Cyber security Attacker

2017 major cyber security attacks and how they could have been avoided

Posted on Posted in Security

It’s the start of the year (2018), so what better time to review some of the major cyber security incidents of 2017 and see what we can learn about defending against attacks in 2018.

You may have noticed that newsworthy cyber security attacks have been saturating the media. These attacks have caused more damage than most of us can begin to imagine. Last year alone, global ransomware damage costs are predicted to exceed $5 billion dollars. This is a huge sum that will continue to grow at the speed of light if companies and individuals don’t jump on the cyber security bandwagon and learn how to protect themselves against the world of cybercrime. 

In this post I will cover some of the ways in which the world has recently been affected by cyber security attacks. What could have been done to avoid these attacks? What can we do to protect our selves now?   

 

[su_quote] Anyone with a computer device that is connected to the internet is at risk [/su_quote]

 

What is a Cyberattack? 

The term ‘cyber attack’ is thrown around so often these days but what does it really mean. Well let me explain; 

Cyber attacks are attempts by politically or socially driven hackers to damage, destroy or kidnap information from computers or networks primarily through the internet. The attackers target anyone from the general public to the largest government organization. Attacks can be executed in many different ways ranging from the injection of the most sophisticate cryptoworm into a computer network to simple data theft by trusted users or employees. 

Some of the worst cyber attacks in history have happened in the last year. I suppose that it is not surprising really, as the likely hood of that being the case each and every year to come is high. Hackers and White hat cyber security researchers (or cyber super hero’s as I like to call them) are literally at war. Rapidly building their skills and battling to get the edge. Let’s take a look at a few of the most destructive cyber security attacks in the last year to give you a little bit of insight as to how the infiltrations have occurred and how they could have been avoided. 

 

[su_quote]The attackers have an infinite amount of time and only need to find one vulnerability to win! [/su_quote]

 

Cloudbleed security bug | Cloudflare |on 7th February 2017 

The ‘Cloudbleed security bug’ was actually an unintentional leak not a cybersecurity attack. To make things worse the company that accidentally let this happen; Cloudflare, are responsible for safeguarding all of the personal data that flows through some really familiar company websites. Uber, FitBit and Reddit to name but a few are all powered by Cloudflare. 

The bug was so tiny it’s a wonder it was ever identified. Just a simple coding mistake caused the bug. A mistyped character in the code that’s all it came down to. 

It is still not clear how much data has been leaked since the the mistake was overlooked in September 2016. We can only hope that hackers did not identify the weakness before it was found in February 2017! 

 

How could it have been avoided? 
  • Dynamic/Static Code Analysis 
  • Code Reviews 
  • Release Management Process Improvement 

 

Wikileaks CIA Vault 7 | by Wikileaks | on 7th March 2017

I’m sure by now that the whole world is aware of Wikileaks, the whistleblowing organization. WikiLeaks systematically leak highly secret documentation to the public. According to their website, they do this to “bring important news and information to the public” But WikiLeaks doesn’t hack anyone for the information. They rely on insiders! Yes, you heard it. Trusted people inside organizations and businesses are anonymously dropping secret information into WikiLeaks’s secure “dropbox”. It just goes to show that even the CIA have whistleblowers in their midst!

‘Vault 7’ was just one WikiLeaks campaign that has gradually leaked highly sensitive documents detailing the CIA’s Cyber warfare capabilities. Including a list of hacking tools created and used by the CIA. It seems that the CIA has the ability to compromise cars, Smart TV’s, various web browsers, smartphones and popular operating systems, but then again that’s what the CIA does isn’t it? 

Although it’s nice to be informed, the flip side is that cyber security leaks this big can cause a lot of damage to people, businesses and governments. The information leaked in the vault 7 WikiLeaks is now as easily accessible by the general public as it is to foreign government agencies… not all which are friendly!

 

How could it have been avoided? 
  • Adopt a least privilege access model 
  • Leverage data loss prevention 
  • Conduct checks on new and existing employees 
  • Adopt defence in depth 

 

Don’t Forget Your Base | by Shadow Brokers |on 8th April 2017 

‘Don’t forget your bases’ was a cyber security attack by a group called Shadow Brokers, on the 8th of April this year. The Shadow Brokers released an NSA password to a vault of encrypted files containing a particularly important set of NSA hacking tools.  

Shadow Brokers are a hacking group that managed to hack the most secure organization in the world to exploit their secrets. they are a particularly nasty group that auction or sell all their ill-gotten info at auction for bitcoins but this specific cyber security attack was intended, at least partly, as a political statement in response to Trump’s assault on a Syrian airbase. 

One of the leaked NSA hacker tools contained in the stolen files named EternalBlue was subsequently used as part of the global attack WannaCry in May and once again used to help facilitate the NotPetya/Peyta cyber security attack in June. 

 

How could it have been avoided? 

This one is a bit tricky as we don’t know the exact details of how the binaries/source code was obtained however the following would help protect against data loss: 

  • Data Loss Prevention Solutions 
  • Security Awareness Education 
  • Information Assurance and Governance Processes 
  • Least privilege access 

 

WannaCry Ransomware attack | by the WannaCry | on 12th May 2017  

The ‘WannaCry Ransomware attack’ was a global assault targeting computers running Microsoft office operating systems which and it has caused millions, if not billions, of dollars in damages.  

What’s ransomware you say? Ransomware is a form of malware (malicious software) which encrypts a computer’s files effectively holding a computer hostage and demands a ransom payment for the return of the files. 

It is believed that the attackers used downloads in emails to spread the virus and then once members of unsuspecting public clicked on the download the virus was able to infiltrate the computer and effectively kidnap the computer’s files. Once all the files were safely locked away the malware posted a message on the computer screen demanding a ransom payment for all files and threatening to destroy all the information if the ransom was not paid. Just for added drama and to heighten stress levels there was then a countdown timer displayed as well!  

To see how Xservus helped to respond to the Wannacry Ransomware attack check out this article.

 

How could it have been avoided? 
  • Disabling legacy protocols 
  • Patching (the patches were released a fair while before the outbreak 
  • Take special care when opening emails from unknown senders that contain suspicious looking attachments, downloads of links. 

 

198 Million Voter Records Exposed | Deep Root Analytics | on 12th June 2017 

This one yet again was not a a cyber security hack. In June, this year 198 million voter records dating back over 10 years were discovered to be open to the public….by mistake! Apparently, this happens all the time. It is a matter of server misconfiguration and it is one of the biggest cyber security risks that threaten individuals, businesses and organisations today. 

Deep Root Analytics is the owner of the databases in question and they store that database on an Amazon S3 server which had the misfortune of being misconfigured. 

 

How could it have been avoided? 
  • Default cloud settings should be set with higher security levels as priority 
  • Use of setup scanning tools 

 

Goldeneye/Petya attack |by Petya | on 27th June 2017 

Peyta was the 2nd critical global ransomware attack last year. The assault started less than 2 months after the WannaCry cyberattack paralyzing numerous companies and generating hundreds of millions in damages and lost income. Peyta ransomware exploited vulnerabilities in much the same way that WannaCry ransomware did. Taking computer files hostage and demanding a ransom payment in Bitcoin (a worldwide crypto currency and digital payment system) for their return. Although Microsoft released a patch for all affected versions of Microsoft Windows following the WannaCry attack, not all users would have been able to install the fix quickly enough to avoid being affected by Peyta. In total, it is believed that Peyta infiltrated an estimated 16,500 computers which is just over 5% of the total estimated number of machines that WannaCry took hold of. 

The Peyta attack came in 2 phases. In its first week, it earned the hackers around $13,000 in paid ransom fees but the 2nd week saw a change in the game. A massive increase in the payment being demanded, $340,000 (100 Bitcoins) was required in return for a digital ‘skeleton key’ that could open any Peyta encrypted file. 

 

How could it have been avoided? 
  • Patches should have been installed immediately after release following the WannaCry ransomware release 
  • Take special care when opening emails from unknow senders that contain suspicious looking attachments, downloads of links. 

 

Conclusion:

Cyber security attacks and data breaches are not going away anytime soon (if ever!), if anything 2017 taught us that we are still not generally in a strong defensive security position. Age old, unpatched vulnerabilities and weak cyber security practices are still a huge issue for companies of all sizes and it’s important to realize that there’s no silver bullet (even if it has the word next gen in it). A strong cyber security posture is important to not only ensure compliance, protect business assets but also protect your customers.

In our next blog, we are going to bring it closer to home and talk about what to look out for and what safeguards Xservus put in place to protect against cyber security threats.

 

[su_quote]Cyber-attacks and data breaches are not going away anytime soon (if ever!)[/su_quote]

 

[su_row][su_column size=”1/2″ center=”no” class=””][su_button url=”https://www.xservus.com/servicecat/strategy-architecture/” target=”blank” style=”flat” background=”#efaf0d” size=”8″ wide=”yes” radius=”0″]Strategy & Architecture[/su_button][/su_column]

[su_column size=”1/2″ center=”no” class=””][su_button url=”https://www.xservus.com/servicecat/cyber-security/” target=”blank” style=”flat” background=”#4ad8f0″ size=”8″ wide=”yes” radius=”0″]Cyber Security Assessment[/su_button][/su_column][/su_row][su_button url=”https://www.xservus.com/newsletter/” target=”blank” style=”flat” background=”#000000″ size=”8″ wide=”yes” radius=”0″]NEWSLETTER[/su_button]

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *