Just ten years ago, Internet security abuses were almost synonymous with small-time crime, e.g., poorly spelled email messages used in attempts to steal banking credentials. The threat is very different these days.
Starting in 2007, nation states started using cyberattacks to accomplish political goals. In the first high-profile case, prompted by political tensions between Estonia and Russia, a series of cyberattacks took down the internet in Estonia—including the Estonian parliament, banks and news organizations. Georgia suffered similar attacks just one year later. In December 2015, in the middle of armed conflict between Ukraine and Russia, politically motivated hackers took down a large portion of the Ukranian power grid. Stuxnet is another example of a politically motivated cyberattack. Constructed by U.S. and Israeli forces with the goal of sabotaging Iran’s nuclear program by corrupting SCADA and PLC systems, it was one of the first known covert cyberattacks.
While early politically motived cyberattacks focused on destruction – whether related to the internet, the power grid or uranium centrifuges—a more recent breed of politically motivated attacks have instead aimed at extraction of sensitive information. This is the likely motive behind the 2016 ransomware attacks mounted on members of the U.S. congress, and beyond doubt the reason for the 2014 attack on the Office of Personnel Management and the 2016 attack on the Democratic National Committee (DNC). Another form of attack based on extraction focuses on funds instead of information; an example of this is the 2016 series of attacks on the Swift infrastructure, epitomized by the heist on Bangladesh Bank. This attack straddled the fence between politics and profit by transferring massive amounts of funds to a politically ostracized regime.
Whether we are considering attacks aiming for destruction or extraction, it is indisputable that the sophistication of attacks has shot through the roof as groups sponsored by nation states have entered the playing field; however, at the same time, the principal attack vectors have remained the same. Namely, all the attacks described above involved malware, and most leveraged social engineering to create deceptive emails—commonly for delivering Trojans, sometimes for stealing credentials.
Over the coming weeks, I’ll be publishing a series of blog posts that explore the use of email as an attack vector in more detail. Don’t forget to subscribe (in the top right hand corner of this web page) to find out when my next blog is published.