Definition of a Cyberattack (NIST): An attack via cyberspace targeting an enterprise's use of cyberspace for the purposes of disrupting, disabling, destroying, or maliciously controlling a computer environment/infrastructure, destroying data integrity, or stealing controlled information.
Types of Cyberattacks:
Untargeted Cyberattacks: Attackers target as many devices, services, or users as possible, exploiting any vulnerability they find.
Techniques used include phishing, waterholing, and ransomware.
Phishing: Sending emails to a large number of people to solicit sensitive data (e.g., bank details) or direct them to fake websites. It's crucial to exercise caution with phishing attempts.
Waterholing: Attackers set up fake websites or compromise legitimate ones to exploit visiting users.
Ransomware: Malware encrypts files on a system and demands a ransom for their release, typically paid via Bitcoin. A countdown timer is often used to create urgency.
It's generally advised not to pay the ransom, as this can make you a repeat target.
Maintain backups of files on external or cloud storage.
Thoroughly clear systems post-attack to eliminate malicious software.
Targeted Cyberattacks: Attackers single out a specific organization or person due to interest in their business/personal data or by being paid to do so.
Attacks can take months to plan to find the best route for exploitation.
More damaging than untargeted attacks because they can be tailored to specific systems, processes, or personnel, especially with more people working from home.
Examples include spear phishing and botnet deployment.
Spear Phishing: Sending emails to targeted individuals containing malicious software or links.
Be suspicious of requests for information or access.
Enable email spam filters.
Confirm the identity of the sender by requesting more information.
Carefully inspect links before opening them.
Botnet Deployment: Used to deliver distributed denial of service (DDoS) attacks.
Cost of Cybercrime
Economic Impact: Cybercrime is predicted to inflict 6,000,000,000,000 globally in 2021, which would make it the world's third-largest economy if measured as a country, after the USA and China.
Increase in Costs: Hidden costs of cybercrime have risen by approximately 50% since 2018, when they were estimated at 600,000,000,000.
Biggest Threats: Loss of money and intellectual property remains one of the most damaging effects of cyberattacks, but company performance can suffer due to decreased productivity.
Cybercrime Costs Include:
Damage and destruction of data.
Stolen money.
Lost productivity.
Theft of intellectual property.
Theft of personal and financial data.
Embezzlement.
Fraud.
Post-attack disruption to normal business operations.
Forensic investigation.
Cyber Kill Chain
Stages of an Attack: Regardless of the type of attack, there are several common stages. Persistent adversaries may repeat stages.
Purpose: Attackers probe defenses for weaknesses to exploit, moving closer to their goal.
Adapted Cyber Kill Chain (Based on Lockheed Martin's Model):
Survey: Attackers investigate and analyze available information about the target to identify potential vulnerabilities.
They use open-source information (LinkedIn, Facebook, social media), commodity toolkits, and network scanning tools.
User error can reveal information (e.g., releasing network info on forums, neglecting to remove hidden properties from documents).
Social engineering can exploit user naivety.
Delivery: Attackers position themselves to exploit identified vulnerabilities.
Examples include accessing online services, sending malicious links/attachments via email, distributing infected USBs, or creating false websites.
The crucial decision is selecting the best delivery path to breach defenses.
In a DDoS attack, multiple connections can prevent access for others.
Breach: Harm to the business depends on the vulnerability and exploitation method.
Attackers make changes to affect system operation, gain access to online accounts, or achieve full control of a user's device.
They may impersonate the victim to access other systems or information.
Effect: Attackers explore systems, expand access, and establish persistence (consolidation).
Taking over a user's account guarantees a persistent presence.
With admin access, they install scanning tools to discover more about the networks and take control of more systems.
They avoid triggering monitoring processes or disable them.
Attackers continue until they achieve goals, such as retrieving intellectual property, making unauthorized changes (e.g., financial), or disrupting business operations.
Capable attackers remove evidence of their presence or create an access route for future visits.
Some attackers aim to cause significant damage and advertise their success.
Actual Kill Chain (Adapted):
Reconnaissance and information gathering.
Scanning.
Gain access.
Maintain access.
Clear traces of attack.
Recent Cyberattacks
SolarWinds Hack: Discovered in December, affecting as many as 250 networks globally (government bodies and private corporations).
Attackers circumvented threat detection techniques by managing intrusion through multiple U.S.-based servers and mimicking legitimate network traffic.
Stuxnet: A computer worm initially aimed at Iran's nuclear facilities.
Destroyed centrifuges in Iran's uranium enrichment facility by causing them to burn out.
Modified to target water treatment plants, power plants, and gas lines.
Traveled via USB sticks and spread through Windows computers.
Searched for Siemens Step seven software on PLCs (industrial computers).
Updated code over the Internet and sent damage-inducing instructions to electromechanical equipment.
Sent false feedback to the controller, masking the problem until equipment self-destructed.
WannaCry: Crypto-ransomware that targeted computers using Microsoft Windows.
Encrypts data and demands payment in Bitcoin.
Exploited a vulnerability known as EternalBlue.
Microsoft released a security patch two months before the attack, but many users didn't update their systems.
FireEye Hack: The largest theft of cybersecurity tools since the 2016 NSA breach by the Shadow Brokers.
Hackers used thousands of new IP addresses, many within the U.S., to conceal their whereabouts.
Frequency of Attacks: A hack occurs every 39 seconds (increased since COVID-19).
Experiment with Linux Machines: Graduate students set up weakly secured Linux machines and recorded attacks.
Most attacks came from unsophisticated hackers using dictionary scripts.
"Root" was the most commonly guessed username.
Hackers often re-entered usernames as passwords.
After gaining access, they checked software configuration, changed passwords, downloaded and installed programs, and set up backdoors and botnets.
Botnets are collections of compromised computers controlled remotely by hackers.
Human Factor: Passwords
Common Passwords: In 2016 and 2020, "123456" remained a top password.
Password Security Tips:
Avoid dictionary terms.
Use a passphrase instead.
Use a variety of characters.
Use a password manager.
Use different passwords for each site and application.
Website to Check Password Security: How secure is my password?
Example: "John is my uncle" could take up to a year to crack.
2021 Global Risk Report
Increased Attacks on Home Networks: Hackers leverage the shift to remote work to attack vulnerable home networks.
COVID-Related Scams: 12,300+ recorded.
Reasons for Breaches:
More businesses using online banking and e-commerce.
Abrupt shift to remote work, leading to security shortcuts.
Impact on Small to Medium Businesses: 60% may fail within six months due to cyberattacks.
Industries Favored by Cybercriminals:
Healthcare: Ransomware is a top threat, with breaches occurring almost daily, affecting millions of patient records.
Healthcare facilities have unpatched vulnerabilities and use legacy hardware/software.
Pacific Alliance Medical Center breach in 2017 exposed 266,000+ patient records.
Government Agencies: Treasure troves of confidential information with known vulnerabilities.
Universities: High number of cyberattacks due to data-rich registration offices.
A higher education cyberattack exposed 1,300,000 identities.
Risk Level: Cyberattacks and data fraud are among the top global risks, comparable to another global outbreak like COVID-19.
Increase in Cybercrime Since COVID: A 300% increase in reported cybercrime.
Healthcare Data Breaches: Increased significantly from 2019 to September 2020.
The increase is due to a ransomware attack on the cloud software company Blackboard in May 2020.
Hackers gained access to servers housing fundraising databases of higher education, third sector organizations, and healthcare providers.
Personal data (social security numbers, financial information) was exfiltrated.
Stolen customer data were not published onto any dark websites.
Future of Attacks
Attacks are Evolving: Getting more advanced, persistent, and stealthy; some leveraging AI.
Expanded Attack Surface: Trends like hybrid cloud, IoT, and mobile devices enlarge the attack surface; traditional defenses are outdated.
Internet of Things (IoT): If criminals hack one device, they gain access to all connected devices, both professional and personal, enabling large-scale DDoS attacks.
Estimated 75,000,000,000 IoT devices by 2025.
AI Systems: Can analyze and break into secure systems faster than humans, causing widespread disruption.
Attacks on Blockchain Systems: Increasing, causing cyber protection headaches.
Criminals hack the entire blockchain system to access all information, leading to spoofing and identity theft.
Cryptojacking involves mining cryptocurrencies for criminal wallets.
Worms: Used more frequently to spread malware.
Compromise networks faster than other methods.
Propagate rapidly and bypass firewalls.
Solutions
Security Model: CIA Triad
Confidentiality: Information not disclosed to unauthorized individuals or entities.
Integrity: Accuracy and completeness of data over its entire lifecycle.
Availability: Ensuring data is available when needed.
Key Elements: People, processes, and technology need to be consistent and continuously improved.
Conclusion
Cybercrime is a significant threat to individuals and companies.
Evolving technology leads to evolving hackers.
Stay informed and learn from cyber statistics and facts.
Useful Links
Have I been pawned?: Discover if your email has been compromised.
Bleeping Computer: Cybersecurity news and analysis site.
Phishing Quiz: Test your ability to spot phishing emails.