Three Recent Cyber Attacks and What They Teach Us

cyber-attacksHistory teaches us that cyber threats are not merely the stuff of Hollywood movies, or only relevant to ‘someone else.’ They are real. They are happening now. And without proper protection your system—and even the continued operations of your business—can be greatly compromised.

As we’ve detailed in previous blog posts, a malicious cyber attack can be devastating to your business—from the loss of information or money, to the loss of confidence from your customers. Our blog post on Cyber Insurance for example, outlined how general insurance policies exclude cyber threat protection, leaving a business liable for losses associated with data destruction, ransomware, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud and privacy violations.

Let’s dive into three recent attacks and see how a lack of safeguards crippled businesses.

WannaCry

This worldwide ransomware attack occurred in May 2017 and targeted computers running Microsoft Windows. It encrypted data and demanded ransom payments to decrypt them.

The attack hit on Friday, May 12. Within a day it affected more than 230,000 computers in more than 150 countries. Among its victims was the UK National Health Service. Hundreds of UK health clinics were affected, as were several hospitals. As reported by online trade publication techrepublic.com, “The incident forced surgery delays, cancelled appointments, and generally made a mess of healthcare for several days.”

A fortuitous discovery by a 22-year-old web security researcher from England found a flaw in the virus, which dramatically slowed the infection. Still, his discovery, and subsequent patches provided by Microsoft and others, were too late to help computers already infected. Also, new strains have since been detected that continue to spread, and are significantly more difficult to halt.

According to security software company Symantec: “WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting critical vulnerabilities in Windows computers.”

When your files are encrypted and you have no viable backups, what are your options? As of June, it is estimated that just over $130,000 of ransomware had been paid to the perpetrators of this attack.

Pinkslipbot

Pinkslipbot is a worm capable of spreading over a network, downloading files, controlling networks and stealing user information. First introduced in 2011, once a computer is infected, Pinkslipbot can extract email addresses, accounts, certificates, web addresses, and login credentials, allowing cyber terrorists the ability to compromise banking information, credit card information and engage in personal identity theft.

Pinkslipbot is a derivative of Qakbot, a virus that emerged in the late 2000’s and has been a continual source of problems and threats, with new variants continuing to pop up—a particularly malicious strain was detected as recently as May, 2017.

From a post on business technology news website zdnet.com, “There has been a resurgence of the malware, according to [Cyber security software company] Cylance, which had been made even more evasive and persistent with new, polymorphic features that enable the malicious code to squat in business networks for longer.” Unlike ransomware, this malware does not lock out a system, but uses stolen credentials to “spam neighboring hosts and disrupt corporate activities. In turn, this may result in the compromise of additional hosts and further spread.”

CryptoLocker

The CryptoLocker ransomware attack started in September 2013 and continued for more than 20 months. The virus targeted computers running Microsoft Windows, encrypting files and offering to decrypt the data only if a payment was made by a certain date. While the virus was fairly easy to remove, the affected files remained impossible to decrypt without the ransomware payment.

The exact amount of money the operators of CryptoLocker successfully extorted vary wildly, but some sources put that number at close to three million dollars. The University of Kent released a survey reporting 40% of CryptoLocker victims paid ransom. According to the same report, “28.2% of respondents in the survey claim not to engage in any security practices online, such as using antivirus software, firewalls and password management tools.”

Avoid The Next Threat

While no one knows what threat will hit next, the one thing everyone can agree on is that every business needs to be prepared for the worst.

Our blog post on  Four Foundational Layers Every Organization Should Have outlined the importance of back-up protection, strong email security, artificial-intelligence-based security and other critical programs that can self-guard against cyber attacks.

As history shows us, getting rid of malware is at best a challenge, likely expensive, and at worst, impossible. That’s why formulating a multi-layered plan including continual back ups and implementing best practices, such as employee education, is of paramount importance. Single Path can help you get protected and stay protected. We work with small- to mid-size businesses like yours, creating a multifaceted approach that will leave you prepared for the next headline-creating cyber threat.

At Single Path we’re ready to work with you, and discuss our array of security offerings. Our certified and highly skilled security specialists understand the complexities of protecting your network, and our security solutions leave you feeling confident and secure.

Let’s make sure the next cyber attack doesn’t cripple your business and make you a footnote to tomorrow’s headlines.

Ask us how to get started!

Find out what else is happening at Single Path. News ›