Cyberterrorism Make You #Wannacry?
July 13, 2017
Early in 2017, the Wannacry ransomware attack spread through 150 countries, taking down large enterprises and individuals alike. Despite taking control of data on approximately 200,000 computers throughout the world, the Wannacry ransomware attack is only estimated to have taken in $50,000. This highlights a chilling fact: cyberterrorism is everywhere and cybercriminals are willing to embark upon these missions for relatively low stakes.
The Growth of Cyberterrorism
Large scale cyberattacks are occurring with increasing frequency. This is due to a combination of factors occurring throughout the technology sector. The "Internet of Things" has weakened many infrastructures through the addition of numerous unsecured endpoints. This has made it easier to create botnets and to access otherwise secured systems. Technology is becoming easier to access as well; cybercriminals are able to take advantage of superior processing power to reach additional targets.
Cyberterrorists are now more organized than ever. There are entire "companies" in other countries that are created with the sole purpose of organized phishing and hacking. These attacks occur on a global scale but they originate from countries in which overhead is very inexpensive. Because cyberterrorism is reasonably cost effective, it explains why massive targets are attacked so often. With these specialized attack groups in place, cybercriminals have the resources and dedicated time to keep prodding premium targets until they find a weakness.
The Most Common Cyberterrorism Attacks
- Ransomware -- Wannacry was a classic ransomware attack. Ransomware attacks infect a system, encrypting the data and holding it hostage. The cybercriminal will then request that money be wired to a bank account or sent to them via a cryptocurrency such as Bitcoin. Theoretically, once the money is received, the ransomware will automatically unlock the data. Ransomware is particularly notable because of how devastating it can be and how highly preventable it is. Ransomware can bring a business to a grinding halt -- or lock away an individual's most important digital files. But it's also not difficult to defend against.
- Phishing -- Phishing attacks are a social engineering technique. A cybercriminal will attempt to collect information from a target through email, instant messenger or even phone. They will then use this information either to gain access to a system or to steal an individual's identity.
- DDoS -- Unlike other types of cyberattacks, DDoS attacks generally aren't completed with the purpose of financial gain. Instead, DDoS attacks are initiated for the purpose of disruption. A Distributed-Denial-of-Service attack floods a system with unnecessary traffic, thereby making it impossible for the system to respond to legitimate inquiries. This can also break a system in unexpected ways. In the worst-case scenario, entire networks can be taken offline, resulting in lost website traffic, revenue, and employee productivity, not to mention the adverse impact to a company's reputation. In the best case scenario, systems and websites can still be disrupted and experience slowdowns that hinder normal operations.
Protecting Yourself and Your Business from Cyber-Terrorism
Most businesses will experience a cyber-attack at some point -- and many individuals will as well. Protecting oneself from cyberterrorism is generally a matter of being extremely proactive. Effective cybersecurity requires a mix of security software solutions and better security habits.
- Comprehensive cyber security solutions -- Anti-malware products, anti-virus solutions, and firewalls are all used together to detect and mitigate cybersecurity attacks. Today there has been a trend towards all-in-one threat detection systems, often called "unified threat management." Otherwise companies and individuals may need to rely upon multiple solutions at once, which could lead to a security gap if they are not kept updated.
- Better and more secure passwords -- Unique and lengthy passwords should be used throughout all secured systems. Ideally, two-factor authentication should also be used. Two-factor authentication secures a system with both a password and access to a secondary service, such as a mobile phone or an email account.
- Avoiding unsecured systems -- The Internet of Things, open wireless access points and public computers represent potential vulnerabilities. Businesses and individuals should always make sure their IoT devices are appropriately secured, and should avoid the use of public access points and utilities.
- Complete and timely backups -- As mentioned, ransomware can actually be protected against quite easily. The way to protect against ransomware is simply to keep complete and timely backups of your system. As long as you have access to your own data (and you have kept your data properly password protected and encrypted), you can always simply wipe your computer or your device and restore your information.
Cybercrime is constantly advancing. It is becoming more sophisticated and more pervasive. Companies and individuals need to protect themselves and educate themselves if they want to avoid a technological disaster. If you're concerned about cybersecurity, you should begin by protecting yourself through a comprehensive security solution. You should also make sure that all of your personal and important accounts are locked down -- and you should learn about common risk factors. Be aware of where your data is and whether or not it's protected -- and keep complete backups for everything important to you. Protecting against cybercrime can be daunting, but there are many ways to reduce your own risk factors.
About the MRC Blog
The MRC Blog publishes four monthly articles focusing on a particular theme each month relating to fraud, payments, risk, cybersecurity, data, technology and other emerging eCommerce trends. Open to members and non-members alike, this forum is intended to educate, inform and provoke new ideas surrounding the most relevant issues in eCommerce. Interested in learning more about the MRC or MRC membership? Contact us!