Cyberweapon choice boils down to intent, capabilities

Cybercriminals often decide on their tool of choice based on the objective of their attacks, as well as what best fit their skills.

When choosing a cyberweapon to bring down systems and infrastructures, attackers consider their objectives, capabilities and cost, and these tools are likely to get more sophisticated and prevalent.

The choice of the type of attack often depends on the motivation and objective of the attacker, Righard Zwienenberg, senior research fellow at ESET Security, noted.

The motivation can be for criminal intent, stealing industrial secrets or state-ideology perpetration, while the objective can be to gather intelligence, get money or bring down infrastructure, he said, noting it is not different between countries.

Attackers also tend to use cyberweapons that they are familiar with, or are able to serve a specific purpose, Ngair Teow-Hin, CEO of security firm SecureAge, noted. For instance, the 2011 attacks from Russia with virus "Carberp"  mainly targeted banking systems because they have the capability to disable antivirus systems on user machines, he cited.

The most common attacks that can be deployed by hackers are the distributed denial of service (DDoS) attacks  which can be used to cripple enterprise Internet servers due to their ease of deployment while affecting numerous machines, Ngair observed.

On the other hand, advanced persistent threats (APTs) are the most sophisticated attacks and they create malware on user machines which communicate with their command-and-control servers to allow attackers to study the user machine and carry out specific attacks, he said.

Cyberweapons are also a more economical choice, he explained. Most do not possess the technology, hardware or capital to facilitate nuclear weapons, Zwienenberg observed. Using a cyberweapon not only "saves them money" but enables them to achieve their goals, he pointed out.

However, some weapons could be very expensive as well, he noted, citing that zero-day exploits and launching a cyberweapon by an individual from the underground community often involves a hefty sum, he said.

As such, price is a consideration in selecting which cyberweapon to use, he remarked.

Rise in usage and sophistication
Due to its economical benefits, there is bound to be an increase in cyberweapon usage, Zwienenberg noted, adding several countries have already declared they can or will employ cyberweapons as part of their attack, defense or intelligence gathering.

"We are looking at a new era where more devices, systems and infrastructure are connected to the Internet and where a targeted cyberattack can do the job without risking too many lives," he said.

They are also evolving rapidly to become extremely sophisticated, Ngair added. With the discovery of many state-sponsored cyberweapons over the past two years, cyberattacks can now learn from these advanced attacks and improve on their own attack techniques, he noted.

Techniques today, for example can enable attacks to compromise non-Internet connected machines and even impersonate a certificate administrator to allow the installation on end-user machines without being detected, he said.

Show Comments