Although apparently invisible, cyberwar operations are very frequent. Here are the preferred methods of attack by "state hackers"
The name cyberwar identifies all those activities aimed at causing damage to computer systems of all kinds. Unlike "normal" cyber attacks, these are actions carried out with precise political-military purposes by special military apparatuses or by cyber criminal organizations financed, however, by governmental entities.
Also known as cyberwarfare or cyber warfare or cybernetic warfare, these are real military operations fought within the cyberspace through the Internet backbones usually used to visit websites and access e-mail. Cyberwar, although similar, must not be confused with the terrorist use of the Net, with cyberespionage or with "normal" cybercrime. The purposes and, above all, the subjects involved in the various types of cyber attacks are completely different.
What is cyberspace
The domain of cyberspace is composed of all the computers and network infrastructures used to connect them and thus allow the exchange of data and information even hundreds (or thousands) of kilometers away. Western countries (but not only, by now) rely heavily on the systems that make up cyberspace: practically every aspect of our daily lives depends on the correct functioning of one or more of these infrastructures. It is understood, then, that threats in the cyberspace domain have a direct and immediate correspondence in the physical world.
Attacks in cyberspace: how cyberwarfare unfolds
As it is conceived, cyberspace can be divided into three different layers: physical, syntactic and semantic, At the physical level we find computers, servers, computing devices in general, cables, satellites and other infrastructures necessary to keep the lines of communication active; to the syntactic level belong the applications and other software solutions that provide the instructions for the proper functioning of the systems present at the physical level; in the semantic level are included the human interactions with the systems of the physical and syntactic level and with the information they generate, Although in different ways, all three levels are vulnerable and, therefore, possible targets of cyberwarfare.
Attacks on the physical layer can be conducted through "normal" warfare operations, using conventional weapons and strategies. This leads to the physical destruction of various hardware or telecommunications infrastructures, so as to render them unusable and cripple - from a cyber perspective, but not only - the adversary. In some cases, it is also possible to kill whoever controls or uses the information systems, in order to make them unusable. Attacks of this kind occurred during the War of former Yugoslavia (in 1999) or the second Gulf War (2003), when the communication and information infrastructures of Serbia and Iraq were destroyed or severely damaged.
Syntactic level attacks, while pursuing the same goal as the attacks of the previous level, involve the use of only cyber weapons. In this case, computer systems are attacked using different types of malware, depending on the damage they want to cause: viruses and cryptolockers can be used to destroy all data on hard disks; trojans and spyware can infiltrate the computer systems of the enemy and steal data and information or spy on his moves and behaviors. In the same way, DDoS attacks can be used within a cyber warfare operation to make the adversary's communication infrastructure useless. There are several examples of this kind of attacks: in spring 2007, Georgia and Estonia were the target of large DDoS attacks, apparently carried out by hacker groups probably sponsored by agencies close to Russian government bodies; in 2016, instead, the Ukrainian national electric system was repeatedly - and severely - hit by hackers who, exploiting serious vulnerabilities, managed to put several power plants out of order.
Semantic level attacks, finally, can be considered as a particular "category" of social engineering attacks. In this case, attackers try to manipulate the adversaries with phishing campaigns or through social networks in order to get hold of important data (such as passwords to access computer systems or other confidential information). Famous in this case are the attacks conducted by agencies close to the US and Israeli intelligence services to block Iran's nuclear development program.