2.2. Key risks, targets, and perpetrators of cyberattacks
🎯Who are the main perpetrators and what are the key targets?
Cyber attacks include a multitude of criminal activities, from stealing one’s password or hacking into a susceptible system to corporate and government espionage to acquire sensitive information.
In the early days, the perpetrators of cyberattacks were mostly the ‘geeks’ – ICT-savvy individuals – who were able to hack systems, develop malware, and conduct cyberattacks. With the development of online criminal markets, however, cyber tools are readily available for any criminal with certain financial resources and the minimal skills to access those markets. It is often hard to pinpoint the exact individual or entity behind a cyberattack as hackers can use multiple devices or people scattered worldwide to conduct an attack. A paradigm shift in cybersecurity was introduced with the entrance of governments – with their vast human and financial resources and geopolitical interests – to the list of perpetrators. It is also important to remember that, unlike physical space where only actors based in relative proximity to the target can actually pose a threat, in cyberspace actors can be anywhere around the world, even thousands of miles away from the targets, adding an incognito presence which increases the gravity of the challenge. Threats usually take the form of attacks and tools for conducting attacks, whose range and sophistication continuously expand.
The most common attack tools are the use of malware, as well as spam, e-scams, and phishing techniques. Critical infrastructure and government structures, however, are often under the attack known as an advanced persistent threat (APT): an attack that combines a number of tools and techniques to allow unauthorised access to the system and undetected residence within it over long periods of time (even years), in order to steal sensitive information (such as for espionage), or to sabotage the system.
Malware – short for malicious software ~ is behind most attacks that go beyond a simple hoax or deceit. The malware works by exploiting flaws in the victim’s operating system or some of the software or hardware used. Some highly sophisticated types of malware target specific complex systems of controllers and can lead to physical damage to a facility. Ultimately, malware is a fundamental component of one of the most powerful cyber ‘weapons’ of today: botnets – remotely controlled ‘zombie’ computers (or bots) used to steal personal data and IDs or perform attacks on other computers without the knowledge of their owners.
Trojan horses, viruses, and worms are classified as malware (Figure 2).
While in the past malware was available only to highly skilled programmers and hackers, today a vast variety of code is readily available within the online black markets. AV-Test, an independent IT security institute in Germany, reports that it registers over 450,000 new malicious programs and potentially unwanted applications every day. Malware is primarily spread by disseminating infected legitimate-looking files (executable files, MS Office files, even PDFs and photos) attached to an email or social media message. Alternatively, it can be embedded in the form of malicious scripts on bogus websites (often as an ‘exploit kit’, designed to identify software vulnerabilities in devices accessing the website, and allow the attacker to remotely implant their malicious code in it), or even on legitimate but infected websites. If the intention is to deliver a massive attack, such as for ransomware, spam botnets are often used to widely distribute attachments or web links across the compromised databases of emails, hoping to see many recipients activate the malware. Targeted attacks, however, include sophisticated phishing approaches to ensure that the specific target will activate the attachment or the link. Certain viruses are capable of spreading via USB and Bluetooth; Stuxnet is a typical example of a virus that penetrated the so-called ‘air-gapped’ system (not connected to the internet) through USB memory sticks.
Test your knowledge!
Do you know what the main concepts related to cybersecurity attacks mean? Test yourself here and read more, if needed.
Case study: What are some of the key cyber risks pertaining to the African continent?
When it comes to internet penetration, Africa is the fastest-growing continent. It is estimated that the percentage of people using the internet grew from a mere 2.1% in 2005 to 43% as of December 2020. Although the gap between digital haves and have nots are slowly decreasing, the cybersecurity gap seems to be widening. According to the latest Global Cybersecurity Index Report published by the ITU, only four countries in sub-Saharan Africa (Mauritius, Tanzania, Ghana and Nigeria) are among the top 50 countries with the highest cybersecurity indices. In addition, the data shows that Africa has the highest exposure to cyberattacks per country. The visualisation below shows the level of exposure to cybercrime by country.
Security-related risks are varied and numerous and different actors have identified main challenges and threats that merit attention. The INTERPOL has, for instance, identified the most prominent threats based on input from the INTERPOL, the member countries and data drawn from private sector partners. These include online scams; digital extortion, where users are tricked into sharing compromising images that are used for blackmail; business email compromise, where criminals hack into email systems to gain information about corporate payment systems, while tricking the employees into transferring money into their bank account; ransomware; and botnets.
The analysis for the Africa Center for Security Studies points to four major categories of security risks –espionage, critical infrastructure sabotage, organised crime, and the shifting contours of the African battlefield. Cyber espionage, or hacking into adversarial systems to obtain sensitive data is widespread as the rapid digitalisation and increasing access to new technologies enables a broad range of actors to conduct such activities. Attacks on critical systems are also becoming more frequent with banks being the most common target. There is also an increase in cyberattacks against maritime infrastructure. The third risk refers both to online frauds and thefts such as the business email compromise, but also a traditional organised crime that is shifting to the online environment. The last category refers to the integration of emerging technologies, such as drones and AI systems into modern combat with significant implications for military operations and battlefield tactics.
Contribute and engage
Module 3a focuses on cybercrime, its impact, and responses from law enforcement. Refer to the dedicated module for more information on the topic.
Enrol in Diplo’s Cybersecurity online course! This 10-week online advanced course in Cybersecurity covers technological and geopolitical risks, policy challenges, actors, and initiatives related to cybersecurity, especially those related to cybercrime, violence, child protection, the security of core infrastructure, and cyberwarfare. It also covers a broader context: the relations of cybersecurity with economic development and human rights.
thatonaomimampe1@gmail.com