Cyberattacks, Cyberwarfare & Stuxnet
What is a cyberattack?
A cyberattack can come in many shapes and forms. The fundamental idea is to infiltrate and gain unauthorised access to data.
Ransomware — holds files or the computer system at ransom in exchange for money. After accessing unauthorised control, the program encrypts the system stopping all access to the network and files on the system. Now, held at ransom, there’s a price to pay to gain access to your system. My research suggests that the best defence against Ransomware, is to backup your computer as often as possible
Malware — designed to cause damage to a computer, or gain unauthorised access to the computer. Malware is continually evolving, divulging and so Malware is a multi-case concept, with no definitive definition and arguably is relevant to all examples in this list. One example of gaining unauthorised access however, is through screen scraping. An example of Screen scraping working begins when the victim interacts with a rigged element on a page which essentially hands over access to the victim’s computer. Then their entire session is logged as video footage on a remote computer, perhaps combined with a key-logger to monitor all key inputs. This is where sensitive data can be collected.
Social Engineering — is a tactic used to trick users into handing over sensitive information. This is heavily reliant on forging reputable sources, and redirection. Social Engineering attacks can be both targeted or passive attacks. Essentially, gaining the victim’s trust whilst assessing what possible vulnerabilities may be on their system. Baiting, Scareware, Pretexting (requiring sensitive information to complete an important task).
Phishing(non-targeted)/Spear Phishing(targeted) — The most common type of cyber attack. Usually fraudulent emails that resemble genuine, reputable sources that are set up to lift sensitive information off of the victim, or introduce the malware to the victim’s system. Key-logging, screen scraping, finding backdoors, all effectively resulting in some form of payload. A payload is the result of malware completing it’s course. This could be harming the system, gathering information, or perhaps something entirely non-malicious.
A lot of the aforementioned strategies rely on the user’s negligence, or ignorance to safe computing practice. By not staying vigilant, our devices & files — virtually anything — is prone, and at risk!
Cyberwarfare & Stuxnet
In the last decade, cyberattacks have expanded extensively. In 2010 Stuxnet was discovered. It is believed that development of Stuxnet started in 2005. It was the first instance of cyber-warfare between states (the first digital weapon ) and its main purpose supposedly, was to stop productions at a Uranium Enrichment Plant in Iran, Natanz.
The Enrichment Plant was on a secure private server, and so Stuxnet had to have multiple infiltration methods to gain access to the Plant. It began spreading from device to device, having multiple methods to contaminate machines.
It was designed to target Siemens PLCs (Programmable Logic Controller), as the centrifuges inside the factory were run on them. These particular PLCs are found in a wide variety of machinery, they contain some code script used to instruct the machine on what it needs to do. In the Centrifuges case, part of the PLC’s script was to insure that the centrifuge would rotate x amount of times per minute (4,700RPM) in order to manufacture the uranium safely.
Stuxnet passed from computer to computer, not doing anything until it reached the right computer. It only became active once it reached a specific IP address. That IP address was either the plant’s or someone who had access to the plant. Once infiltrated, it found the PLCs on the server and rewrote their code so that the centrifuge’s would spin at a dramatically increased RPM. This caused the centrifuges to crack, and the Uranium to spoil. Stopping the factory’s production of Uranium.
Stuxnet lay in wait for 13 days, and logged all the data the server collected that told the monitoring team that the process was indeed okay. It then relayed all the same information that it had collected back to the monitoring team, so that real realtime data would never reach them, and they would be under the illusion that the factory floor was running effectively.
Another note on Stuxnet, it contained 5 zero days. A zero day is essentially a piece of malware script that has never been seen before. Security software would not recognise it, and wouldn’t know to look for it’s signature, as it has previously never been discovered. A zero day gets it name, because upon its discovery it has 0 days of being known about.
Stuxnet has revolutionised the way we think of malware, cyber attacks & cyber security. It truly was the first digital weapon devised, and was incredibly effective. It could be said, that the future of warfare will be fought with code. State undermining state, espionage etc etc.
