Cyber Threat Mistakes, Not To Be Repeated in 2019
- Anas Feroz
- May 30th, 2018
Hackers are becoming ever more agile in charting out ways, through which they can instigate new cyber threat with cunning laced master precision. From the light rail network in San Francisco to the whole power grid of Ukraine, many systems and organisations felt the jolts of leaving the back door open for hackers to exploit critical system vulnerabilities.
However, just jacking up your defenses won’t do you much good, as you need to know exactly what to stop and what are the ways to secure your online personal information. You must understand the evolving landscape and extent of how much and from where you can be hit. The following are some of the most dangerous top cyber threats from the past year and ways through which you can resist getting affected by them in 2018:
The National Security Agency or NSA has been increasingly scrutinized in the recent past for damning allegations of undue privacy coups and unrecognized surveillance attempts, but the NSA suffered its biggest guffaw in 2016, when a hacking threat group revealed that they have stolen a high number of top-secret cyber security weapons from NSA’s trove.
This hacking threat group named “Shadow Brokers” acquired these tools by breaking into NSA’s secretive cyber wing titled the Equation Group, whose job is to hoard zero-day vulnerabilities in major operating systems.
After the reveal, Shadow Brokers announced that they would be selling these hacking tools off through auction on major internet ecommerce days like Black Friday and Halloween.
Among these highly dangerous hacking tools was Eternal Blue, an exploit that specifically targets weaknesses in the SMB system of Windows OS. It fhad the biggest potential to turn in the highest amount of damage to major system networks worldwide.
However, despite the swift action by Microsoft in issuing a cybersecurity patch in March 2017, a month before Shadow Brokers actually published it on hacking forums, this Windows exploit formed the crux of two of the biggest ransomware attacks of 2017 (See below).
The extent of damage caused by the revelation of this exploit has again ferociously ignited the debate towards the practices of security agencies worldwide to hoard vulnerabilities that can lead to major zero-day catastrophes, if compromised like in this case.
There might even be more powerful exploits lurking in the troves of such secret agencies, which if leaked, could spell a major disaster in the times to come.
On May 12, 2017, the first major ransomware attack of the year hit the global network on an unprecedented scale, crippling major public and private sector organizations worldwide.
What started as a small infection on May 12, 2017 in South East Asia quickly spread its tentacles to wallop nearly 200,000 systems in a whopping 150 countries worldwide, creating a deadly cyber threat.
However, this time, the ransomware didn’t arrive through traditional methods. When checked, no evidence was found of a phishing hook, the most conventional procedure to plant a ransomware inside a system. Hackers exploiting the EternalBlue with a compromised SMB port was deemed as the primary starting point of the attack.
The scaling of the ransomware so quickly across major nations and organizations was duly assisted by the fact that many places didn’t employ the patch issued by Microsoft two months before the attack took place. This patch could easily have defended against the cyber threat.
In other places, the systems were found to be running older versions of the Windows OS, which Microsoft has stopped supporting, making it relatively easier for hackers to increase their reach by exploiting vulnerable systems.
Some major organizations were hit by the cybersecurity threat. The most notable among them was the National Health Service (NHS) in England and Scotland. Critical medical devices like MRI scanners stopped working, after the ransomware worm affected the system.
Others to have been hit included FedEx, Deutsche Bahn, Renault and Nissan Motor Manufacturing UK, all of whom had to shut down part of their operations to battle it out with the ransomware attack.
The damage incurred was estimated to be in billions of dollars, however, the quick discovery of a kill switch by researcher Marcus Hutchins and the swift manufacturing of emergency security patches by Microsoft, helped the affected to limit the damage to a wide extent.
Asking $300 in Bitcoin as ransom, the hackers managed to secure around 52 Bitcoin, which could have made them hit pay dirt, if they had kept them for the surge in Bitcoin prices later the same year. At the highest point of price, 52 Bitcoins could have been worth more than a million dollars at $19,783.06 per piece.
WannaCry has been attributed to have originated in North Korea and signifies how unconventional weapons, like OS bug exploits could become increasingly common in the years to come.
While the WannaCry ransomware attack could have spurred organizations to make their systems more robust and prevent further problems, stemming from the EternalBlue exploit, many systems were still running without the patches being updated.
The result? Another attack by ransomware nicknamed NotPetya that exploited the same vulnerability to attack a large network of systems. But this time, the attack was more surgical in its motive and many online security experts have termed it to be an attempt to inflict damage on a certain enemy through a worm masquerading as a ransomware.
NotPetya attacked Ukraine with ferocity and more than 80% of the systems lay compromised within that country with Germany at 9%, being the second most affected country after Ukraine.
The hackers exploited Medoc, the predominant tax accounting package software in Ukraine, to sow bugs through the automatic update feature of the software. Once in the system, the worm affected every file found within the system domain, while the popular NotPetya ransomware would just have encrypted the Master File Table of the Hard Disk.
The damage to the infected systems was so high that it was impossible to regain many files and programs, because they had been completely wiped off or overwritten beyond the realms of recovery. From Boryspil International Airport to the State Savings Bank of Ukraine, the country felt a huge economic jolt in the wake of this unprecedented cyber-attack.
Ukraine blamed Russia for being behind the attack, while the latter denied involvement and said that it was among the major targets from the cyber threat. The attack was stopped the next day after starting on June 27, 2017.
Containing an even more exhaustive list of tools and documentation used by the NSA in their spying and cyber warfare domains than the ShadowBroker’s leak, Wikileaks released their latest data trove name Vault 7 on March 7, 2017.
The documents contained in the leak showed the extent to which users can be compromised. In there are ways to deploy Wi-Fi signals in charting out a device’s primary location, turning Smart TVs into listening devices. Also present are hacks to control and snoop into Mac OS just by exploiting the core base code.
The legitimacy of developing and harvesting these tools has come under serious scrutiny, since the leaks came to the fore. You can now find many discussions and debates on how to prevent cybersecurity threats and make online safety more robust.
Researcher Chris Vickery reported on June 19 that he had found a publicly accessible database of nearly 200 million US Voters lurking on the web.
When further prodded, it was revealed that a specialist firm named “Deep Root” was the real owner of the data and their team had misconfigured the Amazon servers on which the information was to be stored, resulting in the major embarrassment.
The firm quickly acted and the database vanished from where it was originally found, but the story exposed the extent to which even the best of firms specializing in data could be so lackadaisical when it comes to following cybersecurity protocols.
The cybersecurity threats of 2017 were a major wake up call for organizations and people across the world to do more and be extra vigilant when it comes to protecting important data and critical systems. Nearly all of these incidents were preventable through standard security practices but lags are what hackers are after and that’s exactly what happened in all of these reported attacks.
In 2018, the list of cyber threats could increase in numbers and strength. Subsequently, users are advised to be even more careful on handling their data troves and systems because the hacking world will pose even greater risks as they are fast becoming increasingly organized.
The word CaaS (Crime as a Service) will definitely gain greater leverage from cyber threats in upcoming times as attacks from Trojans, malwares, ransomware, bugs and zero day vulnerabilities will all be exploited in a more systematic manner than previously ever seen.
Never be offhand with your online security protocols or else be prepared to cough up Bitcoins. Either in major ransomware attacks or risk getting your data erased by a bug that you installed yourself believing it was an innocuous software update from your known product developer.