Ethiopia’s Information Network Security Agency (INSA) reported that extensive cyberattacks were carried out on government and non-government sites. Beginning July 2021, the authority has encountered more than 3400 cyberattack.
With this act, hackers targeted government websites, financial and service providing institutions, regional bureaus, academic institutions, media houses, publishers, private and non-governmental organizations, security agencies, communications and websites of public service agencies, as well as information technology infrastructure.
They all claimed the art of a massive cyberattack by “Cyber Criminals” targeting to diminish and destroy Ethiopia’s political, economic, social and technological infrastructure. It was also reported that the most repeated attacks were on infrastructure.
The attackers were groups that wanted or would like to put pressure on the country due to several reasons, amongst them being the Grand Ethiopian Renaissance Dam (GERD).
The Ethiopian News Agency reported that the cyberattacks were plotted by the “Cyber_ Horus Group.” This attack was interpreted as the expression of animosity towards the GERD, as the dam grew and progressed in its function as well. Another group of cyber attackers were ET-HUNTER. But irrespective of where the hack comes from, both have tried to hack websites of government and private organizations.
Global Cyberattack and Cybersecurity
Malicious cyber activities increased enormously especially since 2020 with the coronavirus pandemic forcing people to work from home. Ransomware spread during that time.
Working from home becoming a mandatory for most meant that data had to be transferred over networks and longer distances than it used to travel.
Companies had to be active by assigning highly experienced IT professionals to control the data transfer and protect employees from vulnerabilities. Although some companies have made it practicable by offering their employees remote working, telework and distance working possibilities, it also has brought a comparatively big challenge for big companies, to shield themselves from cyberattacks.
Currently, cloud-based applications are installed on workstations, like Word Microsoft Office 365, where employees store all business data/files on its cloud server.
The function of this application makes it possible to connect any home computers without internet with other computers. Employees have access to these cloud servers with the possibility to participate in videoconferences and file sharing.
However, hackers infiltrate the digital system, run by any company and insert a malware into its code. By the time the companies update their software, the virus spreads instantly to thousands and thousands of clients and networks.
In most cases, the hacked computer or router shows no signs of the virus, remaining undetected until the victims either individuals, groups or companies, discover data had been stolen. By hacking servers a person can disorder commerce, energy supply, bank account, take money out of owners account, steal data and lock-out users.
Botnets require a command-and-control server. The information flow of the hack is in a triangle form. These are: servers, hacker’s machine and victims’ machine.
For instance, a malicious code is sent by e-mail or embedded in a website. The action starts when someone downloads an attached file or makes an attempt to click on a link or a file, which will infect the victims computers.
For many professionals tracking cyber attackers or responding to cyberattacks in a short period of time is absolutely impossible. A Cyber Physical System includes information infrastructure facilities like equipment’s and communications that are integrated to provide cyber services. Cyberattack, known as cyber kinetic attack, targets cyber physical systems, causing damage. It is a cyber warfare which differs from military conventional warfare, through its type and force.
The attack ranges from disruption to destruction. There are technical issues that inform cyberattacks are in most cases anonym. They can occur over shorter regions or transit through several state boundaries, known as botnets. Controlled remotely, they apply malicious software that infects, control and give a remote command to extract, corrupt or insert data into each infected computer.
Espionage, as well as politically motivated cyberattacks have existed and been analyzed for quite a long time. By filtrating networks, hackers immerse themselves into the systems and networks of specific country, companies, governments, as well highly sensible infrastructures to take away crucial data.
In the year 2021, the top mostly affected branches were businesses, hospitals, finance, healthcare and technology. There were also reports of a destructive wiper malware targeting armed forces, police, and intelligent service networks and computer peripheries. In the past, some providers of high-tech satellite broadband services were also hacked.
Some cyberattacks were even carried out on pipelines, supermarket chains and energy services. Critical infrastructure like telecommunications and transportation around the globe have long been vulnerable to attacks. Several National Cyber Security Centers issued warnings that millions of computer routers, firewall, and other devices were all hit by cyberattacks.
War and peace in the Cyber world
In the last 50-60 years, conflicts have occurred due to several reasons with war breaking out between two or more sovereign states. If the situation does not change, cyber conflicts could also lead into conventional wars with the boundary between conventional and cyberwarfare becoming blurred.
Traditional war is defined in the Geneva Convention. But in case of cyberwar, it is moot. The world needs to ultimately reform the Geneva Convention in order to include cyberwars which does not have borders.
What should be done?
Bringing together high caliber experts from various walks of life, training and exercising in the areas of cyber technology, strategy, operations and law are helpful. Another possibility is to enroll those hackers by paying them excellent income to defend, rather than exploit.
Political, economic as well as technically cooperating allied states should be encouraged to assess anti-cyber conflict programs. It can be in terms of technical work, computer programing experimentation, network analysis, pragmatic defense and response measurement methods that can improve security.
In order to create accountability, there must be globally agreed norms. These international norms specifically done to prevent or avoid cybercrimes should be applied or practiced, when norms are jeopardized and breached. These norms must have implementations, stating acts and consequences of their activities.
It will also be very helpful if countries discuss more often about cyber issues. Dialogues are highly substantial and several countries are not technically up to date. They need assistances to help themselves, to investigate and instantly protect their borders, and be free from malicious activities. For this, a high technical capacity enhancement is needed.
Computer design and implementation
In previous years, cyberattack were identified as limited attacks, with a single system attacked. But with superior digital technologies; the Cyber-Kinetic Attack becomes more severe and wider in scope.
With the help of sophisticated objects like software, routers and the like, a computer can run and exchange data around the globe. The cyberattack is targeted to damage the physical system by exploiting vulnerable information and work processes to the system.
Countries with high probabilities of cyberattacks require rigorous testing to assure the security of the technologies. A secure design and implementation of computer technology is required to fight against cyberattacks.
Entities, manufacturers and internet service providers are at the forefront to defend and protect from cyberattacks. They must work hard to support policymakers and lawyers, to deal with vulnerabilities in the cyberspace.
International law is required as a countermeasure and self-defense. Individuals or groups engaging in unlawful actions, should face serious punishments.
Attribution will make clear to the actor that their actions will be seen and addressed. Moreover, cyber attribution is not a technical challenge rather a policy one. In order to prevent the attacks, legal solutions are required. Punishment should follow irrespective of a single person, group, company or government. In addition to these, multilateral process to combine the activity and responsibilities of the society with internet governance are one of the remedies of cyberattack.
There are governments, organizations and private firms that give assignments to individual actors to handle cyberattacks illegally. They all have to be brought to justice, provided there is a solid international cooperation. A serious investigation, prosecution, and conviction, is required for those who initiate, participate and facilitate in cyberattacks.
A well-defined and reasonable punishment that adequately reflects the reality of how cyberattacks damage economies, and social and political advancements must be inscribed. The law has to be accepted by each citizen to avoid malicious cyberattacks.
Global norms should also be established and exercised. Well defined and articulated cyber strategies should be introduced for the information society worldwide and law enforcement collaboration among countries on cyberattack and cyber strategies/cyber defense embedded on mutual concern, should be intensified.
(Gedion Getahun (PhD) is a professor at the Mainz University and is a Nuclear & Radioanalytical Chemist.)
Contributed by Gedion Getahun