Cyber Terrorism: What It Is and How It’s Evolved
What is cyber terrorism?
- An actor or actors with three unique attributes: nonstate, terrorist, and clandestine
- A motive, which may be ideological, social, economic, or political
- An intent to induce or coerce some action, effect change, further objectives, or cause interference
- The means to commit the act, which includes using a computer and network to access cyberspace and cross borders to commit acts of cyber warfare or crimes, including cyberattacks and threats of attacks
- An effect, most commonly violence, service disruptions, physical damages, psychosocial impacts, economic damages, or data breaches
- A target, most commonly civilians, information and communication technology (ICT), data sources, government agencies, nongovernment organizations, or physical infrastructure
Major cyber terrorism attacks and attempts
- Information technology firm SolarWinds was the victim of a cyberattack that went undetected for several months, as Business Insider reports. Hackers widely believed to be operating in Russia were able to spy on private companies, including security firm FireEye, and many government agencies. In April 2021, the U.S. government implemented sanctions on Russia as a result of the attack.
- Insurance firm CNA Financial reportedly paid hackers $40 million in March 2021 after being the victim of a ransomware attack that locked the company’s computer networks and stole data, as reported in Bloomberg. The attack did not breach the majority of policyholder data, according to the company.
- IT services firm Kaseya announced in July 2021 that it had been the victim of a cyberattack by the REvil ransomware, as explained on ZDNet. The attack breached the company’s supply chain software, resulting in ransomware attacking between 800 and 1,500 of the small managed service healthcare providers that are among Kaseya’s customers.
- Mobile service provider T-Mobile announced in August 2021 that it was the victim of a cyberattack that compromised the personal information of 13 million customers and an additional 40 million people who had applied for an account with the company, as Fortune reports. The attack marks the fourth time in as many years that T-Mobile has had its customer data hacked: twice in 2020 and once in 2018, when the data of about 2.5 million customers was exposed.
Cyber terrorism targets and attackers’ motivation
- Confidential information from U.S. government agencies
- Sensitive personal data
- Access to IT infrastructure
- Financial payment systems
- Trade secrets and other intellectual property
- Email addresses, user IDs, and passwords
- Customer databases and financial data
- Client lists
- An increase in attacks on supply chain software: The two most common forms of attack are those designed for well-defined targets looking for holes in their list of suppliers, and those that leverage holes in large distribution networks to use software supply chains to target as many victims as possible.
- Phishing email attacks become more evasive: Social engineering techniques continue to gain in sophistication, finding new ways to bypass email security. The attackers frequently use blackmail to extort money from victims, or they may elude detection by impersonating someone the victim knows.
- More attacks on data stored in the public cloud: As more organizations and individuals take advantage of the low cost and security of public cloud services, cyber terrorists and cybercriminals target these systems in their attacks. A primary source of cloud data breaches is misconfigured cloud environments.
- Attacks on mobile devices: Malware designed to attack computer networks and computer users are being adapted to strike people who use mobile devices. Checkpoint Software notes a 50% increase in the penetration of banking malware in mobile networks between 2018 and 2019. The malware has been found in mobile apps, where it can steal payment data, credentials, and the victim’s funds.
History of cyber terrorism
- In March 1999, the Melissa virus “began spreading like wildfire” across the internet, according to the FBI. Melissa targeted Microsoft’s Word word processing software and Outlook email software to automatically send messages to the first 50 people in the victim’s contact list. The virus was created by David Lee Smith and was intended not for financial gain but to cause havoc. Melissa damaged email servers at hundreds of corporations worldwide, temporarily knocking out access to about 1 million email accounts.
- In May 2007, government agencies and private businesses in Estonia were the target of massive, weeks-long cyberattacks after the government removed some Russian World War II memorabilia from the city of Tallinn. The distributed denial-of-service (DDOS) attacks caused Estonia’s largest bank to shut down, resulting in about $1 million in damage. Analysts suspect that the Russian Federation supported the attacks, although Russia denies the charge.
- In August 2013, a hacker group called the Syrian Electronic Army took over the websites of the New York Times, Huffington Post, and Twitter by breaching the network of MelbourneIT, an Australian internet service provider that manages corporate domain names. The group had previously targeted the websites of the Washington Post, CNN, and Time. The motivation for the attack was reprisal for criticism of Syrian president Bashar al-Assad.
- In May 2017, the WannaCry ransomware attack struck Microsoft Windows systems, demanding $300 in Bitcoin (later increased to $600) from victims to regain access to their computer files. Months before the attack, Microsoft had issued a patch for the vulnerability exploited by WannaCry, but many users had not updated their system to protect against the attack. A fault in the code of the virus prevented victims from recovering their files even if they paid the ransom.
Cyber terrorism attacks have become more sophisticated
- On February 5, 2021, hackers used a hole in an old version of Windows to break into the network of a Florida water treatment plant and boost the levels of sodium hydroxide (lye) to lethal levels. The attack was thwarted before any damage could be done by an operator who noticed the change and corrected the levels. However, the attack highlights the vulnerability of water systems and other vital infrastructure in the U.S.
- The FBI now considers ransomware as grave a danger to U.S. interests as terrorism in the aftermath of the attacks of Sept. 11, 2001, as the New York Times reports. The agency is currently analyzing 100 different software variants used in ransomware attacks by criminal gangs and by groups operating within China and Russia. Analysts expect more damaging attacks to target critical infrastructure in the U.S.
- In October 2021, the U.S. National Security Agency (NSA) warned businesses against using wildcard Transport Layer Security (TLS) digital encryption certificates to guard against a new type of malware called ALPACA (Application Layer Protocols Allowing Cross-Protocol Attack). ALPACA infiltrates hardened web applications via non-HTTP services that use a certificate identical to or similar to a TLS certificate. The technique tricks web servers into responding to encrypted HTTP requests using unencrypted protocols.
Resources on the history of cyber terrorism
- Forbes, “Russia Has Carried Out 20 Years of Cyber Attacks That Call for an International Response” — The country’s attacks on U.S. interests began in 1996 with the release of the Moonlight Maze cyber espionage campaign that targeted the Department of Energy, NASA, and other government agencies.
- Security, “Notorious Cybersecurity Attacks in History and How to Prevent Them” — This article describes cyberattacks including those targeting NASA and the U.S. Department of Defense in 1999, and the World Health Organization (WHO), the National Institutes of Health (NIH), and the Gates Foundation in 2020.
- Center for Strategic & International Studies, “Significant Cyber Incidents Since 2006” — This timeline includes incidents that have been linked to cyber terrorists and criminals operating in China, Iran, Brazil, Russia, and North Korea.
Examples of cyber terrorism
Hacktivism and cyber terrorism
Cyber warfare and cyber terrorism
Types of cyber terrorism attacks
- Government: 47 attacks from January to October 2021
- Education: 35 attacks
- Healthcare: 33 attacks
- Services: 28 attacks
- Technology: 27 attacks
- Manufacturing: 22 attacks
- Retail: 13 attacks
- Utilities: eight attacks
- Ireland’s Health Service Executive refused to pay the attackers’ $20 million ransom demand. The attack disrupted healthcare services in the country for several weeks.
- German chemical distributor Brenntag paid a $4.4 million ransom demand to the criminal gang DarkSide. The attackers encrypted devices on the company’s network and stole unencrypted files.
Resources on cyber terrorism techniques, motives, and perpetrators
- U.S. Department of Homeland Security, “Strategic Framework for Countering Terrorism and Targeted Violence” — This report describes the DHS Cybersecurity and Infrastructure Security Agency that works with states to shore up vulnerabilities in public communication and transportation networks.
- Cisco, “What Is a Cyberattack?” — Among the topics discussed in the article are botnets, SQL injection, zero-day exploits, and DNS tunneling.
Effects of cyber terrorism on businesses and individuals
- Society’s growing dependence on technology makes everyone more vulnerable to attacks on government services, healthcare systems, transportation networks, and communication systems. Solutions become more difficult as national boundaries dissipate and distinctions blur between physical and digital realms.
- Inconsistent and outdated regulations complicate enforcement and help criminals avoid prosecution.
- The growing interdependence of industrial and financial systems makes organizations and individuals more dependent on third parties whose accountability is uncertain.
- The level of expertise in the data security industry can’t keep pace with advances and innovations of cybercriminals. This leaves organizations and individuals reacting to cyberattacks rather than preventing them.
- The likelihood that a cybercriminal will be caught and convicted is estimated to be as low as 0.05% in the U.S., according to figures compiled by Third Way. Cybercrime enforcement needs to be addressed internationally.
Statistics on cyber terrorism attacks and computer security costs
- The average cost to an organization of a single breached data file was $161 between May 2020 and March 2021 (up from $146 in the previous annual timeframe), according to IBM’s Cost of a Data Breach Report 2021.
- The average total cost of a data breach to an organization in the U.S. was $9.05 million between May 2020 and March 2021; the global average cost per organization was $4.24 million.
- These are the most common types of data compromised in a breach, according to IBM:
- Customer personally identifiable information (PII): involved in 44% of all breaches
- Anonymized customer data: 28%
- Intellectual property: 27%
- Employee PII: 26%
- Other sensitive data: 12%
- The average amount of time required for an organization to identify and contain a data breach was 287 days during the May 2020 and March 2021 timeframe (up from 280 days the previous year).
- Gartner estimates that companies will spend more than $150 billion on computer security in 2021, which is 12% more than the $134 billion they spent in 2020.
- McAfee reports that the noncash damage done by a cyberattack includes opportunity costs of resources that are idled by the attack, and the added system downtime, which represents a cost to organizations that averages $590,000.
- DDOS attacks increased by 11% in the first half of 2021 from the first half of 2020, reaching a total of 5.4 million.
Resources on the impact of cyber terrorism
- Government Technology, “Data Breach Numbers, Costs and Impacts All Rise in 2021” — Topics include whether a ransomware attack is a data breach, and the costs of data breaches to U.S. organizations and overseas firms.
- CNN, “Hackers Have a Devastating New Target” — The implications of increasing cyber terrorism attacks on physical infrastructure in the U.S. are discussed here.
Cyber terrorism prevention tips
Cybersecurity best practices
- Minimize data transfers: Avoid replicating data on too many systems, especially mobile devices. Doing so limits the potential damage should an individual system or device become compromised.
- Verify download sources: Restrict the sites you download software and files from, and scan files for viruses before downloading (most browsers and other software perform a virus scan automatically, but the programs aren’t foolproof).
- Keep software and systems patched and updated: The one action that will prevent the greatest number of potential malware threats is ensuring that software is set to update automatically. When prompted that an update is available for operating systems or other critical software, download and install the update as soon as possible.
- Use end-to-end encryption and two-factor authentication: Set browsers and other software to encrypt all communications automatically. Using a virtual private network (VPN) service adds a level of protection for extremely sensitive data transfers. Two-factor authentication requires that a cyberattacker gain access to two of your devices, such as your computer and smartphone, for a successful attack.
- Choose effective data breach monitoring tools: Enterprises use an average of 29 separate security monitoring tools, according to a report from Trend Micro, yet many are unused or underused because they can’t be integrated, companies lack employees with the expertise to use them, they’re out of date, or the firms simply don’t trust them.
- Devise an attack response plan: The plan is intended to ensure that the organization can continue to function in the aftermath of an attack. The plan can also reduce system downtime by delegating responsibilities clearly to avoid gaps and delays in plan implementation.
Resources on cyber terrorism prevention and mitigation
- PurpleSec, “How to Prevent the Top Cyber Attacks in 2021” — This article contains information on performing vulnerability assessments, conducting penetration testing, securing information and event management (SIEM), and using intrusion detection and prevention software.
- Reuters, “Ransomware State of the Union: Regulations, Trends and Mitigation Strategies” — Topics include the Office of Foreign Assets Control’s recent advisory on ransomware payments and reports on cybersecurity published by the Securities and Exchange Commission and the Financial Industry Regulatory Authority.