December Blog- The Year in Reviewby Brad Rudisail, MCITP, MCSE, Virtualization Administrator, Network Engineer
It is that time of year when we pause and reflect on the year from a cybersecurity point of view and review some of the year’s most devastating and extraordinary cyber-attacks. More importantly, we look back at them in order to determine how best to combat similar attacks in the future so that our organizations do not garner unwanted headlines in the year ahead.
A Million Dollars of Inertia
In 2016, ransomware became a $1 billion industry, one with established distribution channels and customer service professionals to guide victims through the payment process. With that type of precedent established, it should be no surprise that the dollar amount garnered within a single ransom would reach record setting aggregates. On June 10, the South Korean web-hosting firm, Nayana, was the victim of a highly effective ransomware attack called Erebus. Though originally designed for the Windows operating system, Erebus was recently modified to target Linux web servers as well. In this case, it brought down the company’s entire fleet of 153 Linux web servers. Having experienced a total disruption for their company, management was foisted into negotiations with the hackers. The final agreed sum of $1 million was split into three separate payments, each payment garnering a decryption key for a third of their servers. Even more painful than the money was the fact that the attack could have been prevented had the internal tech staff patched the servers prior to the attack.
One of the most important things you can do to secure your enterprise devices is to keep them patched and up to date.
Half the Country Falls Victim to Attack
Back in the fall, Equifax publicly announced that hackers had breached their network back in mid-May. The hackers then spent the next ten weeks pillaging their database, as Equifax did not discover the breach until July 29. The hackers were able to siphon social security numbers, birth dates, and addresses of some 143 million people. To top it off, they also obtained the credit card numbers of approximately 209,000 U.S. customers as well. Citizens of both Canada and the UK were also affected as Equifax holds credit information for over 44 million residents of Great Britain as well. What makes this data breach different than most is that the victims were not customers of Equifax in the traditional sense. Like the Yahoo breaches, people will feel the effects of this attack for years to come as hacker slowly utilize the stolen data.
Encryption of data today is a MUST today. Whether in transit or at rest, unencrypted data equates to unprotected data. Data that is secured using the strongest encryption methodologies is useless in the hands of anyone that lacks the decryption key. Encryption tools should be utilized for data residing on laptops, mobile devices and cloud storage as well. It is still not determined how the breach was implemented, which is why organizations cannot rely on simply one system to secure your network. Solutions such as FireEye or Fortinet utilize Intelligence-led Technology in order to comprehensively protect your enterprise today.
Malware Brings Down Stock Prices
The NoPetya malware outbreak in June showed that malware can hamper more than just your data, workloads and productivity. It can negatively impact your corporate earnings and stock price as well. Nuance Communications, a major provider of voice and language tools based in Burlington, Mass., was attacked on June 27. As a result, its medical transcription service that is utilized by half a million clinicians was suspended for up to three weeks. This disruption then affected its quarterly earnings, sending its stock price swiftly downward so much so that trading for the stock on the stock exchange was temporarily halted. Another example was Maersk, the world largest shipping container company, found themselves combating disruptions in their basic operations for two weeks, resulting in a loss in its third quarter earnings of up to $300 million.
The old adage that an ounce of prevention is worth a pound of cure is clearly evident in the case of these devastating malware attacks. The most effective method of protecting your organization from ransomware is an email security solution such as that offered by Barracuda, as phishing emails are still the primary deployment mechanism of these attacks. This should be backed up by endpoint protection such as Kaspersky and Eset to protect your devices should malware successfully penetrates your network.
WPA2 Wakeup Call
Earlier this year, a security expert at Belgian university KU Leuven, Mathy Vanhoef, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning. The report outlined how attackers could exploit the vulnerability to read encrypted data including credit card numbers, passwords, emails and personal identification. Mr. Vanhoef also noted that hackers could also inject and manipulate data as well. The vulnerability affects a number of operating systems and devices including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others. The scope of the vulnerability is limited as attackers would have to be in close proximity of the targeted devices and HTTPS traffic would still be protected.
Although there are no reports of this exploit being utilized currently, the report is a wakeup call that depending on the wireless security protection of a provider such as a coffee shop, retail outlet or hotel is not enough. All organizations should protect the sessions of their mobile users with a VPN solution. Solutions such as Fortinet's Fortigate solution ensure that the communicative sessions of your employees are fully protected.