Cyber Attack – A Modern Day Horror Story
On a morning like any other, the senior management of the company John Doe Inc., received calls from several branches that are unable to access emails or phone lines. The management initially thought it was a bit of a glitch that will be cleared up quite quickly. Unfortunately, all was not as it appeared.
Over the next few hours branches were reporting that all computer systems, access to emails and documents have been revoked, and phones lines were down (DDOS). It became apparent that the company has been hit with a catastrophic cyber-attack (Malware) as all computers across the company’s branches and offices displayed a ransom demand for the attack of $400 in Bitcoin per station (Cryptocurrency), or else their data will be destroyed (Ransomware).
At first, the company decided not to pay the ransom, and activate its backup system, instead. However, as it turned out, the backup system has been infected with the same malware (Data recovery). After a several hours of total shutdown, John Doe Inc. finally decides to pay, but only minutes after all of the company information was wiped out (Wiper).
That evening of the cyber-attack, large clients of the company report the same issues with their computer network (Worm\Virus). It wasn’t long until the attack hit the headlines, and caused chaos among clients and regulators (Reputation & Compliance).
After a full day without phones. Three days without email. Nearly two weeks without complete access to system’s data, it appeared that the damage was even greater. Confidential data of the company and its clients were being auctioned off to the highest bidder (Data Breach + Spyware) on several online marketplaces (Darkweb). It is yet unknown if John Doe Inc. could ever recover from this cyber-attack.
This horror story is the reality of many companies, organizations and individuals, that wake up one day to discover that a cyber-attack has destroyed their business of even their life. As a CEO of a company (CybintSolutions.com), this is my biggest nightmare, because I know that nobody is immune from it, not even a cyber security company.
Computers and computer embedded devices have gradually taken over every aspect of our life. Modern financial systems, public services, national infrastructures and even our everyday tasks are monitored and controlled by computers. While computers have made our lives much simpler, they have brought the enormous risk of cyber-crimes that can dramatically disrupt our lives.
The motives behind cyber-crimes cover a wide spectrum, spreading from desire for financial profit to commercial espionage and advancing a political agenda. Cyber-crimes can affect an individual or groups of people, depending on the target of the attack and motives of the attacker. In addition, we also encounter the threat of cyber-terrorism, for example, a deliberate large-scale attack against critical infrastructure (like the power system) can cause destruction and panic.
Know Your Enemy
The first step to deal with this new array of threats is to Know Your Enemy, i.e. to know the different types of cyber-attacks and malwares, understand how they work and how we can protect ourselves, our businesses and our clients. Let’s review some of the most common attacks that have thrived last year, and are expected to grow in 2018:
Ransomware (Example – “WannaCry”): Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. Modern ransomware families are collectively categorized as crypto-ransomware. They encrypt certain file types on infected systems and force users to pay the ransom online to get the decryption key. Ransomware can be downloaded when unsuspecting users visit malicious or compromised websites. Ransomware can also arrive as a payload either dropped or downloaded by other malware. Some Ransomwares are known to be delivered as attachments from spammed email, downloaded from malicious pages, or dropped by exploit kits into vulnerable systems. The rise of Bitcoins contributed greatly to the increasing popularity of ransomware among hackers.
Wiper (Example – “NotPetya”): This type of malware might walk like a Ransomware and quack like a Ransomware, but is a Wiper. The intention of this malware is to wipe out all your data. In contrast to the Ransomware that is based on financial motivation of cyber criminals, the Wiper is focused on causing damage and chaos among its victims. It can be used by government-led groups or terror organizations as part of a cyber warfare, or by ruthless competitors who are willing to use all means, including paying hackers to attack their rivals.
Spyware (Example – “KeyLogger”): Spyware is malware that is designed to collect information and monitor the activity of the computer they’re installed on. Spyware can collect any information that can benefit the attacker, such as passwords, credit card details, documents, commercial secrets, browsing history, Emails, pictures and much more. It can also be programmed to perform complicated actions, like recording keystrokes (that helps extract usernames and passwords) or take screenshots whenever you use a certain program. Some spyware can even activate the computer’s microphone and camera to record everything that’s happening in the area around the computer. Spyware can be used to analyze user preferences to customize online advertising for those users, or even for harmful causes such as identity theft, credit card theft, fraud, blackmail and industrial espionage. Usually, this kind of malware is developed by professional hackers who then sell the secrets on the black market for use in online fraud and other illegal activities.
Adware (Example – “1ClickDownloader”): The term adware is frequently used to describe a form of malware that pushes advertisements and banners on your screen. The ads display format varies, from non-invasive banners implemented within a program to very invasive pop-up windows. Most users don’t want to see ads, but Adware can be downloaded without the user being aware of it. It usually happens when you download free software or add-ons. Some Adware programs have functions built in, such as analyzing the sites you visit to customize ads. In these cases, the Adware does more than show advertisements. It collects information about you. You aren’t even aware that information is being collected. Although some Adwares don’t have malicious intentions, the execution can be quite intrusive at times. For example, when the Adware observes your activities without your consent and sends the information to the software’s author. Generally, these types of Adware are usually classified as spyware and are treated accordingly. However, some adware operates legally, and some adware developers have even sued antivirus companies for blocking their adware. In light of the growing number of different types of Adware, there are programs that detect and remove them, such as Ad-Aware, Malwarebytes’ Anti-Malware, Spyware Doctor, Spybot and Search & Destroy. In addition, almost all commercial antivirus software currently detects adware and spyware, or offers a separate detection module.
Botnets and DDOS (Example: “Ping of Death”): Web Robot, or simply Bot isn’t necessarily a bad thing, it’s a software application that can perform tasks over the internet, from web crawlers for search engines, to chat bots and other services. The problem starts when our computers, servers or other internet devices are forced by a malware to become part of a Bot Network (Botnet). Once the device is infected, it can be controlled remotely by the hacker, to conduct other attacks. One type of a Botnet attack is the distributed-denial-of-service, also known as DDOS, when the infected devices generate malicious traffic to make a machine or network resource unavailable. In many cases the users are unaware of the botnet infecting their system.
You Are the Weakest Link:
The cyber security of any organization is only as strong as its weakest link. The most serious vulnerabilities of a system are not necessarily found within hardware or software, but rather with the people who use it. It is estimated that 95% of cyber security breaches are due to human error. More than half of all security attacks are caused by individuals who had insider access to an organization’s IT systems. An attacker always goes after the low hanging fruit first. The first obstacle for an attacker is perimeter security. Breaking the perimeter is much harder today than it used to be. It is easier to exploit vulnerabilities of end users, and to gain access to a private network from the inside. For example, if a file can be uploaded directly to a computer inside an organization, then it can effectively bypass all the existing protection software without detection.
There are many methods that hackers utilize to take advantage of our employees’ lack of awareness, not just phishing scams. Many employees and individuals are victims of WIFI attacks, mobile attacks, software vulnerabilities, data breaches, email\phone spoofing etc. It is our responsibility to assess the gaps in knowledge, and to provide the training and skills to narrow the gap, and minimize the risk to our organizations.
In addition to cyber security awareness training, another important human aspect of cyber security is – planning. You should have a cyber-game-plan for prevention, detection and recovery from cyber-attack. You need to know exactly what are you going to do in each step, who needs to be involved and what tools and resources you will need. It’s also important to practice and simulate cyber-attacks as you practice other emergency drills like fire or earthquake, especially because it’s much more likely that you will encounter cyber-attacks in 2018, and because the damage might be even bigger than other catastrophic events.
If you need assistance in the assessment, training and planning of your cyber security and cyber intelligence readiness, we are here for you at ww.cybintsolutions.com.
About the Author:
Roy Zur is the founder and CEO of Cybint, an international cyber security/intelligence education company that provides individual and business training, certifications and learning solutions. He has worked in the cyber arena for more than 15 years, and is a retired Major from the Israeli Cyber Unit (8200). He is currently National Director at legal education provider BARBRI, a licensed attorney, and is a past legal adviser in the Israeli Supreme Court. Roy is an engaging and frequently sought-after presenter. He speaks at conferences all over the world, appeared in the On the Road, Legal Talk Network Podcast on August 2017, and more recently, has completed a series of webinars with the U.S. Department of Justice on various cyber topics. Additionally, Roy serves as a cyber security/intelligence consultant to some of the nation’s largest banks, the FBI, and other organizations.