Photo Credit: © panandrii - stock.adobe.comA spate of cyber-attacks occurred in 2017 that detrimentally affected businesses, individuals and countries. Cyber threats increased in frequency and sophistication, as well as scope. Ransomware-as-a-service proceeded to thrive in the underground. Attack vectors and delivery methods branched out beyond phishing. Social networks have become a data goldmine for cybercriminals, and cryptocurrencies are fueling ransomware attacks.
Here is a recap of this past year's notable cyber-attacks, ransomware and data breaches, and the key lessons they taught us.
WANNACRYLast May, an unprecedented ransomware attack called “Wana Decrypter” or “WannaCry” affected over 300,000 computers in more than 150 countries and caused a worldwide 1 billion dollars in damage.
WHAT IS RANSOMWARE?Ransomware is a type of malicious software, also known as malware that, upon downloading to a computer, encrypts files so they can no longer be accessed. Alternatively, it locks down the entire operating system, so anything is inaccessible to the user.
HOW DID WANNACRY COME INTO BEING?WannaCry is a particularly heinous threat due to its ability to self-propagate and spread itself across an organization’s network and onto other organizations through the internet. The ransomware spread by exploiting critical vulnerabilities in Windows computers, which Microsoft patched in March 2017 (MS17-010). However, many users and businesses failed to download the latest patch, exposing their systems to the threat.
The exploit known as “Eternal Blue” was released online to the public in April by a hacking group named Shadow Broker. This leak ultimately triggered the universal WannaCry outbreak.
HOW DOES WANNACRY WORK?The malware spread between networks via the internet like a worm. Once a computer is infected, the ransomware usually contacts a central server for the data it requires to activate, and then initiates encrypting files on the infected device with that information so the user can’t access them anymore. When all the files are encrypted, it posts a message demanding you to pay a ransom of $300 in Bitcoin to unlock the computer or decrypt the data. If the user failed to pay, the cybercriminals threatened to destroy the information.
WHO DID WANNACRY TARGET?The ransomware attack hit operating systems that hadn't applied Microsoft's patch for that vulnerability, infecting hundreds of thousands of computers in over 150 countries. The coordinated attack successfully infected large numbers of computers across the health services industry. It crippled the U.K.’s National Health Service, China’s National Petroleum Corporation, large organizations and companies, casting chaos across the world.
Although powerful, WannaCry had significant defects, including a mechanism that security specialists efficiently used as a kill-switch to render the malware inert and stem its spread.
LATEST WANNACRY UPDATEAfter careful investigation, the US in late 2017 publicly attributed the massive WannaCry ransomware attack to North Korea.
"The attack was widespread and cost billions, and North Korea is directly responsible," said Tom Bossert, White House Homeland Security adviser.
Kaspersky released a report stating that North Korea is being connected to cyber-attacks on banks in 18 countries. According to two international security specialists, it's plausible that the stolen money is being spent to advance North Korea's nuclear program weaponry.
PETYA/NOTPETYA/NYETYA/GOLDENEYEThe global ransomware attack known as Petya (NotPetya/Nyetya/Goldeneye) arrived a month or so after the widespread WannaCry ransomware virus.
HOW DOES PETYA SPREAD?Like its predecessor, Petya utilized the EternalBlue exploit as one of the means to propagate itself and attack networks. However, this malware was far more sophisticated than WannaCry in numerous aspects. Petya also used classic Server Message Block (SMB) network spreading methods, enabling it to disseminate within organizations, even if they have patched against EternalBlue.
One major differentiating factor between the two threats is that Petya wasn’t susceptible to a hardcoded kill-switch. But Petya still had its flaws. It incorporated an unsuccessful and inefficient payment system.
HOW DOES PETYA WORK?The ransomware would lock the computer's master boot record, which is essential for the machine to identify where the files and operating system are. Locking this makes the computer unusable. After a computer is infected, a message appears demanding $300 worth of bitcoin to decrypt the locked files.
WHO HAS PETYA HIT?Microsoft estimates the cyber-attack hit over 12,000 machines. The ransomware spread through computers in over 65 countries, affecting the U.S., large regions of Europe, Asia and South America.
Additionally, DLA Piper, one of the largest global law firms, was shut down and operationally crippled by the malware attack. Operations
198 MILLION VOTER RECORDS EXPOSEDVoter data on 198 million US Citizens was improperly stored and freely available for 12 days on the internet for anyone with the URL.
HOW WERE VOTER RECORDS EXPOSED?The data was exposed in June 2017 after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server. If that third-party vendor was responsible for storing the sensitive records on an unsecured cloud repository, the incident again underscores the importance of vendor due diligence and qualifying their security practices.
WHAT DATA WAS LEAKED?
The 1.1 terabytes of information leaked included birthdates, home addresses, telephone numbers and political views of approximately 62% of the entire US population, such as where they stood on topics like gun control, the right to abortion and stem cell research. Apart from these sensitive personal details, the information also consisted of citizens’ religious affiliations and ethnicities.
This form of data can easily be used for nefarious purposes, from identity fraud to harassment or intimidation of people who hold an opposing political view. Worst of all, if criminals have gotten hold of this data, they can send extremely personalized phishing attacks to you, appearing like something entirely legitimate.
At this point, from here on out, treat any email you get at the house or the office with a healthy dose of suspicion and ask yourself if it could be a scam. Do not click on links in emails and do not open attachments you did not ask for. Also, be careful with robocalls, and phone scammers that seem to know a lot about you. Remember, think before you click!
EQUIFAX DATA BREACHEquifax is one of three nationwide credit-reporting companies that tracks and rates the financial history of U.S. customers. The big-three credit bureau Equifax reported that cybercriminals stole 145.5 million U.S. customers’ credit records in a breach against one of its U.S. servers. The infringement was discovered on July 29th, but went undisclosed to the public until September 7th. Additionally, days after the breach was discovered, three Equifax executives sold shares in the company.
How does the Equifax data breach impact people and what was stolen?Equifax afflicted 145.5 million Americans, or nearly every adult. Personal data including birth dates, credit card numbers and more were obtained in the breach, and in some instances specific disputed transaction information.
The confidential information stolen from Equifax could enable criminals to impersonate individuals with lenders, creditors and service providers, who depend on personally identifiable information (PII) from Equifax, to make financial decisions regarding customers. Unique to the Equifax breach, in comparison to other data breaches, was that some of the individuals affected were unaware they were customers of the company. Equifax obtains its data from financial institutions including credit card companies, banks, financiers and retailers who report on individuals’ credit activity to credit reporting agencies.
Unfortunately, these attacks highlight the changing threat landscape and the general lack of awareness in both the corporate and personal contexts. Now more than ever, all consumers must also evolve, and learn how to protect their personal financial information and consumer credit profiles.
Bad Rabbit RansomwareIn October 2017 Bad Rabbit, a worldwide ransomware outbreak, affected several organizations in Russia, Ukraine, Eastern Europe and the U.S. This strain of malware has been compared to the infamous WannaCry and NotPetya attacks that affected organizations globally earlier last year.
How does Bad Rabbit work?Bad Rabbit ransomware froze computer systems in numerous countries. The outbreak started with social engineering, attacking websites and then imitating an Adobe Flash installer. The victim was instructed to click on an update for Adobe Flash Player, while the ransomware is downloaded to their machine in the background. The malware then encrypts all the files on the system and replaces the master boot record. Bad Rabbit then demands from its victim a payment of 0.05 bitcoin, or about $275 within 40 hours.
AlteryxAlteryx is a data analytics company that makes its money by repackaging data that it’s collected from various sources.
What is the scope of the Alteryx breach?In late December 2017, an analyst from security firm UpGuard shared that Alteryx had not appropriately safeguarded detailed personal information it had amassed on 123 million U.S. households. According to the Census Bureau, there are about 126 million American households. This data affects about as many people as the massive hack Equifax reported in September.
What have last year’s cybersecurity disasters taught us and how can your firm protect itself?These data breaches and outbreaks illustrate how malicious threats can unexpectedly evolve and catch unprepared businesses by surprise. Furthermore, they are demonstrative of the supreme importance of securing critical infrastructures, protecting sensitive business data and personal information, applying the latest software patches and conducting proper vendor due diligence.
Now is the time for financial institutions (FIs) and businesses alike to employ a progressive, integrated, systemic risk management framework and holistic approach to cybersecurity. It’s vital that organizations provide and mandate security awareness training for their employees. Otherwise, if you don't, the hackers will.
Think Before You Click - Phishing Emails Tips
As a cybersecurity best practice, Align advises you to remain vigilant and skeptical of potential email scams. You need to watch out for the following things:
- Phishing emails that claim to be from your financial institution, social media accounts and the like, where you can check if your data was compromised
- Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information
- Calls from scammers that claim they are from your bank or credit union
- Fraudulent charges on any credit card because your identity was stolen
- Emails that your account has been suspended. If you want to change the settings of subscription services, never click on a link in an unverified email claiming it’s from an organization you have an account with. Instead, type the website name in your browser, log in to your account the standard way and check for any messages there.
At this point, you must assume that threat actors have highly sensitive personal information that they can use to trick you. Ransomware isn’t going away anytime soon, and a comprehensive cybersecurity risk management solution is essential. Inoculate your staff against cyber threats with Align Cybersecurity™ Security Awareness Training.
Align Cybersecurity offers tailored, nimble and advanced cybersecurity solutions encompassing Vulnerability Assessments / Penetration Testing, Cybersecurity Risk Management as a Service (Align Risk CSR), Customized Cybersecurity Programs, Third Party Management, Managed Threat Protection (Align Guardian), Cybersecurity Training and more!