Cyber-kinetic attack

Last updated

Overview

Gas Control System with Integrated Display and Controller Gas Control Systems, INC PSA.jpg
Gas Control System with Integrated Display and Controller

A cyber-kinetic attack targets cyber-physical systems and causes direct or indirect physical damage, injury or death, or environmental impact solely through the exploitation of vulnerable information systems and processes. [1] Notable attacks in this category in the recent past have targeted critical infrastructure facilities such as water treatment plants, [2] nuclear power plants, [3] oil refineries, [4] and medical facilities. [5] According to the United States Department of Homeland Security, the most significant cyber security threats to the United States are those targeted at the nation's critical infrastructure and sponsored by criminal organizations that are sponsored by other nation-states. [6]

Crossing the cyber-physical divide

In the early days of computing, security threats were typically limited attacks that caused destruction of data, or degraded access to computing systems or hardware. However, the last several decades have seen technologies—ranging from supervisory control and data acquisition (SCADA) to Internet of Things—which describe objects embedded with sensors and software and utilize the Internet to exchange data.

Such a system is termed as a Cyber-physical system. Such systems cross the traditional divide between purely in-computer systems (software) and real-life systems (physical systems), with algorithms being autonomously able to control physical systems.

One of the most notably cyber-attacks that had a physical impact, causing significant degradation of a target system, were the Stuxnet and Aurora worms.  The Stuxnet worm was first revealed in 2010 and specially targeted weaknesses in Programmable Logic Controllers (PLCs), devices in the SCADA category of systems.  Though it was never positivity attributed, it is widely believed that the malicious software was developed jointly by the United States and Israel to disrupt the Iranian nuclear enrichment facility at Natanz.  It has also been reported that Stuxnet and associated variants have infected more than 30,000 systems and had a lasting presence which was extremely difficult to eradicate and purify. [7]   Both malicious programs exploited Zero-Day attacks on Windows-based operating systems. [8]

As computing crosses the cyber-physical barrier, there is significant effort spent on 'smart' systems, for instance smart cities, smart homes, smart manufacturing and smart vehicles. In the context of cybersecurity, new threats are emerging that target these smart systems. The timeline of cyber-kinetic attacks attests incidents from as early as 1982. Such attacks on information systems that can have physical world impacts are a complete shift in paradigms within the cyber security community, though not unheard of. Many SCADA systems have been fielded up to 20 years ago have very little in the way of modern security protections that are instrumented.  

These types of attacks have the potential to bring a new dynamic forward in the concept of cyber warfare and the potential impact on electrical systems, financial systems, critical infrastructure, and communication systems.  Though, in reality, these types of attacks may have a closer relation to espionage or idealistically driven attacks, rather than overt warfare. Cyber-kinetic attacks should not be confused with the simple denial of an information system, such as Distributed Denial of Service (DDoS) attack. In these cases, such attacks merely deny access to an information system, where as a cyber-kinetic attack would deny access to a system by physically destroying part of a system or the entire system, rather than just communication access.

On July 10, 2022, an anonymous hacker named Predatory Sparrow launched a cyber-kinetic attack on a sanctioned Iranian steel company resulting in the infrastructure bursting into flames. [9] Then on June 7, 2022, Predatory Sparrow launched another cyberattack at the Iranian Parliament which lit parts of the parliament on fire. A public statement was shortly released by Iran's Prime Minister stated Predatory Sparrow had hacked into Iranian Parliament stealing confidential documents and then shortly after, the hacker set the Iranian Parliament facilities on fire. [10]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

SCADA is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a state

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

A blended threat is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.

The Central Intelligence Agency (CIA) has repeatedly intervened in the internal affairs of Iran, from the Mosaddegh coup of 1953 to the present day. The CIA is said to have collaborated with the last Shah, Mohammad Reza Pahlavi. Its personnel may have been involved in the Iran-Contra affair of the 1980s. More recently in 2007-8 CIA operatives were claimed to be supporting the Sunni terrorist group Jundallah against Iran, but these claims were refuted by a later investigation.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Mahdi is computer malware that was initially discovered in February 2012 and was reported in July of that year. According to Kaspersky Lab and Seculert, the software has been used for targeted cyber espionage since December 2011, infecting at least 800 computers in Iran and other Middle Eastern countries. Mahdi is named after files used in the malware and refers to the Muslim figure.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

The vulnerability of nuclear plants to deliberate attack is of concern in the area of nuclear safety and security. Nuclear power plants, civilian research reactors, certain naval fuel facilities, uranium enrichment plants, fuel fabrication plants, and even potentially uranium mines are vulnerable to attacks which could lead to widespread radioactive contamination. The attack threat is of several general types: commando-like ground-based attacks on equipment which if disabled could lead to a reactor core meltdown or widespread dispersal of radioactivity; external attacks such as an aircraft crash into a reactor complex, or cyber attacks.

SCADA Strangelove is an independent group of information security researchers founded in 2012, focused on security assessment of industrial control systems (ICS) and SCADA.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. The term has become established to demonstrate the technological and functional differences between traditional information technology (IT) systems and industrial control systems environment, the so-called "IT in the non-carpeted areas".

Schmitt analysis is a legal framework developed in 1999 by Michael N. Schmitt, leading author of the Tallinn Manual, for deciding if a state's involvement in a cyber-attack constitutes a use of force. Such a framework is important as part of international law's adaptation process to the growing threat of cyber-warfare. The characteristics of a cyber-attack can determine which legal regime will govern state behavior, and the Schmitt analysis is one of the most commonly used ways of analyzing those characteristics. It can also be used as a basis for training professionals in the legal field to deal with cyberwarfare.

Pipedream is a software framework for malicious code targeting programmable logic controllers (PLCs) and industrial control systems (ICS). First publicly disclosed in 2022, it has been described as a "Swiss Army knife" for hacking. It is believed to have been developed by state-level Advanced Persistent Threat actors.

Once a cyberattack has been initiated, certain targets need to be attacked to cripple the opponent. Certain infrastructures as targets have been highlighted as critical infrastructures in times of conflict that can severely cripple a nation. Control systems, energy resources, finance, telecommunications, transportation, and water facilities are seen as critical infrastructure targets during conflict. A new report on the industrial cybersecurity problems, produced by the British Columbia Institute of Technology, and the PA Consulting Group, using data from as far back as 1981, reportedly has found a 10-fold increase in the number of successful cyber attacks on infrastructure Supervisory Control and Data Acquisition (SCADA) systems since 2000. Cyberattacks that have an adverse physical effect are known as cyber-physical attacks.

References

  1. Ivezic, Marin (2015-03-31). "The World of Cyber-Physical Systems & Rising Cyber-Kinetic Risks - Marin". Cyber-Kinetic Security, IoT Security, CPSSEC by Marin Ivezic. Retrieved 2021-07-26.
  2. "Hacker tries to poison water supply of Florida city". BBC News. 2021-02-08. Retrieved 2021-07-26.
  3. Shalal, Andrea (2016-10-10). "IAEA chief: Nuclear power plant was disrupted by cyber attack". Reuters. Retrieved 2021-06-26.
  4. "Industrial Control Systems (ICS) | SANS Institute". www.sans.org. Retrieved 2021-06-26.
  5. "Medical Device Cyber Attacks: TV Plot or Dangerous Reality?". Drugwatch.com. Retrieved 2021-06-26.
  6. "Secure Cyberspace and Critical Infrastructure | Homeland Security". www.dhs.gov. Retrieved 2024-03-15.
  7. Greengard, Samuel (December 2010). "The new face of war". Communications of the ACM. 53 (12): 20–22. doi:10.1145/1859204.1859212. ISSN   0001-0782. S2CID   12917098.
  8. Matrosov, Aleksandr (September 2010). "Stuxnet under the microscope" (PDF). Retrieved June 26, 2021.
  9. "Predatory Sparrow: Who are the hackers who say they started a fire in Iran?". 2022-07-10. Retrieved 2024-08-12.
  10. "Iranian MP Confirms Hack Of Government Institutions". Iran International. Retrieved 2024-08-12.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.