Open in app

Sign in

Write

Sign in

Who are our enemies in cyberspace?

Ramazan Ustuntas
7 min readJan 30, 2022

--

Do you want to get to know your enemies on the Internet?

What do these enemies want from us?

What are their purposes?

With this article “Why networks and data are being atacked?” I’ll clarify this question.
First of all, let’s talk about the scenarios of war stories that are common around you or have a very high potential to be experienced.

War Stories Scenario-Hijacked People

Alice stopped by her favorite cafe to get her afternoon drink. She placed her order, paid her cashier, and Alice waited while the baristas began to prepare her drink fervently. Alice took out her phone, turned on the wireless client and connected to what she thought was the cafe’s free wireless network.

However, a hacker sitting in a corner of the cafe had set up an open “rogue” wireless access point that pretended to be the cafe’s wireless network. When Alice logged in to her bank’s website, the hacker hijacked her session and gained access to her bank accounts. Another term for fake wireless access points is “evil twin hotspot”.

War Stories Scenario- Ransomed Companies

Bob, who works in the finance department of a large publicly traded company, receives an email from his CEO with an attached PDF. The PDF relates to the company’s internal revenue earnings. Bob does not remember that his department created the PDF. His curiosity is piqued, so he opens the attachment.

The same scenario continues to be played out throughout the organization with the successful persuasion of dozens of other employees to click on the attachment. When the PDF is opened, ransomware is installed on employees’ computers and starts the process of collecting and encrypting corporate data. The purpose of the attackers is to make financial profit, because they hold the company’s data for ransom until payment is made. Attackers contact the company and ask for a ransom(usually cryptocurrency) for the data they have encrypted. The amount of this ransom may vary depending on the importance and size of the data they encrypt.

War Stories Scenario- Targeted Nations

Some of today’s malware is so complex and expensive to create that security experts believe that only a nation-state or a group of nations can have the influence and financing to create it. Such malware can be targeted to attack a country’s vulnerable infrastructure, such as its water system or power grid.

That’s the purpose of the Stuxnet worm I was talking about, which infected USB drives. These drivers were transported to a secure facility through Iranian employee and supporter firms. Stuxnet is designed to infiltrate Windows operating systems and then target the Step 7 software. Step 7 was developed by Siemens for programmable logic controllers (PLCs). Stuxnet was looking for a special model of Siemens PLCs that control centrifuges at uranium processing plants. The worm was transmitted from infected USB drives to PLCs and eventually damaged many of these centrifuges.

The perfect structure of this scenario and the codes made most people, especially security experts, think that there is a government behind this malware, and that such large and flawless malware was only made with state support.

Zero Days, a film released in 2016, documents what is known about the development and deployment of the Stuxnet targeted malware attack. If you are excited about this scenario and it has caused you curiosity, I highly recommend you to watch it.

Threat Actors

I have given examples of many scenarios above, from attacks targeting an individual to attacks targeting a state. So what threat actors are behind the attacks? Who is carrying out these attacks and why? Let’s talk about this.

Threat actors include but are not limited to amateurs, hacktivists, organized crime groups, state-sponsored and terrorist groups.“Who are the threat actors?” we can answer the question as follows; Threat actors are individuals or groups of individuals who have carried out a cyber attack. We can also explain the term ”cyber attacks” as follows; Cyber attacks are deliberate malicious actions that are intended to adversely affect another individual or organization.

Known threat actors:

  • Amateurs: Amateurs, also known as ”script kiddie”, have little or no skills. To launch attacks, they usually use the available tools or instructions available on the Internet. Some are just curious, while others are trying to show their skills by doing harm. Most operating systems and device manufacturers prevent attacks by closing this vulnerability with security patches that they have made. But even if amateurs use basic tools, the consequences can still be devastating.
  • Hacktivists: Hacktivists are hackers who protest against various political and social ideas.Hacktivists publicly protest against organizations or governments by publishing articles and videos, leaking sensitive information, and disrupting web services with illegal traffic in distributed denial of service (DDoS) attacks.
  • Financial Gain: Most of the hacking activities that constantly threaten our security are caused by financial gain. These cyber criminals want access to our bank accounts, personal data, and anything else they can use to generate cash flow.
  • Trade Secrets and Global Politics: Over the past few years, we have heard many stories about nation-states hacking other countries or otherwise interfering in domestic politics. Nation states are also interested in using cyberspace for industrial espionage. Intellectual property theft can give a country a significant advantage in international trade.
    Defense against the fallout from state-sponsored cyber espionage and cyberwar will continue to be a priority for cybersecurity experts.

You may often hear about people whose social media accounts have been stolen in your immediate vicinity, or about the seizure (leakage to the Internet) of huge amounts of data of organizations and institutions, as well as many cyber-focused attacks such as these. Such events remind us again and again that cybersecurity is an important issue in an individual, corporate and national sense. Of course, it is possible to prevent such attacks before they occur, to take precautions (although there is no certainty). Many institutions and organizations have a cybersecurity Operation Center (SOC) teams that they have to protect themselves from the economic impact of cyberattacks, their reputational damage, and take precautions in advance. It is difficult to determine the exact economic impact of the cyber attacks that have occurred. However, it is estimated that businesses will lose more than $ 5 trillion annually by 2024 due to cyber attacks. For this reason, enterprises have serious investments in cybersecurity.

I would like to end this article by talking about how we can stand strong in the face of these cyber attacks personally, not about the measures taken by large enterprises or governments.

I will mention three password rules that I also had difficulty applying, but which I described as “This trio is magnificently strong”:

1- You must set long and complex passwords that are difficult to guess.
2- You must create a separate password for each account you use.
3- You should change your passwords frequently.

In addition to this amazing trio:

  • You should check your accounts regularly: If your passwords have been stolen by threat actors in some way, there will definitely be transactions in your accounts that are not yours. It is very important to notice this abnormality early and change your password. Especially checking your bank accounts regularly…
  • You should not save your passwords: The browser you are using has an automatic password saving feature. Unfortunately, this application, which saves speed and time in your transactions over the Internet, can set the stage for your password to be stolen during cyber attacks.
  • You should clean your browser’s cache memory frequently.
  • Cafes, restaurants, etc. you should be careful when using free Wi-Fi networks in environments.
  • You should not trust websites that do not have SSL certificates.
  • You should not make purchases or open the contents of emails that you do not know the source of.
  • Instead of transferring files via USB, you should use cloud technologies.
  • You should avoid using unverified applications whose developer is unknown.

I appreciate you reading this article. I hope that I have awakened a different perspective and approach to your life regarding security. I wish you a healthy and safe life. I’ll see you in my next article. Good Bye…

Threat Actor
Secure Passwords
Social Media Hacks
War Stories
Preventing Cyber Attacks

--

--

Ramazan Ustuntas

Written by Ramazan Ustuntas

1 Follower

I am as interested in cybersecurity as I am in software development. In this field, I am improving myself with my research and the courses I am taking.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams