Cyber warfare is no longer a futuristic concept, in today’s increasingly digital world, it poses a very real and significant threat to a nation’s national security and interests.
Cyber warfare typically refers to cyber-attacks perpetrated by one nation-state against another, however, it can also be used to describe attacks by terrorist groups or hacker groups aimed at furthering the goals of individual nations.
These cyber-attacks will often take place under the radar, however, there has been an increase in the number of more high-profile cases, including Russia’s alleged manipulation of social media to influence the 2016 US presidential elections.
One of the major problems with cyber warfare is it’s often difficult to work out who launched the attack. Due to the anonymity the internet provides, and the deceptive methods used by hackers to cover their tracks, it can often be difficult to trace the perpetrator of a cyber-attack.
Often it will only be the intelligence or guesswork surrounding the motives that will point to the country, organisation or person that may be behind the crime.
Cyber warfare could potentially be used to destabilise a country by attacking critical infrastructure such as national power grids, financial markets or military databases. The damage resulting from an attack on this scale could be devastating.
What forms can cyber warfare take?
1. DDoS Attacks
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with huge volumes of traffic from multiple sources. This attack method was used in 2007 when cyber warfare officially made the headlines.
After Estonia attempted to relocate a Soviet war memorial, Russia was accused of launching a huge DDoS attack in retaliation. More than 1 million computers were used to take down government, business and media websites.
Massive waves of spam were sent by botnets, and huge volumes of automated online requests were used to flood servers. The cyber-attack caused massive disruption and is thought to have cost the Estonian economy tens of millions of Euros in damage.
2. Malware (Viruses, Worms, Trojans)
Viruses, Worms and Trojans are all forms of malicious software that can be used in cyber warfare attacks. They can be used to infect a system by being grouped with other programs, attached as files, installed by exploiting vulnerabilities in older software, or as in the vast majority of cases, they are installed when a user falls for a phishing scam and clicks on an attachment or downloads a file.
This method was used in one of the first nation-state cyber-attacks in 2010 when the Americans and Israelis collaborated to take stop Iran from producing Uranium that could be used in nuclear weapons.
A computer worm known as Stuxnet was placed on an infected USB stick and used to gain access to the Iranian computer systems. Although it didn’t completely halt operations it did destroy nearly 1,000 uranium enriching centrifuges and significantly reduced Iran’s nuclear capabilities.
3. Unpatched Software
Unpatched software is one of the main causes of computers getting hacked. Criminals are quick to take advantage of any vulnerabilities in older and outdated software to launch an attack.
‘Patching’ fixes these vulnerabilities so hackers are unable to gain entry into a system to steal sensitive data, lock users out, or demand a ransom. If patches are not applied, it provides cybercriminals with an easy access point to networks.
Is cyber warfare as dangerous as traditional warfare?
Some would argue that cyber warfare will never inflict the same damage that traditional warfare can cause, however, cyber-attacks are capable of causing massive economic and infrastructural damage that could ultimately endanger human life.
Former US Defence Secretary Leon Panetta warned of a ‘Cyber Pearl Harbour’ where an enemy state could hack into digital systems to shut down power grids or even gain control of switches and derail passenger trains.
This may seem far-fetched, but the damage that could be inflicted through cyber warfare is very real and there is already clear evidence that these tactics are already being deployed throughout the world.
Keeping up with the rapid advancements in cyber threats, and the looming threat that cyber warfare may cause can prove difficult, however, there are a range of cyber security best practices that organisations can adopt to strengthen their defences.
These include:
- Engaging cyber security training for staff– Criminals use a range of social engineering tactics to trick employees into disclosing sensitive data or installing malicious software on their PC’s. Effective security awareness training is essential in training employees to identify and respond appropriately to the growing range of cyber security threats.
- Never click on suspicious links – Never click on suspicious links or download attachments from unknown sources. Criminals use these links to lure victims into disclosing personal information or as a way of installing back door Trojans to infect computers.
- Anti-virus software – Anti-virus software will help detect threats on PCs and block unauthorised users from gaining access.
- Continually update software – Software needs to be updated regularly to prevent hackers from gaining access to networks through vulnerabilities in older and outdated systems.
- USB Safety – Never plug an unknown USB Drive into your computer and always make sure to have all work USB devices securely locked away when not in use.
- Incident Response Plan – The implementation of an incident response plan will keep staff informed, improve organisational structures, improve customer and stakeholder confidence, and reduce any potential financial impact following a major incident.
- Penetration testing and vulnerability scanning – Penetration testing (pen testing) is an authorised simulated attack on a computer system. The test will help identify any vulnerabilities in the system and flag up any areas that pose a serious threat to security.
To ensure that staff are engaged, informed and educated, we have created the best quality eLearning content available on the market. Contact us for further information on our high quality eLearning videos or to arrange a free trial.
