When looking at cyber breaches, there are generally four important questions to consider. First, who is the actor? Second, what is their goal? Third, what is their target? And fourth, what is their tool?
Most potential perpetrators can be grouped into three categories.
Firstly, there is the insider. The insider generally has some understanding of the system, and is often able to physically access at least some of the technology. They tend to have some vendetta for whatever reason against the business, or otherwise just want to profit at the expense of someone else. A good example of an insider is Edward Snowden or Chelsea Manning, who both acted for political reasons.
Secondly, there are general hackers. They may work alone or be part of a larger group, such as Anonymous. Their motivations may include profit, a desire to bring attention to a certain issue (these people are often called ‘hactivists’) or, in their language, causing damage for the ‘lols’ (i.e. for their own personal enjoyment). Various examples of this exist, including the attacks on Kmart and David Jones last year (see our post here).
Thirdly, there are state-sponsored hackers. These are employed by the state to obtain information, and have the best interests of their home nation at heart. Although Chinese hackers have been prominent in the news recently, it should not be forgotten that the secret services of every government use this method to obtain information that would not otherwise be available.
Goals usually take one of four forms.
Firstly, the goal may be related to causing damage or disruption. This might involve deleting data, posting obscene content on its social media accounts or causing its website to ‘crash’.
Secondly, the goal might involve obtaining a profit. This profit can be derived by either blackmailing the person who has been hacked, using a person’s information to commit a fraud or selling confidential information to a third party.
Third, the goal may be to send a message. This is often the aim of hacktivists, and will usually take the form of taking control of a website or social media accounts.
Fourthly and finally, the goal may involve building to a bigger attack. Hackers often use the computers of others to either protect their identity or as tools that allow them to attack large systems that they lack the infrastructure to take on.
There are a range of potential targets for an attack in any given business, including everything from an individual staff member’s office computer to the password for a company’s Twitter account. These can either provide a gateway to useful information within a business’s network or provide access to a tool that can be used to serve the attacker’s purposes.
Nearly all technology exists so that it can be accessed, and all technology that can be accessed is vulnerable to being compromised. Security is necessary at all levels to prevent successful attacks.
Denial of Service refers to attacks which seek to make a computer or network unavailable. The most common version of this is a ‘distributed denial of service’ or DDoS. When using DDoS, an attacker will generally have access to various computers owned by members of the public (this is often done using a Trojan, see below). The attacker will cause for all of these computers to try and access a network or website at the same time, causing what is known as traffic. Whilst more traffic tends to mean more interest, which is a good thing for most websites, too much leads to a traffic jam. This, in turn, causes the website or network to crash because it cannot keep up with all the interest, denying the service to other people. It is generally used either to make a point or just for fun.
Malware is an umbrella term that refers to malicious software such as ransomware, Trojans and viruses, all of which are explained below.
Phishing. You know those annoying ads saying that you’ve won a prize or that Nigerian prince who has passed away and named you in his will? Attacks using these methods are known as ‘phishing’, as the attacker is attempting to lure you into giving them personal information that they can then sell, similar to a fisherman with a rod. These can often be much more complicated, and masquerade as more legitimate organisations (this is known as ‘spear phishing’, as it is more targeted). The ATO in particular has had some issues with this, and has a list of advice of how to detect a scam email. The motive here is nearly always profit.
Ransomware is a type of Trojan that allows an external attacker to encode all of the data on your computer so that it is no longer accessible, and then hold it hostage and promise to delete it unless you pay the ransom, often a few thousand dollars. It is used to make a profit off the person who has been attacked.
Trojans refer to the classical tale of the Trojan horse, where the Greeks infiltrated Troy inside a large wooden horse the Trojans believed was left as part of the Greek’s surrender. These programs similarly disguise themselves as legitimate software to trick users into downloading and installing them onto their system. Once installed, they allow an external party to use the compromised computer for their own purposes. This could be to crash the system, observe and record what information you plug into a website when making an online purchase or using your computer’s processing power and internet connection to assist in a DDoS attack, as outlined above. Motivations for using Trojans differ greatly, depending on the goal.
Viruses are the traditional tool that allows an attacker to breach cyber security. Like human viruses that cause ill health, computer viruses replicate themselves across networks, infecting every computer they are able to. Without proper antivirus software, they are usually difficult to detect until they have embedded themselves within the system. Unlike Trojans, viruses do not habitually provide control of the computer to another person; rather, the virus will contain computer code that causes the computer to do something without being prompted. This may be overt, like ads that pop up for no reason or sending spam from an email accessible through the system, or covert, like logging the keystrokes of the user, allowing the attacker to detect credit card numbers and the like. Like Trojans, the motivations for using viruses substantially differ.