You know what's going to happen. The unsuspecting user receives a phishing email. Some big brand company that should already have their data wants them to verify their details. The victim visits the verification link contained in the email. He/she is prompted to enter his/her login information into a fake verification form. After obtaining the person's ID and password, the hackers use their credentials, along with information on the victim's social media profiles, to figure out their corporate login information. Next thing you know, the network drives are automatically encrypting data, and all hell breaks loose.Sound like something that would never happen to you? I bet that’s what Sony execs thought until hackers used a fake Apple ID verification email to get their credentials and release a strain of malware known as “Wiper,” which succeeded in crippling the company’s computer networks.
Some of this year's top cyber security attacks read much the same; like scripts for B-grade horror flicks. Administrators locking doors and windows, only to leave the cellar door gaping open; ignoring strange signs until something heinous happens; hiding out in a rickety shack while zillions of zombies claw their way through every orifice. Is there anything you can do to avert the nightmare. If you need an answer to this question right now …Skip to the end, and see.
Here’s our line-up of the top 6 cyber security horror stories of 2017... so far:
1. Credit Rating Agency: Equifax
Billed as the worst data breach in history. Attackers stole half the US population's Social Security numbers, credit card numbers, and other personal details over a period of two and a half months. Equifax admitted it was aware of an application vulnerability on one of their websites ... a full two months before hackers gained access to their data! Apparently, they wanted to 'identify' the vulnerability first, then implement and test a patch to make sure it didn't break anything before going live. We're all for testing, but leaving the window open to personal data of 143 million people?
2. Accountancy Firm: Deloitte
Global consultancy firm Deloitte was hit by a cyber attack when the company's systems were compromised through an unsecured 'administrator account', allowing access to internal files. The attack compromised emails, usernames, passwords, health information, and details of Deloitte's clients. In this case, Deloitte failed to deploy a simple security measure, two-factor authentication – something they strongly recommend to clients – exposing large pools of data. No use boarding up the doors and windows when the cellar isn’t chained closed.
3. News Media: Al Jazeera
At the height of the Qatar debacle, a DDoS attack brought Qatar's Al Jazeera website to its knees. The assault affecting Al Jazeera's websites and digital platforms followed a hack of the state news service that resulted in the promotion of 'fake' news; within days, Saudi Arabia, the UAE, Egypt and Bahrain accused Qatar of supporting "terrorism", cut diplomatic ties and closed their borders. The online attacks against Al Jazeera focused on its DNS resolution service, causing intermittent resolution failures. This one not only took out a news agency but an entire country – reminding us of World War Z.
4. Medical: British National Health Service (NHS)
This year, the NHS became the highest-profile victim of a global ransomware attack, prompting renewed concern about the strength of its infrastructure. When WannaCry swept across the globe, locking computers and demanding payment, the NHS was worst hit. It wasn't that attack was targeted at them specifically, just that their systems particularly vulnerable – they were still running a 16-year-old operating system, Windows XP. Security experts concluded that running operating software introduced before 2007 was not a wise decision.
5. Government: UK Parliament
A month after hackers took down the NHS, the UK Parliament came under attack. The attack came days after it was revealed that hackers were trying to crack weak login credentials used by “all Parliamentary user accounts”. When the digital services team made changes to accounts to block out the hackers, they effectively blocked every MP including Theresa May, the prime minister, and her cabinet ministers for dealing with constituents. After trying to repel zombies with pool cues, the digital services team figured; lock down the system, go to the pub, have a nice cold pint, and wait for all of this to blow over.
6. Financial Services: Bitfinex
Bitfinex, the world’s largest US dollar-based Bitcoin exchange, underwent a DDoS attack that saw over the US$70m worth of Bitcoin getting stolen. While Bitfinex often faces a DDoS attack which slows down services or makes the platform completely inaccessible, both the front-end and API access were all impacted by this “severe” attack – watch out the leprechauns don’t nick your pot of Bitgold this Halloween.
Cybersecurity attacks are growing more and more sophisticated; hackers use hard-to-spot techniques to disguise their identity and motives and take advantage of their targets’ lack of resources, procrastination and carelessness. The bottom line: IT professionals need to act decisively to protect users and customers.
While some industries must do their best with limited resources and lack access to experienced cybersecurity professionals, there are proactive measures that can be taken to alert against intrusions. Messageware OWA Guard provides real-time reporting and alerts of suspicious login activity to protect your business … all you have to do is make sure you chain the cellar door!
Click here to learn more about real-time reporting and alerts of suspicious logon activity.