By: Ryan Mook
By 2021, cybersecurity spending is set to break $1 trillion, but that figure is miniscule compared to the amount of damage that is inflicted by cyber criminals. It is estimated that in 2021, damages from cyber-crime will top $6 trillion worldwide. Traditional or physical crime is slowly dying and becoming a thing of the past. Today, small time hackers working from their parent’s basement to entire nation states are utilizing the global digital infrastructure that we have come to rely on. Everything from Snapchatting your friends to powering entire city grids are connected in one way or another to the rest of the world. It is this interconnectedness that helps us see what is going around the world but might ultimately lead to our downfall.
Do not be mistaken, and many of you may already know this, but everything you put on your private social media account or even a paper you wrote in a Microsoft Word document on your personal laptop is subject to the hands of sophisticated cyber criminals. Nothing is private when you have the tools and knowledge to hack into any device that is connected to the internet, or even not connected. Hackers are experts at scouring an attack surface area (all the vulnerabilities of a system or network) and exploiting small hidden entryways, called attack vectors. Whether it be by introducing malicious software also known as malware via a fake email link, clicking on an unknown website, or plugging in a bugged USB hard drive, hackers will certainly find a way. Once inside it is up to the hacker’s discretion to steal private information, observe the user’s activities, wipe out whole hard drives of memory or exploit the system in some other manner they choose.
For the most part, these criminals are less likely to target your personal computer but rather the businesses who’s services you use. In 2007 a famous cyber-attack targeted TJX, the parent company to stores such as TJ Maxx and Marshalls, in an operation that led to around 46 million customers’ personal information being stolen. Storing personal information such as credit card information and social security numbers on Gmail and Amazon has become a favored target for criminals looking to profit off this information. Every year, thousands of different attacks are aimed at these organizations and even governments. To name some attacks, there are Distributed Denial of Service (DDoS) attacks where a hacker will overload a company’s system by sending hundreds or thousands of service requests repeatedly, introducing malware to a system or network, sending phishing emails to get login credentials, and social engineering whereby a person physically tampers with the software or network.
A DDos Attack Visualized
Although hacking has become more sophisticated, cyber security is starting to catch on and businesses are pouring millions of dollars into their information security departments. It is critical for companies and individuals that their software is updated and maintained. For larger organizations, proper employee training, keeping backlogs, and running simulated attack situations will keep sensitive data from falling into criminal hands. On the level of governments, the next generation of warfare is manifesting and that is in cyberwarfare. Cyberwarfare can be used to cripple entire countries by targeting national infrastructure controlled by PLC’s or programmable logic controllers. PLC’s are used to control everything from water and electric utilities to entire nuclear power plants.
No one is safe no matter where they are or who they are. Technology is expanding to all corners of the globe. Instead of guns and bombs, countries are fighting with 1s and 0s called bits that computers use to carry out all functions. Back in 2010, the world witnessed the power of cyber warfare. Although the U.S and Israel never publicly acknowledged it, it is widely accepted that these two countries pulled off one of the first major cyber-attacks called Stuxnet. Stuxnet was a sophisticated computer worm created by the NSA jointly with Israel’s cyber unit that targeted Iran’s nuclear facility. The worm specifically targeted zero-day vulnerabilities (previously unknown vulnerabilities) in the PLC’s that controlled the centrifuges. Once inside the worm sped up and slowed down the centrifuges causing them to spin out of control and destroy themselves. This was all carried out without alerting the Iranian scientists watching over the centrifuges as the worm relayed false information back to the scientists.
Centrifuges targeted by Stuxnet
Cyber warfare is already upon us and nation states have been building up their digital armories for over a decade. No one knows for certain why countries like China, Russia, the U.S, and Israel have not unleashed their secret cyber weapons. Could it be for fear of collateral damage or retaliation? One thing is certain and that is that cyber security has become a main focus for governments, businesses, and individuals alike. There is nothing we fear more than the unknown and that is exactly where we are headed.