Cyber Threat Mistakes, Not To Be Repeated in 2019
- Anas Feroz
- May 30th, 2018
Hackers are becoming ever more agile in charting out ways, through which they can instigate new cyber threat with cunning laced master precision. From the light rail network in San Francisco to the whole power grid of Ukraine, many systems and organisations felt the jolts of leaving the back door open for hackers to exploit critical system vulnerabilities.
However, just jacking up your defenses won’t do you much good, as you need to know exactly what to stop and what are the ways to secure your online personal information. You must understand the evolving landscape and extent of how much and from where you can be hit. The following are some of the most dangerous top cyber threats from the past year and ways through which you can resist getting affected by them in 2018:
The National Security Agency or NSA has been increasingly scrutinized in the recent past for damning allegations of undue privacy coups and unrecognized surveillance attempts, but the NSA suffered its biggest guffaw in 2016, when a hacking threat group revealed that they have stolen a high number of top-secret cyber security weapons from NSA’s trove.
This hacking threat group named “Shadow Brokers” acquired these tools by breaking into NSA’s secretive cyber wing titled the Equation Group, whose job is to hoard zero-day vulnerabilities in major operating systems.
After the reveal, Shadow Brokers announced that they would be selling these hacking tools off through auction on major internet ecommerce days like Black Friday and Halloween.
Among these highly dangerous hacking tools was Eternal Blue, an exploit that specifically targets weaknesses in the SMB system of Windows OS. It fhad the biggest potential to turn in the highest amount of damage to major system networks worldwide.
However, despite the swift action by Microsoft in issuing a cybersecurity patch in March 2017, a month before Shadow Brokers actually published it on hacking forums, this Windows exploit formed the crux of two of the biggest ransomware attacks of 2017 (See below).
The extent of damage caused by the revelation of this exploit has again ferociously ignited the debate towards the practices of security agencies worldwide to hoard vulnerabilities that can lead to major zero-day catastrophes, if compromised like in this case.
There might even be more powerful exploits lurking in the troves of such secret agencies, which if leaked, could spell a major disaster in the times to come.
On May 12, 2017, the first major ransomware attack of the year hit the global network on an unprecedented scale, crippling major public and private sector organizations worldwide.
What started as a small infection on May 12, 2017 in South East Asia quickly spread its tentacles to wallop nearly 200,000 systems in a whopping 150 countries worldwide, creating a deadly cyber threat.
However, this time, the ransomware didn’t arrive through traditional methods. When checked, no evidence was found of a phishing hook, the most conventional procedure to plant a ransomware inside a system. Hackers exploiting the EternalBlue with a compromised SMB port was deemed as the primary starting point of the attack.
The scaling of the ransomware so quickly across major nations and organizations was duly assisted by the fact that many places didn’t employ the patch issued by Microsoft two months before the attack took place. This patch could easily have defended against the cyber threat.
In other places, the systems were found to be running older versions of the Windows OS, which Microsoft has stopped supporting, making it relatively easier for hackers to increase their reach by exploiting vulnerable systems.
Some major organizations were hit by the cybersecurity threat. The most notable among them was the National Health Service (NHS) in England and Scotland. Critical medical devices like MRI scanners stopped working, after the ransomware worm affected the system.
Others to have been hit included FedEx, Deutsche Bahn, Renault and Nissan Motor Manufacturing UK, all of whom had to shut down part of their operations to battle it out with the ransomware attack.
The damage incurred was estimated to be in billions of dollars, however, the quick discovery of a kill switch by researcher Marcus Hutchins and the swift manufacturing of emergency security patches by Microsoft, helped the affected to limit the damage to a wide extent.
Asking $300 in Bitcoin as ransom, the hackers managed to secure around 52 Bitcoin, which could have made them hit pay dirt, if they had kept them for the surge in Bitcoin prices later the same year. At the highest point of price, 52 Bitcoins could have been worth more than a million dollars at $19,783.06 per piece.
WannaCry has been attributed to have originated in North Korea and signifies how unconventional weapons, like OS bug exploits could become increasingly common in the years to come.
While the WannaCry ransomware attack could have spurred organizations to make their systems more robust and prevent further problems, stemming from the EternalBlue exploit, many systems were still running without the patches being updated.
The result? Another attack by ransomware nicknamed NotPetya that exploited the same vulnerability to attack a large network of systems. But this time, the attack was more surgical in its motive and many online security experts have termed it to be an attempt to inflict damage on a certain enemy through a worm masquerading as a ransomware.
NotPetya attacked Ukraine with ferocity and more than 80% of the systems lay compromised within that country with Germany at 9%, being the second most affected country after Ukraine.
The hackers exploited Medoc, the predominant tax accounting package software in Ukraine, to sow bugs through the automatic update feature of the software. Once in the system, the worm affected every file found within the system domain, while the popular NotPetya ransomware would just have encrypted the Master File Table of the Hard Disk.
The damage to the infected systems was so high that it was impossible to regain many files and programs, because they had been completely wiped off or overwritten beyond the realms of recovery. From Boryspil International Airport to the State Savings Bank of Ukraine, the country felt a huge economi