A cyber attack is the manipulation of information systems, networks or data in such a way that compromises their availability, integrity or confidentiality.
Complex and simple attacks exist within the broad definition of a cyber attack. Complex cyber attacks are often conducted by groups supported in some form or another by nation-states. They are known as Persistent Threat Actors. Their targets include other governments, critical infrastructures, financial institutions, industries, academics, journalists, activists and NGOs. Complex attacks often follow a pattern of initial access, escalation of privileges, stealing credentials and then moving laterally within the target’s network to reach the desired data or system to deliver an effect. In the military, complex attacks differ between computer network attacks and computer network exploits: attacks target the availability or integrity of systems or data; exploitations refer to the infiltration of a system for the purpose of intelligence collection or later use in an attack chain.
Other kinds of attacks are simpler: some are even automated or opportunistic. For instance, this is typical of worms, which are standalone malwares that spread and replicate within a company or home network from the internet thanks to vulnerabilities in network security. This is how infamous ransomware or wipers such as WannaCry infected millions of computers so quickly. Criminal groups often initiate them with the goal of financial gains.
Lesser-known phenomena, such as intimate partner espionage and abuse, using stalkerwares or easily accessible espionage tools, also qualify as cyber attacks or cyber exploitation.
Examples of Cyber Security Incidents
Supply-chain (espionage): SolarWinds
In December 2020, the US government announced that Russian actors had hacked SolarWinds, a company that provides network management products and services to businesses and governments on a global scale. Russia’s foreign intelligence service had breached their most used network solution, Orion. The attackers pushed a malicious software update to Orion clients, allowing them to penetrate thousands of corporate and government networks. The company confirmed that more than 17,000 customers installed the compromised update. Known Orion users include most Fortune 500 companies and most of the US government.
Advanced DDOS (likely geopolitical disruption): BelNet
In May 2021, Belgium’s largest Internet Service Provider (ISP) Belnet suffered a massive attack that saturated its network in successive waves for over 24 hours. Among two hundred affected organisations, the distributed denial of service (DDOS) attack paralysed national and local government websites, COVID vaccination booking systems and online university platforms. DDOS attacks’ only purpose is to saturate servers with requests, making them unavailable to genuine users. They do not modify, delete or steal data on their own. Some Belgian politicians accused the Chinese state of being behind the attack, as a prominent Uighur activist was supposed to testify to Parliament that day.
Ransomware on critical infrastructure (criminal extorsion): Colonial Pipeline
Colonial Pipeline, a company that manages oil pipelines in the US, was hit by ransomware in May 2021. Consumers panicked when the company announced the ransom attack, and scenarios of fuel shortages made the headlines. Indeed, the pipelines affected by the malware play a crucial role in delivering oil from Texas to the eastern United States. A Russian ransomware gang, DarkSide, was responsible for the attack.
Ransomware on government organisations: Costa Rica
In May 2022, Costa Rican President Rodrigo Chaves declared a national emergency following cyber attacks from the Conti ransomware group on multiple government bodies. The public body that first suffered damage was the Ministry of Finance, though the scope of the security incident is not yet fully known, including to what extent taxpayers' information, payments, and customs systems have been impacted. Conti is a Ransomware-as-a-Service (RaaS) operation linked to the Russian-speaking Wizard Spider cybercrime group.