4. The Need for Cybersecurity: Cyber Attacks 85 goal to pivot to and infect the computers that controlled the uranium centrifuges. From there, the malware caused the centrifuges to self-destruct by forcing them to operate outside of safe operating conditions (more on Stuxnet and nation state cyber conflict in Section 10.3.3). Figure 4.5 Nmap showing that four devices were discovered on the local area network. 4.1.4 Actions on Objectives By this phase the attacker has gained unauthorized access and positioned himself to accomplish his goals. In cyber attacks, goals are sometimes known as actions on objectives. They represent the reason for the attack, and once the hacker accomplishes this step, he has met his primary objective. Actions on objectives fall into three broad categories. They are easy to remember with the acronym DAD: disclosure, alteration, and denial. 4.1.4.1 Disclosure A major objective of hackers is to disclose data. In this context, disclosing means that the hackers obtain access to data—it does not necessarily entail sharing data with others or even copying data. In some cases, viewing sensitive documents, pictures, and videos may be an end in and of itself. Some cyber attacks involve surreptitiously turning on the webcam or microphone on a victim’s computer so the attacker can spy on them. Surreptitious spying can also be performed for espionage purposes, whether by nation states or rival corporations.
RkJQdWJsaXNoZXIy MTM4ODY=