One of the crudest but also true-to-life jokes about the advent of online goes like this: “Terrorist organizations have decided to get into online crime to keep up to date. They have just launched a new app called Pay-Up-Pal.” A joke, yes, but one that is driving cyber criminals today, hell-bent on making online fraud, the biggest crime sector of all time. It’s touched all sectors, notably among them being banking and the health sectors, and it’s all-pervasive.
Cyberterrorism (1) is basically the process of causing harm to the community by using Internet networks to conduct violent acts, sometimes involving loss of life and/or data. It differs from cybercrime in so much that it is perpetrated for causing damage and violence, very often against non-military targets, whereas cybercrime is motivated by financial gain. Dataconomy (2) defines it as the use of computer networks or systems to inflict intentional damage, cause disruption, and/or intimidate people.
Cyber assaults are carried out via hacking of large-scale computer networks. Hackers make use of computer viruses, spyware, malware, ransomware, phishing, programming language scripts and other malicious software to achieve their purposes. These cyberattacks often lead to criminal offenses called Cyberterrorism. Government agencies like the FBI (Federal Bureau of Investigations) and the CIA (Central Intelligence Agency) have linked many of these cyberterrorist attacks which target the banking industry, military, power, nuclear power plants, air traffic control and water control sectors to terrorist organizations.
Terrorist nations are sponsoring hacking groups to embed malware deep inside of the biggest networks.
In 2015, the French channel, TV5 Monde, went 18 hours without broadcasting due to a solid jihadist hack claimed to have been affected by a cyber terrorist organization calling itself ‘CyberCaliphate’. Amongst the most popular news channels alongside the BBC, TV5 was nearly crippled. Almost 250 million homes were affected. The terrorists spread personal data and other information about alleged military personnel and aircraft carrier Charles de Gaulle, a participant in the bombing in Iraq in the attack. Though services were restored, the effect was devastating considering the positions and function of the news channel. The cost of the attack was €5 million in 2015, and €11 million over the next three years – a total of more than €16 million.
The Colonial pipeline incident of May 2021 which resulted in a state of emergency being declared, shutdown of operations involving oil and fuel for a few days, an unprecedented spike in oil prices in several states in the US, and finally a payment of a ransom of USD 4.4 million to the cyber terrorists is another famous example of cyber terrorism combined with cybercrime. The 5,500-mile pipeline transports almost 45% of gasoline and other fuel products to the eastern coast of the United States. Attackers distributed malware through email, which in turn crippled the billing infrastructure when activated. A ransom to restore services followed.
The act sent shockwaves through the country; two months later Jennifer Granholm, the Energy Secretary said that bad actors had gained the ability to shut down the U.S. power grid.
An uphill battle
A brief look at the statistics is sufficient to understand the war footing on which cyber terrorism needs to be addressed. Forbes (3) shares some alarming statistics :
- Healthcare and Education continue to attract the most attacks with attacks up by over 70% in both cases since 2021
- In 93% cases, hackers can breach systems and gain access to networks
- Small businesses account for as much as 43% of attacks, with only an estimated 14% capable of defending themselves
- 2021 witnessed 50% more attacks per week than the previous year
- 45% of respondents said their systems were ineffective against attacks
According to Symantec, IoT devices (6) experience an average 5,000 plus attacks per month. The fact that a majority of new IoT devices are still in their infancy means there is a much larger attack surface for cybercriminals to target the vulnerabilities associated with them.
How it is carried out
The commonly used methods of perpetrating cyberterrorism are:
- Malware – malicious software secretly installed on a victim’s computer system to gain control of files and personal data
- Advanced persistent threat (APT) – sophisticated, purposeful penetrations that aim to acquire network access of key infrastructural and defence sectors.
- Phishing (5) – enticing and attractive malware embedded in email and social media connections that gain access to personal information
- Ransomware (4) – malicious software that encrypts victim’s files. It is followed by a ransom demand.
- DDoS attacks (Distributed Denial of Service) – a malicious disruption of a server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic, preventing access by users
- Man-in-the-middle attacks – spyware via which the attacker lurks on the victim’s network or computer, recording and logging all of the information that the person accesses or transmits.
- Data breaches – illegal accessing of an individual’s or organization’s information
Cyberterrorism affects everyone from governments to organizations, institutions and citizens. The crippling effect of these acts can be huge, affecting millions of people in terms of loss of property including key IT assets, wealth and sometimes even life. For organizations too, the consequences can be catastrophic, resulting in bankruptcy and huge ransom payouts to restore systems.
Fighting the Phish
On the back of many cyberterrorist acts and ransomware attacks, it is but natural that measures are being continually stepped up to address this major security threat. The World Economic Forum is committed to helping governments and businesses address unprecedented security risks that threaten to undermine economic growth and public trust, by providing a global platform for dialogue and collaboration between cybersecurity communities in the private and public sectors. The body aims at bringing experts and decision-makers who want to build greater resilience closer.
And in the US, the Biden Administration announced in March 2022 that the Federal Communication Commission will seek rules mandating minimum cybersecurity standards for infrastructure firms, even as the President himself called for greater awareness and response to cyber threats and promotion of reliable industry-grade networks across the public and private sectors.
Aurora with its suite of cybersecurity solutions covering Phishing, Malware detection, CASB, Endpoint detection and others make it the ideal cybersecurity partner to counter cyber threats and cyberterrorism. For more information, visit www.aurorait.com, email us on firstname.lastname@example.org or call +1 888 282 0696.
- What is Cyber Terrorism? – GeeksforGeeks
- Cybersecurity in 2022 – A Fresh Look at Some Very Alarming Stats (forbes.com)
- Ransomware – Next Level Malware | Aurora (aurorait.com)
- Phishing Risk Assessment | Aurora (aurorait.com)
- Internet of Things (IoT) – Technology Without Borders | Aurora (aurorait.com)