The impact of Cybercrime continues to rise each year with the ongoing development of rogue software and ever more sophisticated cyber attacks. From 2013 to 2015 the cyber crime costs to business and individuals quadrupled, and it looks like there will be another quadrupling from 2015 to 2019. Juniper Research recently predicted that the rapid digitisation of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.
The below are five particularly concerning forms these attacks have taken. This article will provide a general overview to 2017’s most prevalent Global Cyber Attacks and the appropriate countermeasures NSI Global Counter Intelligence recommends you take.
Perhaps the most prevalent of cyber security issues, ransomware is the method of holding an organisation to ransom for cash. Banks, healthcare organisations, and various other industries are susceptible to ransomware attacks. Typical Ransomware uses one mechanism to infect. It usually spreads when people open emails containing infected links, or by opening attachments such as Word documents that are infected with malware. Once enabled, the Word file installs the program in the background. Once downloaded, all the data on the computer is encrypted, and the hacker presents the option to pay a ransom, usually via Bitcoin, to decrypt the files.
In the past, if you didn’t click on the infected link or attachment, the ransomware could not be installed. Ransomware has evolved in 2017 with an example being the recent outbreak of Wanacrypt. WanaCrypt, WCry, WannaCry, WanaCryptor 2.0 Ransomware allows remote hacking to unpatched computers WITHOUT the user’s knowledge or involvement.
Phishing / Spear Phishing
One of the oldest known data and security threats, phishing attacks have become sophisticated and targeted over the years, leading to Spear Phishing. Spear Phishing is an act of using email communication to send messages from a trusted account to an unsuspecting receiver, usually with the intent of extorting money. An upgraded version of this strategy is called “whaling” where high-net-worth individuals are targeted with the same intent. The FBI is well aware of these scams, which it terms as “business email compromise” scams. In 2016, Spear Phishing attacks through social media grew 500 percent. An example of this is a case where a senior finance executive with Mattel approved a $3 million transaction to the Bank of Wenzhou, China, which was a spearphishing attack.
Malware is the commonly referred to name for a broad range of malicious software. This can include: computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords. Malware can be concealed through a Virus, Trojan Horses, Rootkits, Backdoors, and evasion.
DoS / DDoS Attacks
By now, the Internet of Things (IOT) system connects around 8.4 billion things in the world, opening the way for DDoS attacks on an enormous scale. In 2016, the DNS provider DYN pointed the world to the Mirai botnet which was launched from multiple IoT connected devices. This attack on the Internet infrastructure led to serious website downtime, including sites like GitHub, Twitter, and the PlayStation Network. It was found that the ISP’s were ill-equipped to deal with the DDoS attacks, raising a question about how our IoT devices are vulnerable and what can be done to protect systems.
Man In The Middle Attacks (MITM)
“A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.” This can take the form of active eavesdropping. When this occurs, the attacker makes independent connections with the victims and relays messages between them to make them think that they are talking directly to each other over a private connection, while in fact the entire conversation is monitored and controlled by the attacker. The attacker is able to intercept all messages between the two victims and inject new ones. An example of this is where an attacker within reception range of a wireless access point can insert themselves as a man-in-the-middle.
NSI Recommended Cyber Attack Countermeasures for the Layman
About NSI Global Counter Intelligence
NSI Global Counter Intelligence is an Australian owned Global Geopolitical Risk and Counter Intelligence Advisory Firm. NSI has an interdisciplinary team of employees and partners in strategic locations around the globe.
Our Best in Class Services include:
Our specialists have provided consultation, and have been interviewed numerous times by major media outlets such as:
NSI is called upon for its expertise by corporations in the Mining, Oil and Gas Industries, Financial Institutions, Insurance Companies, Law and Accounting Firms, Government agencies and High Net-Worth individuals. Our services are available globally with local offices in Sydney, Dubai, Hong Kong, and Singapore. To book a confidential consultation, feel free to contact our team.