A Study on Cyber Attacks and Security
It takes decades to build reputation and few minutes of cyber security negligence to ruin it
Vimal Rama Chandran
When a business is at the peak of success and when you feel nothing can go wrong, you become the target of hackers and the business comes tumbling down like a house of cards. Or as in other cases, your company might be already on a decline phase, not being able to survive the tough competition in the market and to add fuel to the flame, you get attacked.
Yahoo is one such victim of a massive cyber-attack. All three billion accounts of Yahoo were affected by several security breaches in 2013 and 2014; but it took Yahoo two years to disclose the breach. Email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords of millions of users were stolen and the incident remains one of the biggest data breaches in history.
The cyber breaches resulted in a huge loss for the company and they had to agree for a settlement package, that required it to pay a $50 million settlement to roughly 200 million people affected by the email service’s 2013 data breach. Yahoo’s UK wing was fined £250,000 by the UK Information Commissioner’s Office (ICO), for the 2014 breach.
The data breach adversely affected Verizon’s acquisition of Yahoo. The sale which was announced with a $4.8 billion price tag, was later on revised with a discount of $350 million, following the disclosure of cyber-attacks.
According to experts, Yahoo had ample opportunity to implement appropriate measures, and potentially stop customers’ data being compromised. But they failed to do so.
The world of cyber crime is vaster than ever and cyber attacks have become more of a sensitive issue, with companies losing not just their data, but money and fame as well.
The issue has become so crucial that companies, irrespective of the size and reputation, remains at the mercy of hackers. Cyber attacks hit businesses almost every day. According to former Cisco CEO John Chambers, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”
Your data might be safeguarded with multiple layers of advanced security; but do not turn a blind eye to the fact that hackers are skilled masterminds. A small vulnerability in your computer system’s defences is all it takes a hacker to exploit it. They will find flaws in the code of a website and insert their own code and then bypass security or authentication processes.
Negligent employees are one of the primary causes of cyber security breaches at SMBs. Choosing an easy-to-guess password or not changing the default password on something like a router, makes the job of a hackers easier and hassle-free.
Phishing, an oldest form of cyber-attack, still remains the most widespread and dangerous. With phishing messages and techniques becoming increasingly sophisticated, even technical users find it extremely difficult to recognize it. The method involves extracting personal information under false pretences. A hacker will send you an email asking you to change your password. The mail might look so genuine and professional that you might actually end up changing your password, without giving it a second thought. This is what happened in the run-up to the 2016 US election.
Russian hackers were on constant strive to get into major US institutions, including the White House and the state department. Their method was as simple as sending thousands of phishing mails, in the hope that at least one person will click on it. John Podesta, the chairman of Hillary Clinton’s campaign, fell prey to the tactics of the hackers. When he received the mail, he forwarded it to his chief of staff, who then sent it to the campaign’s IT team. Things took a U turn from here. The IT team mistakenly identified the email phishing for Podesta’s password as genuine and directed him to change his password. This resulted in Moscow accessing about 60,000 of Podesta’s emails. The hackers also breached the Democratic National Committee (DNC). The hackers didn’t have to rack their brains in this case, they rather played it smart.
Another common method of attack is a Distributed Denial of Service (DDoS), where a system is crashed by sending large amounts of traffic. In such incidents, users won’t be able to access the service, which results in revenue loss for the organization. If the service is essential, like in the case of a healthcare company, the consequences will be more than unpleasant. DDoS attacks have become bigger and devastating than ever before. A Cisco report reveals that the number of DD0S attacks exceeding 1 gigabit per second of traffic will rise to 3.1 million by 2021.
The attack on GitHub in 2018, which lead the development platform to struggle with intermittent outages for a brief period, is regarded as one of the world’s largest DDoS attacks. GitHub had to rely on its DDoS mitigation service, Akamai Prolexic, for support following the attack. Prolexic took over as an intermediary and steered all the traffic coming into and out of GitHub and sent the data via its scrubbing centers to remove and block malicious packets. After eight minutes, the attack was dropped off.
Hacking takes various forms and malware attack is one among them. There has been an alarming growth in the number of malware attacks in the last couple of years; nearly 9.32 billion malware attacks were identified in the year 2017. You would have absent-mindedly clicked on a link to download a file, or opened an attachment that may look harmless, unaware of the hidden danger. The malware then takes control of your system, monitors your actions and sends confidential data from your computer to the attacker’s home base, without your knowledge.
Viruses, worms, Trojan horses and ransomware have the capability to wreak havoc across business, government and personal computers. The 2017 WannaCry incident, dubbed as the biggest malware attack in history, infected 230,000 computers across 150 countries. WannaCry is a ransomware that functions like a network worm and spreads rapidly across a number of computer networks. After attacking a system, it encrypts files on the PC’s hard drive and hence, users won’t be able to access it. Decrypting the files will require you to pay a ransom amount in bitcoin.
A security vulnerability in older versions of Windows paved way for the attack. National Health Service was the main victim of the attack, with 70,000 devices hit, that included computers, MRI scanners and blood storage refrigerators.
If it wouldn’t have been for, Marcus Hutchins, a British web security researcher, who stumbled on a kill switch by registering a domain name found in the code, the outcome of such an attack would have been much more horrendous. But, even before that, $130,000 had to be paid in ransom!
According to FBI reports, number of ransomware attacks exceeds 4,000 per day, and 230,000 new malware samples are produced daily(as per other research agencies).
Not content with the current pattern of ransomware attacks, cybercriminals moved one step further by offering Ransomware-as-a-service, wherein they write ransomware code and sell or rent it to others. Even if a person is new to the world of cyber-attack or even if they lack the technical knowledge of how to create ransomware, they can launch attacks without much difficulty with this subscription-based malicious model.
Cyber-attacks are growing significantly, so are the victims. A survey conducted by Symantec, which involved interviewing 20,000 people across 24 countries, revealed that 69% of them were prone to some form of cyber-attack. On an average, 14 adults become the victim of a cyber-attack every second. The data gives us an insight about the seriousness of the issue. We know the method and frequency of cyber-attacks, but what is the motive behind these attack? Is money the only concern?
There are several possibilities that force people to commit such atrocious crimes. They might be young hackers who just want to show-off to their friends, organised cyber-criminal organisations who might be behind money or criminals aimed at political manipulation. A data from Radware, depicts the reasons behind why hackers hack:
• Ransom (41%)
• Insider threat (27%)
• Political (26%)
• Competition (26%)
• Cyberwar (24%)
• Angry user (20%)
• Motive unknown (11%)
Hacking for fun can be better explained with the example of Jonathan Jones, the first juvenile sentenced to serve term for computer hacking. James entered the hackers’ hall of fame, by hacking into NASA and Defense Department computers. He accessed the Marshall Space Flight Center in Huntsville, Alabama, and downloaded the proprietary environmental control software for the International Space Station, that controlled the temperature and humidity in the station’s living space.
While the above incident might sound like an immature teenager’s fun activity that went horribly wrong, some adults attack system for their personal gains. Kevin Lee Poulsen, an American former black-hat hacker, hacked into a Los Angeles radio station and blocked all the incoming calls. He took the extreme step to win a Porsche in a competition by the radio station, that was offered to the 102nd caller.
The rise in internet users has led to a significant growth in cyber-attacks. But that does not mean that the process is new; it’s history can be traced back to centuries. France was hit by the world’s first cyber-attack nearly two centuries ago. A national medical telegraph system that was created in the 1790s was attacked by a pair of bankers in 1834 to get a trading advantage in the bond market.
One of the first computer worms distributed via the Internet was the Morris worm or Internet worm of November 2, 1988. A graduate student at Cornell University unleashed a maliciously clever program on the Internet which soon started to propagate at an alarming speed. 6,000 of the approximately 60,000 computers that were then connected to the Internet were hit within a span of 24 hours. Files were not damaged or destroyed, but the impact of the attack was extremely powerful and emails were delayed for days. Some institutions had to stop using the internet for days. It was then that the world realized how important and vulnerable computers had become. Cyber security became a serious concern which was evident from the creation of country’s first computer emergency response team in Pittsburgh, just days following the attack. The incident served as a wake-up-call for everyone across the globe.
The viruses and worms that attacked networks in the olden days has transitioned to something more powerful and challenging in the current era.
Cyber attacks can be categorized into five generations, with the first generation beginning in the 1980s. The process involved transferring files between stand-alone PCS using floppy disks. The attack by Elk Cloner, one of the first known microcomputer viruses, falls in this category. The virus which was developed by a 15-year-old high school student, originally as a joke, attached itself to the Apple II operating system and spread by floppy disk.
In the mid-1990s internet started to become popular and it soon gave rise to the second generation of cyber-attacks. Compared to the first-generation viruses, much more malicious type of super-fast spreading worms took over that resulted in loss worth millions. Companies had to install firewall that helped in tackling the problem to a certain extend.
With the third generation came the demands for remuneration and cyber attacks became more of a business, contrary to the previous generations that were more prank-oriented. Hackers started to exploit vulnerabilities in applications, like in the case of Love bug, a computer worm that attacked millions of Windows personal computers in 2000. The email message which began with the words “Kindly check the attached love letter from me!”, launched the virus once you clicked on the attached file. The virus which was regarded as one of the most aggressive and nastiest, would spread by sending itself to all contacts in the recipient’s email address book. It had the capability to download more hazardous software from a remote website, rename files and redirect internet browsers, once embedded in a host computer.
The 4th generation of cyber-attacks began with Red October, an advanced Cyber-Espionage Campaign, that was aimed at global Diplomatic and Government Institutions. Highly-flexible malware was created by hackers to thieve sensitive data and geopolitical intelligence.
Hackers started to embrace higher levels of sophistication in the 4th generation, which had large-scale financial and reputational impacts on the public.
Currently we live in the 5th generation of cyber-attacks, wherein attackers have started to use latest technology to exploit vulnerabilities. The attacks can happen on networks, mobiles and even on clouds and are often large-scale, state-sponsored mega attacks.
Cyber-attacks are growing as rapidly as technological innovation, but how about cyber security? Are the current measures sufficient to combat attacks? Unfortunately, the answer is no. Many of the organizations use outdated security infrastructure and hence, aren’t equipped to handle these highly sophisticated attacks. According to a recent report, 97 percent of organizations are not prepared for these Gen V cyber threats.
Firstly, one need to understand the fifth-generation threat scenario and then take appropriate measures to protect your system from attack. Unless you have protection that is updated according to the current trends, you won’t be even aware that your network has been hacked.
Cyber defence strategies to strengthen your business against any form of attack is not an option anymore, it has become mandatory. There are numerous ways to defend yourself and your company against an attack and among them Two Factor Authentication (2FA) is one of the simplest yet effective measures. Adding an extra layer of security, other than a single password to gain access to your systems, will help in minimizing attacks drastically. This can take various forms such as an OTP( One Time Password), fingerprint scan, voice recognition or a question and answer. The process promises excellent results without much expense or complication.
Phishing scams have become more sophisticated over the years and separating wheat from chaff is indeed rocket science. These mails look so authentic that it somehow convinces the user to click on the link or open the attachment that comes along with it. So, the best thing to do is, ignore any such mail from an unrecognized sender or the ones that ask for personal or payment details.
A skilled IT team that can defend your company and help you recover in case you become the target of hackers, is more than obligatory. They should be updated with current industry standards and must adopt new Tools, Tactics and Processes (TTPs) for defending the company’s network.
All the employees within an organization might not be digitally skilled and hence, they are highly vulnerable. When you are not vigilant and ignorant of the various methodologies in which your network can be prone to attack, the scenario becomes much more tense.
A risk mitigation strategy adopted by certain companies is to “do nothing – accept the risk.” “If business owners are not willing to take necessary steps or actions to fix the security risks, they should keep the fund ready for the expected loss”, says Vimal Rama, Director of Information Technology, HLB HAMT.
Companies invest tremendous amount of money and resources into securing their networks, but when it comes to training their staff on the various aspects of attack and security, most of them lag behind. Security awareness programs will help you identify different target groups and methods and it ultimately creates a secure environment. Hackers will find it difficult to prey on employees’ ignorance once you are aware of the Do’s and Don’ts.
The rise in Internet-of-Things has posed many challenges to cyber security. On the one hand, your life has become quite easy, where you can control the devices at your house sitting at your office, but on the other hand, the technology can causer serious threats to security. IoT increases the vulnerability towards a cyber-attack, which forces you to step up and take measures to secure your devices. You should test your infrastructure before and after integrating IOT devices, which will help you identify potential security flaws, if any. If you haven’t installed a reliable and effective firewall on your devices, it’s high time you did it. Also, using an Intrusion Detection System, that will help in monitoring your networks, devices and systems for any suspicious activities, can help mitigate problems. To segment and limit the access privilege of certain devices, a device management tool can be of great help.
Secure Socket layer(SSL), a standard measure for secure internet browsing, helps in data encryption. Only the intended user will be able to access the data, thus providing privacy, security and data integrity. It enables secure online transactions between consumers and businesses.
These emerging security technologies will ensure data security to a large extend, but what if your system gets hacked even after protecting it with numerous layers of security? Discovering a malicious attack is indeed a tough call; it might take days and even months to identify an attack.
Hackers won’t inform the victims about their attack; most of the times they carry out their activities without the knowledge of the user. But a hacked system or network exhibits many symptoms and to figure out the same, you need to be extra vigilant.
Look out for these signs to know whether your system has been hacked;
• High outgoing network traffic
• Annoying ads on display
• Pop-up messages
• Disabled security solution
• Unfamiliar icons displayed on your desktop
• Unusual error messages
• Control panel not accessible
• Suspicious shortcut files
The first few hours following the discovery of an attack will be panicking and confusing. You might on the lookout for answers for various questions; when and how did this happen? Are the hackers still in our network? What will happen next? While it is human nature to freak out when a crisis like this occurs, it your action that should speak. Some companies just pull the plug out of the socket to protect their system. But the question is, is that the remedy?
Once a hack has been confirmed, you need to act quickly and carefully since every second counts. Try to get in touch with the incident response team, which can be an in-house group or an external company, as early as possible. “The way you react to a disaster shows how well you are prepared for it”, says Rama.
A study by IBM & Ponemon Institute reveals that leveraging an incident response team significantly reduces the cost of a data breach – saving companies nearly $400,000 on average.
Verifying the attack involves identifying the systems that has been hacked, determining which IP addresses were used and confirming the type of attack. You should immediately warn other users on the network about the attack, so that it doesn’t spread. The infected computers should be isolated and the breach should be disclosed to necessary parties.
Even if you were able to overcome the consequences of a cyber-attack, there is nil assurance that it won’t happen again.
Get in touch
Whatever your question our team will point you in the right directionStart the conversation