Over the last three decades, cyberwarfare has really evolved. Before the 1990s cyberwarfare was not so highly regarded. It was not until the 90s that the first remarkable cyberwarfare attack was perpetrated against the U.S. military (Chapple & Seidl, 2015). From this period onwards, the concept of war took a whole new turn; governments resulted to cyberattacks and cyber espionages which constitute what is now referred to as cyberwarfare. As Paganini (2016) put it, the cyberspace has become the fifth warfare domain in addition to air, sea, space and land. Which means that cyber warfare constitutes all the actions committed by one government in a bid to penetrate another governments networks (computers) with an aim of causing disruption or damage to their system.
As already mentioned, cyberwarfare dates back to the 1990s. The basis of cyberwars was the code-named Eligible Receiver in 1997 which exposed the feebleness in the U.S. military computer system and the government at large. Following it in 1998 was the first major attack, Solar Sunrise which was perpetrated by some two teenagers with the help of the Israeli hacker called The Analyzer. A month after the Solar Sunrise attack, in March, the Moonlight Maze was committed on America research laboratories, universities, and government agencies. Purportedly, the later attack lasted for over a year before it was detected. Much is not known about the later attack to the public domain. However, comparing the three sets of cyberattacks and cyber espionage, it is evident that the cyberwars began with mere tests (Eligible Receiver), then became more severe as time went from not so serious teenager oriented attacks to more serious inter-nation espionage which was supposedly led by Russia and lead to loss of voluminous sensitive information. In other words, the cyberwars had evolved into being more organized and politically and/or military motivated.
With time, from 1999 into the 2000s, the cyberwars had evolved into more direct and malicious situations. Which not only attacked the governments systems but the whole internet connections. Malicious codes and worms now ventured into the cyberwar platform led by the Honker Union group from China, which is assumed to have started in 1999. Notably, the group executed: the SQL Slammer worm in 2003; the Tibetan dissident Tsering Woeser cyberattacks in 2008; and the ongoing Japanese cyberattacks hinged on Japan-China territorial disputes (Chapple & Seidl, 2015). Important to note here is that the cyberattacks had well developed into use of malicious codes and worms for political reasons.
Many other cyberwar attacks were launched in 2000s the Code Red worm in 2001 that affected more than 350,000 computer systems worldwide with the Microsofts Internet Information Server (IIS) Web server software. Cyberwars had evolved to using of worms, instead of viruses, which self-spread through the internet infecting more and more vulnerable computer systems. The SQL Slammer (2003), the Titan Rain in 2005, the Stakkato (2003-2005), Poison Ivy (2005) which was a remote access Trojan (RAT), Senior Suter in 2007. By 2007, the cyberwars had evolved into extreme activities of acquiring missile launchers and other time-critical targets.
By 2010s the cyberwars were well established and sophisticated and they yielded a dominant domain of perpetrating conflicts between nations. Stuxnet is the best example which was developed with an aim of destroying Iranian nuclear program (Paganini, 2016). Many more cyberattacks have and are still being carried out worldwide. They have evolved to being more sophisticated and malicious with time and in the same way, the governments have invested in reducing the attacks and improving their systems to fight the attacks.
Characteristics of an APT
The Advanced Persistent Threat (APT) is the new era of cyberwarfare. In this case, hacking has evolved from script youngsters to sophisticated assailants who have well defined goals in their attacks. The name APT denotes the application of advanced technology in perpetrating the warfare, and the fact that the perpetrators choose specific targets and pursue their ultimate malicious goals persistently until they accomplish them. It may take years for APTs to accomplish their goals and they do so in a well-organized manner following a chain of command structure.
Notably, APTs have five major characteristics. Firstly, they employ erudite technical tools which are not known to other attackers. In this case, their tools are novel and hence they are able to execute attacks that the targets have less capabilities in defending. Secondly, the APTs apply social engineering in their attacks which means they are able to use worms (old-fashioned techniques) to infiltrate systems. In this case, the APTs are able to manipulate human behavior through the social engineering techniques they have that are generalized by as the APT Tradecraft (Chapple & Seidl, 2015).
Thirdly, the APTs are characterized with clearly defined objectives in whatever they intend to perpetrate and are governed by a well-defined mission in whatever they will to do. Fourthly, the APTs are characterized by presence and accessibility to extensive amounts of finance and human resources which they receive from dominant and powerful sponsors. They have in addition to the finances great talents and innovative teams which have access to high intelligence products. Last but not least, the APTs are characterized by teams that are well organized and disciplined in their lines of work. In this case, the teams are headed by an established command structure and have well defined control style.
As mentioned, the APTs are characterized by presence of APT Tradecraft which is composed of four major tradecraft types which include: the first tradecraft is the Zero-Day Attacks which take advantage of a window of vulnerability. In this case, the children of the country are not allowed to know of a previously discovered vulnerability on the children. Secondly, the APTs were employing malware to help standardize their swap. these malware is mainly composed of the remote access Trojan (RAT). These helps ensure that the accrued are well planned for and are authentic for the APTs members.
Thirdly, the Social engineering and phishing which entails use of old-school hacking techniques to gain the current access to the target spear phishing techniques to gain access to a specific individual system. Whereby the APT is therefore able to get access to the network advantage that the target victim is responsible for in the system administrators computer. Finally, the Strategic Web Compromises is a major Tradecraft in which the APTs take advantage of the web resources that the targets are fond of using in their day to day activities even as a group of target organizations. In this case, the APT compromises the targets most common Web facilities such that they gain a foothold for the perpetration of future attacks. Notably, the Strategic Web Compromise is referred to as the watering hole attacks as they tend to compromise the common most target web for their targets which gives them an easy time when they need to perpetrate their malicious acts on the targets themselves (Chapple & Seidl, 2015).
Effect of the Internet on Attacks
As pointed out in the characteristics of an APT attack, there has developed a use sophisticated modes of attacks than they were before. Here, the APTs depend on the internet to pass on their advanced malware and sophisticated cyberwarfare attacks. The popularity of the internet in the current livelihood has enhanced the cyberwarfare instances available for the APT. In this case, there is the Internet of Things which ensures that the internet based gadgets and devices are rapidly and quickly becoming ubiquitous in the market (Abomhara & Koien, 2015). As such, the APTs have increased their scope of perpetrating their cyberwarfare based on their own missions. They are taking the advantage of the growing spread of technology and the continuously growing internet interconnection worldwide.
As mentioned in the APT Tradecrafts and characteristics, the APT takes advantage and employs the Strategic Web Compromises as a common basis of perpetrating a cyberwarfare for the target subject (s). In this case, the Web compromises will occur through access to shared networks for the target groups of the attacks. Which means that the networks highly dependent on the interconnection between the people through the increased Internet of Things, which means that the internet plays a major role in establishing the connections. Also, basing on the fact that the internet has become very ubiquitous in the current days connections (Abomhara & Koien, 2015), then the APTs find use of internet connected platforms as a very crucial mode of perpetrating their cyberwarfare attacks for the relevant purposes.
In this case, the internet has reinforced the APT cyber warfare attacks and has made it much easier to locate and acquire targets. In this case, the ease of retrieval of ones information from the internet has become a major trend in the APT functions. The APTs are able to perpetrate their malicious attacks through Web Compromised attacks and also through passage of the advanced malware easily through the internet. The world wide web has become a major channel through which devious cyberwarfare is easily executed. A good example of such attacks and warfare is as mentioned earlier, the Stuxnet which was easily passed from one computer to another through unsecured transfer of the malware and worms from one vulnerable computer to another (Paganini, 2016).
Prior to the internet, the APT methodologies were mostly based on Social engineering technologies which were used to mimic human behavior (Chapple & Seidl, 2015). However, past the internets introduction, the techniques have upgraded to the use of sophisticated and advanced Remote Access Trojan and also to the use of zero-day attacks Tradecrafts. Notably the Remote Access Trojan and the zero-day attacks rely purely on future transmission or activation by the APTs when the time for the planned attack or warfare is due, is completely dependent on the internet. Through the internet, the APTs can be able to track down new target e.g. software and study for their weaknesses or loophole. Further, the loophole is filled by the APT with a disguised malware or worm until the software is sold to the right number or group of people from where then, the APT can initiate their long awaited and disguised attack or warfare.
Attack Origination and Perpetrator
Defending Endpoint especially the Industrial Control Systems (ICS), includes the defense against cyberwars for devices and systems which are used to control the industrial operation and production systems. In this case, it is essential to consider the major defense of the Critical Infrastructure Systems (CIS) such as electricity, water, transport, health, agriculture etc. A good example of such Industrial Control Systems are the supervisory control and data acquisition (SCADA) systems which require remote control for a wide range of resources such as the water supply system and the Distributed Control Systems (DCSs).
Notably, there are malicious cyber criminals who wish to disrupt, destroy or pollute the critical infrastructure systems and thus cause poor health, pollution or even death to the humans and animals in the vicinity of their disruption. For this reasons, it requires a great deal of study on the appropriate defense mechanisms for avoiding such ordeals. Therefore, a sneak peek on the most probable origins and perpetrators of such attacks based on the network interconnection between industry computers would be essential for esta...
Cite this page
Evolution of Cyber Warfare. (2019, Dec 09). Retrieved from https://speedypaper.com/essays/evolution-of-cyber-warfare
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal: