UPSC 2022 countdown has begun! Get your personal guidance plan now! (Click here)

Context

The war between Russia and Ukraine is not only being fought on the ground, but also in cyberspace. Cyberattacks on state-owned digital assets, including websites and banking services, have gradually increased in both frequency and sophistication, beginning with Distributed-denial-of-service (DDoS) attacks before escalation with the use of complex wiper malware and ransomware.

What has happened in Ukraine so far?

Ukraine has been one of the primary targets of Russia since 2020. The recent spate of attacks started in mid-January and knocked out websites of the ministry of foreign affairs and the ministry of education.
The attacks have intensified in the last few weeks and now, banks in Ukraine are being targeted.
DDoS attacks disrupt online services by overwhelming websites with more traffic than their server can handle.

What is cyberwarfare?

Another front of war: Cyberwarfare has emerged as a new form of retaliation or passive aggression deployed by nations that do not want to go to actual war but want to send a tough message to their opponents.
A cyber-attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.
Cybercriminals use a variety of methods to launch a cyber-attack, including malware, phishing, ransomware, denial of service, among other methods.
Case with India: In 2020, Gothic Panda and Stone Panda, two China-based hacker groups, targeted media and critical infra companies in India with large-scale attacks amid the border stand-off between India and China.
For many countries, cyberwarfare is a never-ending battle as it allows them to constantly harass and weaken geopolitical rivals.

What do cyber attackers target?

Cyberattacks happen because organizations, state actors, or private persons want one or many things, like:

Business financial data
Clients lists
Customer financial data
Customer databases, including personally identifiable information (PII)
Email addresses and login credentials
Intellectual property, like trade secrets or product designs
IT infrastructure access
IT services, to accept financial payments
Sensitive personal data
US government departments and government agencies

When Did Cyber Warfare Start?

Cyber warfare began in 2010 with Stuxnet, which was the first cyber weapon meant to cause physical damage. Stuxnet is reported to have destroyed 20% of the centrifuges Iran used to create its nuclear arsenal.
Then, between 2014 and 2016, Russia launched a series of strategic attacks against Ukraine and the German parliament.
During the same period, China hacked 21.5 million employee records, stealing information from the U.S. Office of Personnel Management.
In 2017, the WannaCry attack impacted upwards of 200,000 computers in 150 countries. The attack targeted Windows computers with ransomware.
The NotPetya attack originated in Ukraine, destroyed files, resulting in more than $10 billion in damage.

Why do cyber-attacks happen?

In addition to cybercrime, cyber-attacks can also be associated with cyber warfare or cyberterrorism, like hacktivists.
Motivations can vary, in other words. And in these motivations, there are three main categories: criminal, political and personal.
Criminally motivated attackers seek financial gain through money theft, data theft or business disruption.
Personally motivated, such as disgruntled current or former employees, will take money, data or a mere chance to disrupt a company’s system.
Socio-political motivated attackers seek attention for their causes. As a result, they make their attacks known to the public—also known as hacktivism.
Other cyber-attack motivations include espionage, spying—to gain an unfair advantage over competitors—and intellectual challenge.

Which countries are behind state-backed cyberattacks?

Russia is one of the top perpetrators of state-backed cyberattacks.
According to an October 2021 report by Microsoft Corp., Russia accounted for 58% of state-backed attacks worldwide, followed by North Korea (23%), Iran (11%), and China (8%).
North Korea is said to have built a cyber-army of 7,000 hackers.

Which companies are targeted and why?

State-backed cyberattacks are usually carried out to steal state secrets, trade deals and weapons blueprint, or target large multinationals to steal their intellectual property (IP) and use it to build local industry.
Cryptos are also on the radar now. North Korean hackers reportedly stole cryptos worth $400 million in 2021.
However, when states launch cyberattacks on other states as a result of worsening of geopolitical relations, the target is usually critical infrastructure firms to disrupt economic activity.

How often is India targeted?

Such cyberattacks rose 100% bet-ween 2017 and 2021, according to a global study by Hewlett-Packard and the University of Surrey.
In 2019, the administrative network of the Kudankulam Nuclear Power Plant was hit by a malware attack by North Korea-backed Lazarus Group.
China-backed hackers were believed to be behind a power outage in Mumbai in 2020.
According to Black Lotus Labs, Pakistan-based hackers targeted power firms and one government organization in India in early 2021 using Remote Access Trojans.

What are common types of cyber-attacks?

Common types of cyber-attacks are:

(1) Backdoor Trojan

A backdoor Trojan creates a backdoor vulnerability in the victim’s system, allowing the attacker to gain remote, and almost total, control.
Frequently used to link up a group of victims’ computers into a botnet or zombie network, attackers can use the Trojan for other cybercrimes.

(2) Cross-site scripting (XSS) attack

XSS attacks insert malicious code into a legitimate website or application script to get a user’s information, often using third-party web resources.

Denial-of-service (DoS)

DoS and Distributed denial-of-service (DDoS) attacks flood a system’s resources, overwhelming them and preventing responses to service requests, which reduces the system’s ability to perform.
Often, this attack is a setup for another attack.

(3) DNS tunnelling

Cybercriminals use DNS tunnelling, a transactional protocol, to exchange application data, like extract data silently or establish a communication channel with an unknown server, such as a command and control (C&C) exchange.

(4) Malware

Malware is malicious software that can render infected systems inoperable. Most malware variants destroy data by deleting or wiping files critical to the operating system’s ability to run.

(5) Phishing

Phishing scams attempt to steal users’ credentials or sensitive data like credit card numbers.
In this case, scammers send users emails or text messages designed to look as though they’re coming from a legitimate source, using fake hyperlinks.

(6) Ransomware

Ransomware is sophisticated malware that takes advantage of system weaknesses, using strong encryption to hold data or system functionality hostage.
Cybercriminals use ransomware to demand payment in exchange for releasing the system. A recent development with ransomware is the add-on of extortion tactics.

(7) Zero-day exploit

Zero-day exploit attacks take advantage of unknown hardware and software weaknesses. These vulnerabilities can exist for days, months or years before developers learn about the flaws.

What can cyber-attacks do?

If successful, cyber-attacks can damage enterprises.
They can cause valuable downtime, data loss or manipulation, and money loss through ransoms. Further, downtime can lead to major service interruptions and financial losses. For example:

DoS, DDoS and malware attacks can cause system or server crashes.
DNS tunnelling and SQL injection attacks can alter, delete, insert or steal data into a system.
Phishing and zero-day exploit attacks allow attackers entry into a system to cause damage or steal valuable information.
Ransomware attacks can disable a system until the company pays the attacker a ransom.

How cyber-attacks can be reduced?

Organizations can reduce cyber-attacks with an effective cybersecurity system.
Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks, involving technology, people and processes.
An effective cybersecurity system prevents, detects and reports cyber-attacks using key cybersecurity technologies and best practices, including:

Identity and access management (IAM)
A comprehensive data security platform
Security information and event management (SIEM)
Offensive and defensive security services and threat intelligence

What are recent Cyber Attacks in news?

(1) Russia/Ukraine conflict

Check Point Research (CPR) has released information on cyber-attacks that have been seen in the context of the ongoing Russia-Ukraine conflict.
In the first three days of battle, cyber-attacks on Ukraine’s government and military sector increased by an astounding 196%. The number of cyber-attacks on Russian businesses has climbed by 4%.
Phishing emails in East Slavic languages grew sevenfold, with a third of those malicious phishing emails being sent from Ukrainian email addresses to Russian receivers.

(2) SolarWinds Sunburst Attack

The world is now facing what seems to be a 5th generation cyber-attack – a sophisticated, multi-vector attack with clear characteristics of the cyber pandemic.
Named Sunburst by researchers, this is one of the most sophisticated and severe attacks ever seen.
The attack has been reported to impact major US government offices as well as many private sector organizations.
This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates.
Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse.

(3) HermeticWiper malware

This was named after the false digital certificate used to sign the file, which is issued under the name of a company named Hermetica Digital Ltd.
This is wiper malware which means it is designed to wipe the hard drives or system storage of the systems it infects.
The malware used against Ukrainian targets misused legitimate drivers of popular disk management software to corrupt data on the infected machine.
The wiper was used to target Ukrainian organisations.
Due to this attack, customers of Privatbank, Ukraine’s largest state-owned bank, and Sberbank, another state-owned bank reported problems with online payments and the banks’ applications.
The hosting provider for Privatbank and the Ukrainian army were among the attackers’ targets.

Way forward

The need to be aware of the nature of the cyber threat and take adequate precautionary measures, has become extremely vital.
New technologies such as artificial intelligence, Machine learning and quantum computing, also present new opportunities.
Pressure also needs to be put on officials in the public domain to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.
It is time that cybersecurity as a specialised discipline becomes an integral component of any IT syllabus being taught within our university systems as well as outside.
Coordination among CERTs of different countries. Ensure that vulnerable sections of our society do not fall prey to the evil designs of cyber criminals.
Need for India to move on from IT security to cyber security.
Organisations that are hit by cyber-attacks must inform law enforcement immediately instead of worrying about their reputations.
Important to have crisis management plans so that it helps to react in a given situation.
A dedicated industry forum for cyber security should be set up to develop trusted indigenous solutions to check cyber-attacks.