Cyberwar is a form of conflict conducted in the digital realm, where nations, organizations, or individuals use cyberattacks and cyber espionage to achieve strategic goals or gain an advantage over their adversaries. Here's a detailed description of the topic:
1. **Definition**: Cyberwar refers to the use of computer-based techniques and tactics to disrupt, damage, or gain unauthorized access to computer systems, networks, and critical infrastructure, often with the intent to exert influence, espionage, or conduct acts of aggression against an adversary.
2. **Goals and Objectives**:
- **Espionage**: One primary objective of cyberwarfare is to gather intelligence by infiltrating the computer networks of other nations, organizations, or individuals.
- **Disruption**: Cyberwarfare can be used to disrupt critical infrastructure, such as power grids, transportation systems, or financial institutions, causing chaos and economic damage.
- **Destruction**: In some cases, cyberattacks may aim to destroy data, systems, or capabilities, causing long-term damage.
- **Psychological Operations**: Cyberwarfare can be used for psychological operations (PsyOps) to manipulate public opinion or create fear and uncertainty.
3. **Methods**:
- **Malware**: The use of malicious software like viruses, worms, Trojans, and ransomware to compromise systems.
- **Phishing**: Deceptive emails or websites that trick individuals into revealing sensitive information like passwords.
- **Denial of Service (DoS) and Distributed Denial of Service (DDoS)** attacks: Overwhelming a target's network or website to render it inaccessible.
- **Advanced Persistent Threats (APTs)**: Long-term, targeted attacks aimed at stealing information or controlling systems.
- **Zero-Day Exploits**: Exploiting vulnerabilities in software or hardware that are not yet known to the vendor.
4. **Attribution Challenges**: Determining the source of cyberattacks can be difficult due to the use of proxy servers, false flags, or the involvement of non-state actors.
5. **International Laws and Norms**: The legal framework for cyberwar is still evolving. Nations are working to establish rules and norms governing state behavior in cyberspace.
6. **Escalation and Deterrence**: The use of cyberweapons raises concerns about escalation and deterrence. The lack of clear boundaries in cyberspace can lead to unintended consequences.
7. **Notable Examples**:
- Stuxnet: A computer worm allegedly developed by the United States and Israel to sabotage Iran's nuclear program.
- NotPetya: A ransomware attack in 2017 that caused widespread damage, initially believed to be a cyberattack by Russia against Ukraine.
- SolarWinds: A supply chain attack discovered in 2020, attributed to Russian hackers, which compromised numerous U.S. government and private sector.
2. Definition of Cyber War
• Cyber warfare involves the actions by a nation-state or international
organization to attack and attempt to damage another nation's
computers or information networks through, for example, computer
viruses or Denial-of-Service (DoS) attacks.
• It has the potential to wreak havoc on government and civilian
infrastructure and disrupt critical systems, resulting in damage to the
state and even loss of life.
• There are several examples of alleged cyber warfare in recent history,
but there is no universal, formal, definition for how a cyber attack
may constitute an act of war. (scale and severity matters the most)
3. • Cyber warfare typically involves a nation-state perpetrating cyber
attacks on another, but in some cases, the attacks are carried out by
terrorist organizations or non-state actors seeking to further the goal
of a hostile nation.
• There are several grey areas in the definition of Cyber War
• One reason that the legal status of cyberwarfare has been blurred is
that there is no international law that refers to cyberwar, because it is
such a new concept
• Some states are very willing to exploit this uncertainty, using the
opportunity to test out cyberwar techniques in the knowledge that
other states are uncertain about how they could react under
international law.
• Tallin Manual is an attempt to bring some clarity to the Cyber War
concept
4. • Nearly every system we use is underpinned in some way by
computers, which means pretty much every aspect of our lives
could be vulnerable to cyberwarfare at some point, and some
experts warn it is a case of when, not if.
• Grim scenario involves:
one day your bank balance drops to zero and then suddenly leaps up,
showing you've got millions in your account
Then stock prices start going crazy as hackers alter data flowing into
the stock exchange
The next day the trains aren't running because the signalling stops
working, and you can't drive anywhere because the traffic lights are all
stuck on red, and the shops in big cities start running out of food.
Pretty soon a country could be reduced to gridlock and chaos, even
without the doomsday scenarios of hackers disabling power stations or
opening dams.
5. Types of Cyber Warfare Attacks
o Espionage Cyber espionage
Closely related but separate to cyberwarfare is cyber
espionage, whereby hackers infiltrate computer systems and
networks to steal data and often intellectual property.
o Sabotage site hacking and injecting virus
o Denial of Service (DoS) Attacks
o Electric Power Grid
6. o Propaganda Attacks
Attempts to control the minds and thoughts of people
living in or fighting for a target country.
Propaganda can be used to expose embarrassing truths,
spread lies to make people lose trust in their country, or
side with their enemies
o Economic Disruption
o Surprise Attacks
7. A Brief History Of Cyberwarfare
2010
Stuxnet
• Stuxnet is a computer worm that targets industrial control
systems
• This was the first genuine cyberweapon which was designed to inflict
physical damage.
• It was developed by the US and Israel (although they have
never confirmed this) to target the Iranian nuclear programme.
• It reportedly ruined almost a fifth of Iran’s nuclear centrifuges and
delayed the project
• Stuxnet was a complicated worm, using four different zero-day
exploits and likely took millions of dollars of research and
months or years of work to create.
8. 2014
Russian DDoS attack against Ukraine
This is the second time Russia allegedly coordinated military and cyber-
attack. A DDoS attack 32 times larger than the largest known attack
disrupted the internet in Ukraine while Russian-armed pro-Russian
rebels were seizing control of the Crimea.
Russia vs. Ukrainian election commission
Three days before Ukraine’s presidential election, a Russia-based
hacking group took down both Ukraine’s election commission and a
back-up system. The attack was an attempt to create chaos and aid the
pro-Russian candidate.
9. 2015
Russia vs. German parliament:
German investigators discovered that hackers had infiltrated the
computer network of the German Bundestag. Germany’s domestic
intelligence service, the BfV, later said that the attack was performed
by Russia and that they were seeking information on the workings of
the Bundestag, German leaders, NATO, and others.
China vs. United States Office of Personnel Management:
The records of 21.5 million employees and unsuccessful applicants to
the United States government were stolen from the U.S. Office of
Personnel Management. U.S. government sources believe that the
hacker was the government of China.
10. 2016
Second Russian-caused power outage in Ukraine
It is thought that Russian hackers hid in a power supplier’s network
undetected for six months before taking the power offline. The power
cut amounted to about a fifth of Kiev’s power consumption that night
being lost. This attack happened almost one year to the date of the
December 2015 cyber-attack which cut off power to 225,000 people in
western Ukraine.
11. 2017
WannaCry
• WannaCry is an example of crypto ransomware, a type of malicious
software (malware) used by cybercriminals to extort money.
• WannaCry targeted computers running Microsoft Windows.
• It encrypts data and demands payment of a ransom in the
cryptocurrency Bitcoin for its return.
• This attack is estimated to have affected more than 200,000
computers across 150 countries.
12. 2017
NotPetya
• This is the first major instance of weaponized ransomware.
• The NotPetya malware was disguised as ransomware but its goal was to
destroy files.
• While the attack originated in Ukraine, it quickly spread worldwide.
• The attack resulted in damages of about $10 billion.
• Within hours of NotPetya’s release, the malware had raced around the
world and infected countless computers. Victims included FedEx’s
European subsidiary, TNT Express; several French companies; a hospital in
Pennsylvania; the pharmaceutical company Merck; and, of course, Maersk.
The radiation monitoring system at the Chernobyl Nuclear Plant went
offline. The infection even spread back to Russia, corrupting state oil
company Rosneft.
13. • Petya is a ransomware package that was used to extort money from
compromised users in exchange for a decryption key.
• NotPetya was not “legitimate” ransomware; its intent was purely
destructive. Any ransom payment was wasted. There was no
decryption key for the destroyed data.
14.
15. Why are governments investing in cyberwarfare right
now?
• Unlike traditional military attacks, a cyberattack can be
launched instantaneously from any distance, with little
obvious evidence of any build-up, unlike a traditional
military operation
• Such as attack would be extremely hard to trace back
with any certainty to its perpetrators, making retaliation
harder.
• The fear of being vulnerable to the cyberweapons of
their rivals plus a desire to harness these tools to
bolster their own standing in the world is leading many
countries into a cyber arms race
16. Cyber Vulnerability in Banking System
• Financial services firms fall victim to cybersecurity attacks far more
frequently than businesses in other industries.
• Malicious actors are taking advantage of this digital transformation
and pose a growing threat to the global financial system, financial
stability, and confidence in the integrity of the system.
• Security breaches lead to lost revenue for banking institutions,
interruptions in operations, and loss of both reputation and
customers.
• Financial establishments experience threats from a variety of sources
led primarily by mobile applications and web portals.
• Cyber criminals may steal or manipulate valuable user data and or
“clone” banking apps in order to use them for nefarious purposes.
17. Why Is Cyber Security Important In
Banking?
• Digital India has led to an increase in the usage of cashless
transactions, digital money. In this context, taking all the security
measures is important to protect the data and privacy.
• Data breaches are a serious problem in the banking sector. A
weak cybersecurity system can cause their customer base to
undergo cyber security threats.
• When a bank’s data is breached, recovering from this data breach
can be time-consuming and stressful. So enhancing the banking
security system is a must!
• Banks need to be on their guard 24/7; if not, your data with the
bank can be breached.
18. • The malicious actors behind the attacks on banks include not only
increasingly daring criminals—such as the Carbanak group, which
targeted financial institutions to steal more than $1 billion during
2013-18—but also states and state-sponsored attackers. North Korea,
for example, has stolen some $2 billion from at least 38 countries in
the past five years.
• In February 2016, hackers targeted the central bank of
Bangladesh and exploited vulnerabilities in SWIFT, the global
financial system’s main electronic payment messaging system,
trying to steal $1 billion. While most transactions were blocked,
$101 million still disappeared.
• The October 2020 hack of Uganda’s largest mobile money
networks, MTN and Airtel, for example, resulted in a major four-
day disruption of service transactions.
19. Cyber Incidents involving Indian Financial Institutions
• Union Bank of India Attempted SWIFT Heist
On July 21, 2016, attackers attempted to use fraudulent SWIFT
transactions to steal $170 million from the Union Bank of India (UBI),
but the money was ultimately recovered within three days after the
transactions were flagged.
• City Union Bank SWIFT Attack
In February 2018, City Union Bank in India suffered a breach that
allowed $1 million to be transferred to a Chinese institution.
• Indian ATMs Targeted with ATMDtrack Malware
On September 23 2019, security researchers reported that North
Korean hackers had developed and inserted malware to steal payment
information from Indian ATMs and banking institutions.
20. • Indian Mobile Banking Apps Malware
On May 14 2020, CERT-In, India’s national CERT, released a warning that a
mobile banking malware called 'EventBot' that steals personal financial
information was affecting Android users in India.
• Indian Fintech Chqbook Suffers Breach
On December 25 2021, two million credit score records from Chqbook, an
Indian FinTech startup, were found on the dark web.
• Banking trojan targets Indian Android-based financial customers
On September 22, 2021, researchers reported that Android phone banking
customers in India were being targeted the Drinik banking trojan malware.
• CashMama data breach
On April 6, 2022, India-based loans app CashMama reported a data breach,
in which customer data that was invasively collected and stored was
exposed.
21. What is SWIFT?
• The Society for Worldwide Interbank Financial Telecommunication
(Swift) is an international network that links banks to securely and
privately exchange signals regarding actions like money transfers.
• Every day, about 11,000 SWIFT members send close to 33.6 million
transactions
22. Top Cybersecurity Threats Faced by Banks
Spear Phishing
• Spear-phishing is a type of phishing attack that targets specific
individuals or organizations typically through malicious emails.
• The goal of spear phishing is to steal sensitive information such as
login credentials or infect the targets’ device with malware
• Spear phishers carefully research their targets, so the attack
appears to be from trusted senders in the targets’ life.
• A spear phishing email uses social engineering techniques to
urge the victim to click on a malicious link or attachment
• Once the victim completes the intended action, the attacker can
steal the credentials of a targeted legitimate user and enter a
network undetected.
23. Phishing
• Phishing attacks prioritize
quantity.
• The messaging in phishing emails,
texts or phone calls are generic and
sent to a large group of individuals
or organizations in hopes of
increasing the chance of “catching”
a victim.
• Phishing attacks via phone calls
are often called vishing for
voice-phishing
• Attacks via text messages are
known as smishing for SMS-
phishing.
Spear Phishing
• Spear-phishing attacks prioritize
quality.
• Spear-phishing emails, texts or
phone calls are highly personalized
for a specific organization or
individual.
• Spear-phishing attacks are more
likely to deceive potential victims
due to the amount of research and
time spent personalizing messages
that appear to be from legitimate
senders.
24. Whaling
• Whaling uses the same personalized strategy of spear-phishing
attacks, except attackers specifically target higher level management
to expose financial and confidential information.
• Whaling attacks hope to extract more valuable, classified information
by taking down big targets, which can magnify the damage inflicted
upon an organization.
25. Trojans
• Trojans are quiet common threat to private users.
• Hackers can infect their targeted computers with Trojan virus by
decisively making their target download a software which they
thought was legitimate but was in fact malicious.
• Once the software is in the computer then the hacker can do anything
from recording your passwords by logging keystrokes to taking over
your webcam to watch and record your every move.
27. Spoofing
• Spoofing, as it pertains to cybersecurity, is when someone or
something pretends to be something else in an attempt to gain our
confidence, get access to our systems, steal data, steal money, or
spread malware
Few Types of Spoofing Attacks include:
Email Spoofing
Caller ID Spoofing
Website or Domain Spoofing
Facial spoofing
28. Distributed Denial of Service
(DDoS)
• DDoS is a category of malicious
cyber-attacks that hackers or
cybercriminals employ in order to
make an online service, network
resource or host machine
unavailable to its intended users on
the Internet
• Targets of DDoS attacks are flooded
with thousands or millions of
superfluous requests,
overwhelming the machine and its
supporting resources
29. Difference between DoS and DDoS
Denial-of-Service (DoS)
• In Dos attack single system
targets the victim system.
• Victim’s PC is loaded from the
packet of data sent from a
single location
• Dos attack is slower as
compared to DDoS.
• DOS Attacks are Easy to trace.
• Can be blocked easily as only
one system is used.
Distributed Denial-of-Service (DDoS)
• In DDoS multiple systems attack
the victim’s system
• Victim PC is loaded from the
packet of data sent from
Multiple locations.
• A DDoS attack is faster than
Dos Attack.
• DDOS Attacks are Difficult to
trace.
• It is difficult to block this attack
as multiple devices are sending
packets and attacking from
multiple locations.
30. Cyber Vulnerability in Transportation System
• Between June of 2020 and June of 2021, the transportation
industry witnessed a 186 percent increase in weekly
ransomware attacks (Cybertalk.org)
• The number of ransomware attacks is increasing across all
sectors, but transportation entities are seemingly bearing
the brunt of this trend.
• As the transportation companies have not historically
deployed large security teams to protect their digital assets,
they are more acutely affected by the global cybersecurity
skills gap than other businesses.
31. • As part of critical public infrastructure, transportation is
uniquely at risk.
• Most people and businesses depend on transport, whether it
is getting to work on time, sending goods or receiving
medical supplies.
• If an attack disrupts transportation, entire supply chains
could come crashing down.
• Traffic light or rail transit disruption could cause physical
harm.
32. Prime threats affecting the transport
sector
ransomware attacks;
data related threats;
malware;
denial-of-service (DoS), distributed denial-of-service (DDoS)
and ransom denial-of-service (RDoS) attacks;
phishing / spear phishing;
supply-chain attacks.
33.
34. Notable Transportation Industry Attacks
NotPetya Maersk Ransomware attack (2017):
• In 2017, one of the most widespread and devastating cyberattacks
was perpetrated against worldwide shipping giant Maersk.
• The Danish transport and logistics conglomerate fell prey to a
campaign which used a modified version of the Petya ransomware,
NonPetya, bringing down IT systems and operational controls across
the board.
• Maersk has revealed that the attack required close to a "complete
infrastructure" overhaul and the reinstallation of thousands of
machines.
• The shipping giant has suffered millions of dollars in damage due to
the ransomware attack.
35. • While no customer or business data is believed to have been
exposed, the firm endured severe disruption and was forced to
halt operations as the ransomware spread through core IT
systems
• In September, FedEx revealed the damage caused by falling
victim to the Petya cyberattack.
• The delivery giant faced losses of approximately $300 million
after the operations of the firm's TNT Express unit in Europe
were disrupted.
• The disruption to the global supply chain, of which Maersk is a
major component, was extensive, and losses accumulated into
the billions
36. • In late 2020, the giant shipping company Matson was attacked by a
gang of cybercriminals using the Windows REvil ransomware. The
thieves claimed to have stolen a terabyte of data.
• In June 2021, reports surfaced that North America’s largest
transportation network, New York’s Metropolitan Transportation
Authority, was hit with a cyberattack two months before.
Cybersecurity experts suspect Chinese threat actors are responsible
for the attack. The Chinese attackers reportedly exploited a zero-day
vulnerability in a remote access product from Pulse Connect Secure to
infiltrate the MTA’s network.
37. In 2020, 9 million EasyJet customers’
email addresses and travel details were
stolen out of which credit card
information of 2,208 were also
compromised.
The LockBit ransomware targeted
the Agency for Aerial Navigation Safety
in Africa and Madagascar (ASECNA).
During this high severity incidence, the
data of the agency’s 18 member
countries have been encrypted, and the
agency has threatened to disclose
breached data to the dark web unless a
$25,000 ransom is paid
38. • In 2018, investigators found 86% of 1,000 hardware devices that Cisco
had supplied to San Francisco’s Bay Area Rapid Transit
system contained “hidden backdoors on the devices, as well as a
persistent ‘ping’ where data are sent to a foreign nation hostile to
American interests”.
• Transit cybersecurity efforts should include looking at the software
supply chain, “so that you actually start to look at and understand
Where did all the different pieces of this software come from?
Where were they assembled?
Who had a hand in it?”
39. Cyber Vulnerability in Communication System
• Communication systems are a vital infrastructure. Communication
lines and infrastructure include physical lines, satellites, and other
wireless methods.
• As more hackers start targeting these tools, a successful attack could
be devastating.
• By design, these systems convince multitudes of people to take a
given action, making them dangerous if a malicious actor controls
them.
• Mass communications messages typically come from authoritative
sources and often relate to emergencies.
• As such, people are more likely to believe and respond to them. If a
malicious threat actor infiltrated these systems, they could cause
millions of people to act recklesslessly
40.
41. • Physical lines can be cut off in physical attacks, but they are also
vulnerable to the cyberattacks that can be used against wireless
communications
An unwanted wireless signal injected into the original signal may
result in a temporary loss of wireless signals, poor receiver
performance, or bad quality of output by the electronic
equipment.
Channel interferences influencing the performance of wireless
communication systems can be co-channel interferences or
adjacent channel interferences.
42. Overload attacks, like DDoS attacks are designed to overwhelm
the available capacity of the infrastructure or absorb so much
capacity that the negative influence on the service is notable.
• Even our networks of satellites and space systems are vulnerable to
cyberattacks, which can create a backdoor into the physical and
digital systems we rely upon on a daily basis.
43. Example: Maritime Communication System
a) Automatic Identification System – AIS
AIS (Automatic Identification System) is a VHF radio-based system that allows
ships to broadcast their current GPS-obtained location to nearby vessels.
Key risk:
Since AIS lacks any mechanism for validating messages are being broadcast
correctly, it is possible to spoof messages to present as a different vessel, or
‘fake’ a vessel location.
This is often used to conceal illegal activity such as illegal fishing or evading
international sanctions.
Additionally, since AIS is used to generate collision-avoidance warnings,
spoofing locations could be used to ‘force’ a vessel off course and into
dangerous waters.
44. b) Global Maritime Distress and Safety System - GMDSS
GMDSS (Global Maritime Distress and Safety System) is a suite of procedures,
protocols and communications systems designed to assist with rescuing vessels in
distress. The key components are HF-radio and Satellite-based transmitters.
Key risk: Given GMDSS’ key role in saving lives, ensuring its constant availability is
crucial. While it could be possible to disrupt radio communications via jamming, the
set of technologies used should mean other channels continue to work. A risk is its
reliance on a single operator for satellite communications, but other providers are
likely to be approved in the next few years.
45. c) Satellite communication
Satellite communication has become the main way of transferring
information when a vessel is at sea and can allow for the transmission of
voice, internet and other data. Although traditionally high-cost, new
operators and satellite launches mean bandwidth is becoming cheaper and
more widely available.
Key risk: The development of software-defined radio technology means that
radio signals of the frequencies used by satellite communication systems can
be received and analysed cheaply. If sensitive information is being
transmitted in plain text, then it may be possible to intercept it. Older
satellite equipment (e.g. terminals) may also be at risk of direct attacks over
the internet.
46. d) VHF
VHF radio is the most commonly used marine communication system,
found on everything from large vessels to small recreational craft. It
uses simple analogue FM modulation to transmit a voice signal which
can be received by anyone in range of the transmitter.
Key risk: Due to its broadcast nature and simple analogue modulation
the lack of confidentiality means that VHF should not be used to
transmit sensitive information. In practise, its use for general ship-to-
ship and ship-to-shore communications means this is unlikely to occur.