Cyberattacks in 2018 and Beyond: Don’t Let the Next Cyberattack Be Yours
In just October of 2017, fifty-five million records were leaked as a result of just three attacks:
- BadRabbit: Ransomware distributed using “drive by attacks” can infiltrate while visiting a legitimate website.
- FirstHealth: A North Carolina healthcare network had its entire computer system threatened by a malware virus causing their entire network to be disabled for days.
- R6DB: A gaming service for the popular video game Rainbow 6 went down under pressure from a hacker who was wiping their database and holding it for ransom.
No one ever expects to be the next headline, but unfortunately everyone who uses the Internet is vulnerable to cyberattacks. On March 7, 2017, Wikileaks released the largest leak of C.I.A. documents in history. The media organization published a data trove containing 8,761 supposedly stolen documents from the CIA that contained extensive documentation of alleged spy operations and hacking tools. The attack became known as “Vault 7.” Reporting on the breach, Wired Magazine uncovered, “Revelations included iOS and Android vulnerabilities, bugs in Windows, and the ability to turn on some smart TVs into listening devices.” Vault 7 revealed several hundred million lines of code, including more than a thousand hacking systems, Trojans, viruses, and what Wikileaks referred to as “weaponized” malware.
Shortly after Vault 7, Equifax suffered a major security breach when they failed to promptly install a security patch to fix a flaw found in a web application tool used by many major corporations. For two months hackers were able to take advantage of the flaw to breach Equifax’s digital defenses. The hackers accessed 147.9 million people’s information and counting, including social security numbers, birth dates, addresses, and some driver’s licenses as well. The full extent of the breach is still undetermined, and the number of individuals who had their personal information exposed continues to grow. In March of 2018 it was revealed an additional 2.4 million people were affected. Almost a year after the fact, Congressional probes and hearings are still attempting to figure out what’s going on and how such a significant breach occurred.
In June of 2018, Coinrail, a South Korean virtual currency exchange, was the target of an attack that saw billions of dollars in cryptocurrency wealth wiped out. Coinrail lost about 30% of its virtual currencies in the attack. According to CNN, “The news sent shockwaves through virtual currency markets.” The value of Bitcoin dropped more than 7% immediately following the attack. Major cyberattacks, like the one on Coinrail, aren’t always felt within the walls of the company being attacked. In the case of Coinrail’s attack, the markets reacted globally to the threat causing millions in additional loses.
Cyber threats can affect everything that is connected to the Internet. The Internet of Things (IoT) is the connection between the Internet of computing devices embedded in everyday objects and enabling them to send and receive data. Objects like smart refrigerators, FitBits, webcams, smart TVs, and even thermostats and light bulbs all have connectivity with the Internet, which means they are all at risk of a cyber threat.
The rapid rise of IoT devices available just commercially are enabling a substantial number of connected devices. The popularity of personal voice assistants like the Amazon Echo are there to make life easier for its users, but its reliance on the Internet also make it a prime target for attacks.
IoT has impacted six large industries in particular: agriculture, healthcare, retail, transportation, energy, and manufacturing. The healthcare industry has utilized IoT devices to great effect, and with great results. Hospitals are able to connect an MRI machine and other medical devices to the Internet. This connection alerts hospital staff when any maintenance or repairs are needed to the equipment. Having such a simple alert system in place thanks to IoT technology, hospitals are able to keep their equipment in better working order to save even more lives. There are so many positive features to IoT, which is why so many companies heavily rely on the maturing technology. But, organizations need to be aware of the potential threats and create a meaningful cybersecurity strategy around these devices as well, and not just focus on the security of their computers and software.
Artificial Intelligence (AI) systems also pose their own risks to organizations using, or looking to use, that technology. AI systems are machines capable of learning algorithms and techniques that mimic cognitive functions associated with humans. The main difference – machines never sleep. On top of that, AI systems are capable of processing data significantly faster than a human workforce. The cyber risk associated with AI systems is the ability to infiltrate an IT infrastructure and stay on, undetected, for an extended period of time. The AI systems may remain hidden while launching powerful attacks of identity theft, denial-of-service (DoS), and password cracking. At this time, automated attacks are limited, and humans must target and trigger the attacks. However, in the near future, attacks will become increasingly more sophisticated. This includes spear phishing attacks that gather, organize, and process database information to create a unique email that does not appear to be malicious. AI systems could also pull information from several sources to identify the most effective time to attack a company’s database. For example, AI could identify when an individual is out of town, and access bank records while they are unable to access or be alerted of the malicious activity until they return.
As threats to organizational information systems and data become increasingly common, it is crucial organizations understand the basic elements of cybersecurity and the growing threats these cyberattacks pose. As the technology and methods used to conduct business evolves, so does the methods to conduct cyberattacks. Threats to organizational cybersecurity have grown at an alarming rate, and the successes of cyberattacks have grown with it. Without proper systems and protocols in place, and a firm understanding of the risks, any organization can fall victim to a cyberattack.