No, not all hackers wear hoods, hiding in a cellar.
They do not all carry out “cyberattacks” with the same level of repercussions.
Yes, they play on mass effect and timing in order to amplify their more or less effective actions.
And count on the confusion around an abusive term.
The latest examples to date, the parasitic computer attacks at the beginning of the week against state services or the theft of France Travail databases were quickly qualified as “cyberattacks”, a portmanteau word which hides the degree of seriousness of 'one problem: the online scam has little to do with the major destructive cyberattack.
In the specific case of France Travail, the situation corresponds to an exfiltration of data because the attackers did not take care to destroy the source of their loot.
Here is a little glossary to navigate these troubled waters.
Hacktivism
This portmanteau word (again) designates a hacker who acts through political activism.
These activists from different backgrounds coordinate online to defend a common cause.
Their weapons?
A form of digital vandalism or the insertion of a protest message on online media that they modify.
They also use digital raids in the form of denial of service attacks, which are low cost but easy to claim on social networks or encrypted messaging.
Defacing or defacement
Medium-level hackers manage to modify the home page of a website in order to publish their message of demands.
Increasingly rare, this attack has immediate media impact but leaves few after-effects for the targeted organizations.
A “tag” on a virtual wall.
Phishing or smishing, phishing
Win a smartphone by answering a questionnaire, pay a fine or recover an e-commerce package by giving your email... This is the basic technique of the cyber-crook, already well known for a decade but still just as effective for lure the victim to a fraudulent site in order to extract their data or passwords, or even extort a payment.
It is found in the top 3 cyber malware in 2023 in all its forms: e-mail (phishing), SMS (smishing), and more recently via QR Codes (quishing).
Also read: Paris Olympics: have hackers already infiltrated computer systems?
Scraping
Wild collection of data from a website using a computer script which harvests all available information.
Prohibited in theory, it is particularly effective when it targets the private intranet of an organization or company rather than the public version of a site.
The question of compliance with the regulation on the protection of personal data (GDPR) arises because this method will enrich user databases exploited for commercial purposes or, worse, in order to carry out online scams.
Denial of service attack (DDoS)
The lowest technical level of the computer attack but also the most visible from the outside.
Attackers hijack the power and connection of tens of thousands of computers or servers in order to overwhelm a computer system with requests.
Designed to accommodate a certain number of connections, the overloaded system ends up breaking down.
Its intense nuisance power at the beginning is quickly mitigated by countermeasures that are easy to deploy by Internet service providers or companies specializing in anti-DDoS protection such as Cloudflare or Akamai.
Social engineering
Initiated by the phishing method, this type of psychological manipulation attack makes it possible to obtain confidential information and increase access privileges to parts of a computer system reserved for administrators.
The hacker will pretend to be a friend, colleague or superior in order to retrieve a password or crucial information to accomplish his mission.
Cybercriminality
In the nebulous world of hackers, certain players have made it a profitable profession.
Organized and specialized in “profession”, these cybercriminals also have a hierarchy and quasi-industrial procedures to carry out scams such as fake bank advisors or extort victims of ransomware.
VIDEO.
Fake bank advisor scam: “In two hours, the scammer emptied our accounts”
“Organized crime, formerly specialized in prostitution or migrant smuggling, is easily tempted by cyber because the penalties are less severe, the profitability is higher and investigations are made difficult by the fragmentation of the networks,” the investigators explained to us. specialized bloodhounds from the EC3 center
from Europol.
Motivated by financial gain, certain groups of hackers, particularly Russian-speaking, also flirt with military circles in their countries of origin.
Malware or malicious software
A computer program or code designed to override cybersecurity software and contaminate a computer system, computer, or server.
Known under the original term “virus”, it comes in the form of different infections including the “worm” which does not require any human intervention to spread.
Spyware or spyware uses its stealth in order to discreetly collect strategic information on computers but also smartphones with the notable example of Pegasus which targeted iPhones.
More recently, Russian hackers deployed a “wiper” in the context of the Ukrainian conflict, a piece of malware whose sole objective is to destroy everything when it spreads.
Ransomware or ransomware
Appearing in 2017 with NotPetya, ransomware has become the most active current threat.
“Ransomware” in English corresponds to malicious software that encrypts, making the data on a computer, server or company network completely unreadable.
Appearing in 2019, their cybercriminal exploitation gained momentum in 2020, helped by teleworking and the professionalization of attackers.
Also read: Gangs, extortion and ransomware... Investigation into highly organized gang hackers
It is accompanied by a double-trigger extortion component: the hackers will first sell the victim the key to decrypting the data, the key to gaining access again.
But if the target has a way to restore their backups and refuses to pay, they activate a second lever: data blackmail by threatening to publish the siphoned information or resell it to the highest bidder.
Cyber attack
It is the generic term that fuels all fantasies and is attributed in an abusive manner.
Led by experienced hackers, often sponsored by a state, this massive computer attack attacks the heart of computer systems.
It aims to map them, paralyze them or destroy them for good.
The scale and impact of such an operation as well as its level of sophistication determine its status.
Planned for months, it is executed brilliantly when it remains undetected until having accomplished its mission which varies from industrial or strategic espionage to the annihilation of the computer structures of the victim or the enemy as part of a “cyberwar”.