Terror groups, hacktivists want your money and your life -- Here's how to keep them away from it
Who is the adversary, our cybersecurity
“enemy”? Your mind might flash to the visual of a hooded figure with a
mask, hacking away on a computer in the shadows of a darkly-lit
basement.
It sounds pretty scary—if it were only true. Today’s cyber attackers are more sophisticated and corporate in their conduct than ever before.
The reality is, the adversary targeting your money
and resources can be anyone or any organization. To protect ourselves
against evolving cyberattacks, let’s look at the different types of
cybercriminals out there, their preferred targets, the types of ‘loot’
they seek, and their favorite offensive strategies.
Terrorist
organizations and hacking activists, known as “hacktivists,” are not
professional criminal organizations or nation-state attackers, they are a
less common type of cyberattacker.
Their
motivation is to advance religious and political agendas by spreading
propaganda and creating fear and terror through cyber-attacks that
weaken the U.S. economy, and ultimately detract from the global War on
Terror.
Terrorist
organizations and hacking activists are typically more primitive in
their computer network accessing capabilities than other cybercriminals.
That limits the real-world threats their cyberattacks pose relative to
traditional physical attack methods. For these reasons,
terrorist-originated cyber efforts tend to focus more on recruitment
initiatives and spreading their ideology, although this dynamic may
change as more technically competent generations enter their ranks.
In
some cases, terrorist organizations will hijack and use a victim’s own
computing resources to conduct large-scale botnet attacks against other
targets.
Here’s
how it works: The adversary harnesses the computing power of the
devices under their control to perform distributed denial-of-service
(DDoS) attacks against a designated target. Any IoT device connected to
the Internet is susceptible and could be used in a global attack against
a specific target.
In
2016, one type of malware, called Mirai, pointed 10 million devices
towards Dyn, a Domain Name System (DNS) service acting as a large
Internet “phone book provider.”
The
effect was widespread: The attack resulted in popular websites like
Reddit, Spotify, and Twitter shutting down for several hours.
Bad
actors can obtain your computing resources through a couple of
different methods, including implanting malware on your devices when you
visit a malicious website, click on a link, or open an infected
attachment in an email.
They
can also gain access by scanning for vulnerable Internet of Things
(IoT) devices with weak or default admin password credentials that have
not been changed to something stronger.
The
global War on Terror has forced terrorist groups to decentralize their
operations and avoid extensive online coordination. In this environment,
cyber-attacks require terrorists to assume elevated levels of risk that
can prompt electronic surveillance to detect their activity.
Late
last year, for example, authorities intercepted a Maryland resident man
communicating with the Islamic State’s radicalization network,
successfully thwarting an attack on the National Harbor area.
Most
states and their respective defense departments have a significant,
near-monopolistic grip, on their nation’s cyber capabilities, a dynamic
that has prevented successful cyberterrorist attacks while allowing
other resources to focus on tackling the underlying, localized causes of
terrorism.
There
is an attached risk, however, that states with a track record for
illicit cyber activity could leverage cyber terrorists as an opportune
way to achieve their own goals.
Bottom
line: How do you protect yourself and your loved ones against
cyberterrorists? By securing digital devices, questioning the legitimacy
of inbound communications and taking additional steps to protect data
that can be weaponized against us. We need to review and improve our
‘cyber hygiene’ as individuals, a society and as a collective economy.
Bart
McDonough is CEO and Founder of Agio, a hybrid managed IT and
cybersecurity services provider servicing the financial services, health
care and payment industries.
Source: https://finance.yahoo.com/news/terror-groups-hacktivists-want-money-183407808.html
Comments