Page 117 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 117
ROBERT MIKAC, KREŠIMIR MAMIĆ, IVA ŽUTIĆ: CYBERTERRORISM THREATS TO CRITICAL INFRASTRUCTURE: COORDINATION AND
COOPERATION FROM BRUSSELS TO SOUTH-EASTERN EUROPE AND BACK
breaches by way of phishing (67%), weak/reused passwords (56%), unsecured devices (44%),
sharing passwords (44%) and unsecured WiFi networks (32%) (ENISA, 2019: p 72). An indi-
vidual usually leaks information by unintended disclosure (72.2%), while hacking or malware
is responsible for 27.1% of leakage and physical loss only 0.1% (ENISA, 2019: p 79). Most
data leakage incidents happen in governmental organizations (ENISA, 2019: p 81), such as
when the fitness tracking app Strava, via collected information, disclosed the locations of
US, Russian and UK secret military bases in Syria and Afghanistan (ENISA, 2019: p 82).
Cryptojacking is a relatively new cyber threat it but has already found its way to critical infra-
structure in Europe: “in February 2018, the first incident of cryptomining malware was found
in SCADA systems of a water utility” (ENISA, 2019: p 95).
Ransomware is a dire cyber threat that targets critical infrastructure, usually healthcare orga-
nizations, by ransoming medical devices. Unlike cybercriminals who create ransomware for
the ransom, the assumption is that nation-state actors create ransomware as a cover for cy-
berterrorism, like they did with the WannaCry (North Korea suspected) and NotPetya (Russia
suspected) attacks. WannaCry attacked mostly healthcare organizations, infecting more than
200,000 computers in 150 countries and collecting more than 312 ransom payments, and the
Boeing aircraft manufacturing company (ENISA, 2019: p 103). NotPetya mostly infected
computers in Ukraine, including those of the National Bank of Ukraine, while the ransom-
ware PyLocky targeted European countries in 2018. Nevertheless, we must be very careful
here about connecting cyberterrorism and states, because it raises the question of how much
we are willing to label a country with cyberterrorism.
Cyber espionage, a nation-sponsored type of cyber-attack, has been utilized in a more sig-
nificant amount in recent years against “industrial sectors, critical and strategic infrastruc-
ture across the world including government entities, railways, telecommunication providers,
energy companies, hospitals and banks”, and “focuses on driving geopolitics, stealing state
and trade secrets, intellectual property rights and proprietary information in strategic fields”
(ENISA, 2019: p 107). The most active and capable cyber actors in economic espionage in
the world are Russia, China and Iran, with North Korea not far behind. Some well-known
cyber espionage threat-groups or campaigns are ZooPark (targeted Android users in Asia
and North Africa and an independence referendum in Kurdistan); Powerstats and Pipefish
(targets users in West and South-West Asia, North Africa, and the Middle East); an Iranian
campaign, Myket, via updates in the marketplace; and Operation Parliament (infiltrating top
governmental, judicial, military and intelligence bodies, as well as large companies, mostly in
the Middle East and North Africa) (ENISA, 2019: p 111). Most critical for the EU is the Rus-
sian campaign APT28, which has targeted the Emmanuel Macron campaign, the Montenegro
Parliament, Embassies in Europe and Russia, and the European Defence Agency, as well as
compromising the networks of the German Bundestag, the French television network TV5
Monde, WADA (the World Anti-Doping Agency), FIFA (Fédération Internationale de Foot-
ball Association) and a Ukrainian military mobile app (Council on Foreign Relations, 2020).
Looking at the bigger picture, but also focusing on the Republic of Croatia, the Security and
Intelligence Agency of the Republic of Croatia states the following: “NATO and the EU mem-
bers are often under attack by malicious cyber campaigns aimed at undermining the protected
communications and information systems. The Republic of Croatia has been a target of a
series of cyber-attacks in recent years. These were the so-called APT attacks (Advanced Per-
sistent Threat) which are long-term undetected attacks characterized by high level of exper-
tise, highly complex organization and a plan of attack that includes careful targeting (govern-
117