Recent cyberattacks show worrying trends
8 March 2018 | 0
While cyberattacks may be simply described as an attack launched from one or more computers against another, multiples or networks of computers, this simplicity belies the spectrum of motivations behind them.
Cyberattacks might be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer’s data and perhaps gain admin privileges on it. There are a variety of techniques attackers use to achieve those goals, including:
- Malware (malicious software) downloaded to a target computer that can do anything from steal data to encrypt files and demand ransom
- Phishing emails that are crafted to fool victims into giving up passwords or taking some other harmful action
- Denial of Service attacks, which overwhelm a web server with bogus traffic
- Man in the middle attacks, which fool the target computer into joining a compromised network
And, of course, these techniques can be used in tandem. For instance, phishing emails may try to trick users into downloading malware.
Every year brings new security breaches, but this year has seen some of the most egregious and disturbing since the dawn of the internet age. From a data breach of one of the credit agencies that maintain personal data on every single US citizen (e.g. Equifax) to possible state-sponsored malware attacks that use plundered NSA exploit code, 2017 has been rough on IT security.
The most important statistic about 2017 cyberattacks is that they are expected to cause $5 billion (€4 billion) worth of damages. That is a staggering fifteen-fold increase over just two years ago, according to CyberSecurity Ventures.
The future looks equally grim: cybercrime damage is expected to hit $6 trillion (€4.85 trillion) annually by 2021, with cybersecurity spending to hit $1 trillion (€807 billion) over the next four years. And the industry is going to need 3.5 million new cybersecurity workers to clean up the mess.
Biggest cyberattacks of 2017-2018
Deciding which cyberattacks were the worst is, arguably, somewhat subjective. Those that made our list did so because they got the most notice for various reasons — because they were widespread, perhaps, or because they were signals of a larger, scary trend.
Without further ado, here are the biggest cyberattacks in recent history:
WannaCry was a ransomware attack that spread rapidly in May of 2017. Like all ransomware, it took over infected computers and encrypted the contents of their hard drives, then demanded a payment in Bitcoin in order to decrypt them. The malware took particular root in computers at facilities run by the United Kingdom’s NHS.Malware isn’t anything new, though. What made WannaCry significant and scary was the means it used to propagate: it exploited a vulnerability in Microsoft Windows using code that had been secretly developed by the United States National Security Agency. Called EternalBlue, the exploit had been stolen and leaked by a hacking group called the Shadow Brokers. Microsoft had already patched the vulnerability a few weeks before, but many systems hadn’t upgraded. Microsoft was furious that the US government had built a weapon to exploit the vulnerability rather than share information about the hole with the infosec community.
Petya was just another piece of ransomware when it started circulating via phishing spam in 2016; its main claim to fame was that it encrypted the master boot record of infected machines, making it devilishly difficult for users to get access to their files.Then, abruptly in June of 2017, a much more virulent version of the malware started spreading. It was different enough from the original that it was dubbed NotPetya; it originally propagated via compromised Ukrainian accounting software and spread via the same EternalBlue exploit that WannaCry used. NotPetya is widely believed to be a cyberattack from Russia against Ukraine, though Russia denies it, opening up a possible era of states using weaponised malware.
While this one might not have been as high-profile as some of the others on this list, it deserves a spot here due to the sheer amount of money involved. Ether is a Bitcoin-style cryptocurrency, and $7.4 million (€5.97 million) in Ether was stolen from the Ethereum app platform in a manner of minutes in July. Then, just weeks later came a $32 million (€25.8 million) heist. The whole incident raised questions about the security of blockchain-based currencies.
The massive credit rating agency announced in July of 2017 that “criminals exploited a US web site application vulnerability to gain access to certain files,” getting personal information for nearly 150 million people. The subsequent fallout enraged people further, especially when the site Equifax set up where people could see if their information had been compromised seemed primarily designed to sell Equifax services.Ed Szofer, CEO of SenecaGlobal, says the Equifax breach is particularly bad “because they had already been told about the fix — it needed to be implemented in a tool called Apache Struts that they use — well before the breach even happened. And yet they failed to do so fully in a timely manner. To prevent such breaches from happening requires a shift in culture and resources; this was not a technical issue, as the technical fix was already known. Equifax certainly had the resources, but it clearly did not have the right culture to ensure the right processes were in place and followed.”
- Yahoo (revised)
This massive hack of Yahoo’s email system gets an honourable mention because it actually happened way back in 2013 — but the severity of it, with all 3 billion Yahoo email addresses affected, only became clear in October 2017. Stolen information included passwords and back-up email addresses, encrypted using outdated, easy-to-crack techniques, which is the sort of information attackers can use to breach other accounts. In addition to the effect on the account owners, the breach could spawn a revisiting of the deal by which Verizon bought Yahoo, even though that deal had already closed.The truly scary thing about this breach is that the culture of secrecy that kept it under wraps means that there is more like it out there. “No one is excited to share a breach, for obvious PR reasons,” says Mitch Lieberman, director of research at G2 Crowd. “But the truth eventually comes out. What else do we not know?”
On February 28, 2018, the version control hosting service GitHub was hit with a massive denial of service attack, with 1.35 TB per second of traffic hitting the popular site. Although GitHub was only knocked offline intermittently and managed to beat the attack back entirely after less than 20 minutes, the sheer scale of the assault was worrying; it outpaced the huge attack on Dyn in late 2016, which peaked at 1.2 TB per second.More troubling still was the infrastructure that drove the attack. While the Dyn attack was the product of the Mirai botnet, which required malware to infest thousands of IoT devices, the GitHub attack exploited servers running the Memcached memory caching system, which can return very large chunks of data in response to simple requests
Memcached is meant to be used only on protected servers running on internal networks, and generally has little by way of security to prevent malicious attackers from spoofing IP addresses and sending huge amounts of data at unsuspecting victims. Unfortunately, thousands of Memcached servers are sitting on the open internet, and there has been a huge upsurge in their use in DDoS attacks. Saying that the servers are “hijacked” is barely fair, as they will cheerfully send packets wherever they are told without asking questions
Just days after the GitHub attack, another Memecached-based DDoS assault slammed into an unnamed US service provider with 1.7 TB per second of data.
IDG News Service