Cyber warfare was a staple of movies in the 1990s: just think of Tron, Hackers, or the classic (and terrible) WarGames.
In 2019, though, cyber warfare is no longer science fiction. States are increasingly seeing the cyber realm as an important military theater and deploying considerable resources to develop new types of attacks and ways to defend against them.
This is partly why there has been so much talk about cyber security in recent years. The techniques that companies, states, and individuals are deploying to keep themselves safe are growing more sophisticated year on year. Cyber security is no longer the preserve of multinationals and highly paid consultants: today, even individuals are taking steps to avoid becoming a victim of cyber warfare.
Cyber warfare attacks are generally targeted at critical infrastructures such as power grids, nuclear enrichment facilities, and missile launch systems.
Most of them, though, rely on compromising civilian computers and other devices. This is because many attacks rely on recruiting consumer devices into botnets or simply using your devices as a way to infect military and corporate networks with malware.
That means that everyone is exposed to the growing threats of cyber weapons, and everyone should take cyber security seriously.
You might think that you are a long way from the frontline of inter-state warfare, but you are not. Today, your devices are a critical part of the battlefield.
What Is Cyber Warfare?
Cyber warfare is essentially warfare between states, albeit conducted in the cyber realm. It consists of states (and state-sponsored agencies) launching cyber attacks against each other.
The objectives of launching these attacks are various. Sometimes, the motive is to steal corporate or state secrets. Sometimes, an attack aims to disrupt critical infrastructure, or merely infect the software behind this infrastructure and lay silent until it is needed. Needless to mention, some attacks seek to influence elections, either by directly hacking voting software or distributing propaganda among crucial voters.
This might sound paranoid, but cyber warfare is, in fact, being waged right now.
Even if two states are not actively at war, they will often launch cyber attacks against each other. Launching these attacks is cheap, and essentially undetectable if done correctly. This makes cyber warfare a very attractive tool for states that can't risk the consequences of more conventional forms of attack.
This is partly because such attacks can be launched covertly, and partly because there is no internationally agreed framework for assigning blame (or applying sanctions) for cyber attacks. Because of this, states such as Russia and Iran (and sometimes even the United States) launch cyber attacks on a fairly regular basis.
Types Of Cyber Attack
Though cyber warfares concern conflicts between states, many of the weapons used in cyber warfare are directed at civilians.
In fact, many of these attacks rely on people like you and me practicing poor cybersecurity and make use of popular and widespread hacking techniques. Let's take a look at a few of these.
Man In The Middle Attacks
Another common attack vector is to stage a man in the middle attack to gain access to key networks or information, and then use the stolen data to launch further attacks.
A man in the middle attack is a type of cyber attack in which a hacker intercepts the data passing between you and a website, app, or server. They can then read, steal, or even alter this data. In this way, you think you are communicating with a legitimate and secure service, but in fact you are sending critical information to an attacker.
Phishing
Phishing has been around as long as the internet, but is more widespread than ever. Most phishing attacks are designed to get access to your banking details, but phishing is also commonly used in cyber warfare.
That's because phishing emails are an effective way of infecting a target with malware. Once a civilian machine (like yours) is infected, an attacker can use your computer to launch further attacks against military or governmental targets.
Malware
Many forms of cyber warfare also make use of malware. Infecting government or military computers with malware is often, in fact, the goal of cyber warfare attacks.
In order to do that, though, an attacker needs to infect as many computers as possible with malware, in order to increase the chances that one of these civilian machines will then infect the target system.
That means that your computer is a valuable asset in the ongoing cyber war. Without realizing it, your devices could be full of military-grade malware, just waiting until you connect to a target network.
Recent Attacks
The list of cyber warfare attacks that have been launched, even in the last year, is a long one. But in order to understand the characteristics of these attacks, let's look at a few key examples.
Petya
Petya was arguably the largest and most damaging cyber attack in history. Petya (and, later, NotPetya) was a piece of malware that encrypted all of the information stored on infected machines, and then demanded a Bitcoin payment to return this data.
While the aim of attack initially appeared to be to make money, subsequent investigation revealed that it was something quite different. Launched by a hacker group associated with the Russian government, Petya is now regarded as a test for future inter-state attacks.
WannaCry
WannaCry was similar to Petya in many ways. It was also a piece of ransomware that spread very quickly. Like Petya, at first it also appeared to be the work of rogue hackers seeking to get rich.
WannaCry, though, was then found to also be the work of the Russian government.
GitHub
More recently, GitHub became the victim of the largest DDoS attack in history. A DDoS attack is a type of attack that seeks to shut down a website by flooding it with requests, and typically makes use of a botnet to do this.
Though the source of the attack on GitHub has not yet been traced, the scale of the attack has led some to conclude that it was the work of a government.
Just like Petya and WannaCry, then, the GitHub attack is an example of how civilian machines (including the one you are reading this on) can become assets in the ongoing cyber war.
The Future Of Cyber Security
The scale of cyber warfare today means that there is an arms race on. As new forms of attack emerge, new countermeasures are developed, then avoided, and so on.
There are three key pieces of technology, though, that are likely to drive the development of cyber warfare in the coming decade.
Machine Learning And AI
Artificial Intelligence is already being deployed in a wide range of situations, and it is likely that governments are already incorporating it into their cyber weapons.
The Cloud
Cloud storage represents both a risk and an asset when it comes to cyber warfare. On one hand, distributed storage can make critical information easier to steal, because an attacker only needs to identify one weak machine in order to compromise a system. On the other hand, with the correct encryption, cloud storage can actually be more secure than physical drives.
Blockchain
Blockchain is also likely to revolutionize cyber warfare in the coming years. By providing a secure way to share key information between multiple users, it promises to protect data from the most common types of cyber attack. On the other hand, we don't think it will be long before even blockchain is compromised.
What To Do About It
Simple. Encrypt everything. While it might not seem like you have much power in comparison to the governments that want to compromise your security and privacy, you do.
One simple way to reduce your exposure to cyber attacks — whether these are deployed as part of cyber weapons or merely to make money for a hacker — is to encrypt all of the information you send and receive online.
Encryption is a powerful tool to protect your information and privacy, because it means that even if someone manages to get hold of your data, they won't be able to read it. There are many types of encryption, and the technique is used across a wide variety of devices. Email is commonly encrypted using PGP, for instance, and you should also use WPA2 encryption on your home WiFi network.
Because encryption stops anyone from being able to read the data you are sending, it protects you against many common forms of cyber attack, including man in the middle attacks and DNS Spoofing. It also keeps you anonymous online, and therefore protects your privacy.
The ultimate form of encryption is to use end-to-end encryption for everything you do online. That might sound complicated, but it is not. By using a VPN like PureVPN, you can make sure that every piece of information you send or receive online is encrypted using powerful military-grade protocols.
By using a VPN, you can protect yourself against a wide array of online threats, whether these arise as part of government cyber weapons or are merely the work of a local hacker.
In short, the best way to stay safe in the coming world of cyber warfare is to get a VPN.
No comments:
Post a Comment