INVITATION TO CYBERSECURITY 88 In an email spoofing attack the hacker changes the “From:” field in an email to make it appear like the email came from someone else. This is similar to hacking into a person’s social media account and posting messages on their behalf. In both of these cases, the attackers alter data without authorization. An especially damaging form of an alteration attack is modifying data with the goal of undermining trust across an entire system. This type of attack could be used against electronic voting systems. The goal is not necessarily to sway the vote in one candidate’s favor or another, but to create chaos as citizens realize that the election results are not reliable. This could cause significant harm because democratic governments depend on trustworthy elections. A hacker who gains access to a system and starts changing records at random could cause significant consternation and trigger an expensive investigative process. 4.1.4.3 Denial Some cyber attacks involve denying legitimate users access to their data and computing systems, like the DoS attacks we covered in Section 4.1.2.2. Stuxnet was a denial attack that destroyed physical equipment as an act of sabotage. The Morris Worm also ended up being a denial attack because it crashed systems by exhausting their resources. Denial attacks harm victims by disrupting their ability to do business and costing them time. Ransomware is an example of a denial attack. Ransomware is a type of malware that encrypts the data on the victim’s computer or network making it inaccessible without the decryption key. The attackers then post a digital ransom note offering to provide the key in exchange for money, usually in the form of cryptocurrency. Depending on the financial capacity of the victim, ransom demands can be tens of millions of dollars. In some cases, victims of ransomware can ignore the ransom demand and recover the data themselves from backups. In other cases, the hackers are able to gain access to the backups as well and either encrypt them, too, or just delete them. Victims of ransomware attacks sometimes pay the ransom because it is cheaper than the costs they would incur to recover the data themselves. When ransoms are paid, cyber attackers usually provide the decryption key to the victims. This is just smart business—if hacking groups gain a reputation for not providing the key after payment, then future victims would not pay ransoms. Wiperware is another form of malware that falls into the denial category. Wiperware deletes (in other words, wipes) data from victim machines. In some cases, wiperware may also cause physical damage to computer systems and render them useless. Saudi Aramco, a huge Saudi Arabian oil company, was hit with a wiperware attack in 2012 that destroyed tens of thousands of machines and hard drives, causing millions of dollars in damage. Logic bomb attacks are a denial attack often perpetrated by disgruntled insiders. In a logic bomb attack, the hacker plants malware and sets it to “detonate” at a later date. This provides the hacker with an opportunity to distance himself from the attack. When the
RkJQdWJsaXNoZXIy MTM4ODY=