO country cyberattacks (2024). Since the start of Russia’s invasion of Ukraine, NATO countries have been suffering continuous cyberattacks on their critical infrastructure and government agencies. The most recent incidents, perpetrated by APT28, a Russian-backed threat actor, included targeting Germany’s political party and various Czech Republic institutions.
• The MOVEit data breach (2023). A significant data breach occurred involving the MOVEit file transfer software, impacting many organizations globally, including government agencies and private enterprises. The Russian-affiliated cyber gang Cl0p ransomware group exploited a zero-day vulnerability in the software to steal data, leading to widespread disruption and data theft.
• The Iranian oil infrastructure attack (2023). At the end of 2023, Iran’s oil infrastructure was targeted by a cyberattack attributed to an Israeli state-sponsored group. The attack caused temporary disruptions in oil production and exports, highlighting the vulnerability of critical infrastructure to cyberterrorism.

How to protect yourself from cyberterrorism

You will not be able to fend off all cybercrime on your own, but you can take steps to protect your personal data and mitigate the effects of a cyberattack:

• Assess network security before connecting to the internet. Is it password protected? Also, do not use public Wi-Fi with no encryption unless you use a secure VPN.
• If an email looks wrong or you received it from an unknown individual or organization — do not open it and never download attachments.
• Scan all your downloads for malware before opening them.
• If you feel unsure about the legitimacy of a website — leave it immediately.
• Do not share your personally identifiable information online with suspicious individuals or entities.
• Limit data replication by only sharing it with trusted sources, especially on multiple systems and mobile devices.
• Review the privacy settings of all your social media accounts and limit the use of your personal data.
• Use strong passwords and never reuse them for multiple accounts. Better yet, keep your login information safe by getting a secure password manager.
• Enable multi-factor authentication to make sure you are the only one who can access your accounts.
• Keep your computer software up to date.
• Encrypt your personal data so third parties can’t view or misuse it.

Fighting cyberterrorism requires a major effort on a national scale as well as international cooperation. Apart from reporting suspicious activity, the best you can do is protect your privacy and stay vigilant. The more you protect your data online, the better chances you have at avoiding cyber threats and reducing the damage of such attacks.