Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label WannaCry. Show all posts

Top 5 Notable Cyberattacks in Modern Warfare

 

Warfare is no longer restricted to traditional battlefields; in the digital age, cyberspace has emerged as a new arena of conflict. Nations now engage in cyber battles using lines of code and advanced malware instead of conventional weapons.

A recent incident in May highlighted this shift when around 270,000 payroll records of the UK's armed forces were compromised in a data breach. While the UK government did not explicitly name a culprit, several ministers suggested China as the likely perpetrator. The Chinese government has denied any involvement.

This incident is just one in a series of cyberattacks targeting governments, their institutions, and personnel. Here are five notable examples:

  • Stuxnet, 2010: Stuxnet was the first major cyberweapon known to the world. This sophisticated worm, which replicates itself to spread across computer networks, specifically targeted Iran’s nuclear program. Unlike typical malware, Stuxnet was designed to infiltrate and disrupt uranium enrichment processes by causing centrifuges to malfunction while sending false data to monitoring systems, making the damage invisible to operators. Widely believed to be a joint effort by the US and Israel, Stuxnet not only delayed Iran's nuclear ambitions but also raised serious concerns about the potential for cyber tools to cause physical destruction, sparking debates on the ethics of state-sponsored cyberattacks.
  • WannaCry, 2017: In May 2017, the WannaCry ransomware attack locked up hundreds of thousands of computers across over 150 countries. Exploiting a vulnerability in Microsoft Windows, WannaCry encrypted users' files, demanding Bitcoin payments to unlock them. The attack severely impacted sectors including healthcare, with the UK's NHS particularly affected; at least 81 health trusts were compromised, leading to canceled appointments and diverted emergency services, costing the NHS an estimated £92 million. The spread of WannaCry was halted by a security researcher who identified a "kill switch," but not before it demonstrated the risks of outdated software. The attack was attributed to North Korean hackers.
  • NotPetya, 2017: Later in 2017, Ukraine experienced a devastating cyberattack known as NotPetya, which quickly spread internationally. Disguised initially as ransomware, NotPetya encrypted data but provided no way for victims to recover their files. Targeting Ukraine's government, financial sector, and energy companies, it disrupted essential services. The malware also affected global companies like Maersk and Merck, causing billions in damages. The attack, widely attributed to Russian state-sponsored hackers aiming to destabilize Ukraine, was described by the White House as the "most destructive and costly cyberattack in history." Russia denied any involvement.
  • SolarWinds Hack, 2020: Amid the COVID-19 pandemic, the SolarWinds hack targeted multiple US federal agencies in 2020. Hackers infiltrated SolarWinds, a tech company that provides IT network management software, by inserting malicious code into its widely-used Orion platform. This allowed them to access sensitive information across various government departments, including the Treasury and Homeland Security, for months before detection. The breach underscored the vulnerability of even highly secure systems and was attributed to Russian state-sponsored hackers, though Russian officials denied the allegations.
  • OPM Data Breach, 2015: In 2015, the US Office of Personnel Management (OPM) suffered a massive data breach that exposed the personal information of over 21 million federal employees and contractors, including social security numbers, fingerprints, and data from background checks. The breach was widely attributed to Chinese state-sponsored hackers, though the Chinese government denied involvement. The incident highlighted significant vulnerabilities in the management of sensitive US government data and prompted a reevaluation of data protection strategies nationwide.
These incidents underscore the growing significance of cybersecurity in national defense, highlighting the need for robust protective measures against state-sponsored cyber threats.

Ransomware Attacks Declined by 61% But Organizations Must Remain Vigilant

 


Despite WannaCry infecting thousands of PCs worldwide in 2017, ransomware has always remained one of the biggest threats to corporations worldwide. There is, however, new research that indicates that this persistent threat may be on the decline.  

Privileged access management (PAM) provider Delinea, in partnership with Censuswide, has released the 2022 State of Ransomware Report, a comprehensive study of the latest forms of ransomware. There was a survey of 300 U.S.-based IT decision-makers conducted by the research firm, and results showed that only 25% of companies had been affected by ransomware attacks over the last calendar year.  

This represents a 61% decline in incidents of theft from organizations over the last 12 months when 64% of organizations reported being victims in that period. Additionally, according to the report, the number of companies that paid ransoms decreased from 82% at the beginning of the study period to 68% at the end of the research.  

The fact that these attacks are still common enough to cause serious data breaches is encouraging news for enterprises. However, security leaders cannot afford to become complacent in the face of attacks. 

Ransomware: Why organizations should not be complacent  

However, organizations should not relax their security precautions, although ransomware attacks appear to be declining. As ransomware breaches cost an average of $4.5 million, this is particularly significant when there is potential for an increase. 

According to Joseph Carson, chief security scientist and advisory CISO at Delinea, ransomware remains a significant concern and a threat to any organization. He further continued that they saw some signs of complacency in the survey research. This could be a sign that ransomware will be on the rise in 2023. 

An example of complacency is the decline in the number of organizations that include incident response plans, which is one of the signs of complacency. As a result, this number dropped from 94% to 71%. These circumstances may make it less likely for these companies to be able to respond to data breaches effectively. This may give threat actors more opportunities to steal critical data assets from these companies. 

Actions to be taken proactively

Rather than succumbing to complacency, organizations should remain prepared while continuing to invest time, money, and effort in proactive security solutions to prevent breaches.  

The key to protecting networks and systems from these types of attacks is making organizations more proactive about cybersecurity. This is especially true in areas where they are most vulnerable, such as identity management and access controls.  

In Carson's view, the most pertinent aspect of this concerns adopting and enforcing the principle of least privilege and employing multifactor authentication (MFA) and password vaulting to decrease enterprises' vulnerability to ransomware attacks.  

Furthermore, other measures can be taken to mitigate additional risks including frequent data backups, comprehensive incident response plans, and investing in cyber insurance policies.

Malware WannaCry And Vulnerability EternalBlue Remain at Large

 

One specific aspect of malware and one vulnerability continues to develop as security companies have been reconstructing the highest trends in the past weeks that is - WannaCry and EternalBlue. WannaCry spreads quickly since Windows Server Message Block Version 1, also known as EternalBlue, had a vulnerability to a broad flaw. Microsoft had already fixed the vulnerability, CVE-2017-0143 - effectively, shortly before WannaCry was released - with its system update MS17-010.
For example, the security agency Trend Micro claims that WannaCry, trailed by cryptocurrency miners, and Emotet has been the most popular form of malware family found last year. Whereas Emotet was newly disrupted by police departments.

“The one thing that really keeps WannaCry prevalent and active is the fact that it is wormable ransomware,” says Rik Ferguson, vice president of security research at Trend Micro. "Couple that with the fact that Shodan showed me just now that there remain 9,131 internet-facing machines vulnerable to MS17-010 and you quickly begin to understand why it continues to propagate." 

The National Security Agency, which apparently developed the exploit for the SMB v1 flaw, seems to have started the EternalBlue. This exploit was then leaked or robbed by the Shadow Brokers Party in 2017 and eventually obtained and leaked. Two months later, EternalBlue-targeting was released, with many analysts claiming it was created by North Korean hackers, who then might have lost all control of the WannaCry. 

Although WannaCry seems to be the malware frequently detected, it does not imply that it is the most harmful or even most of the devices contain it. Not all such codes are published and even if they are, they don't guarantee success. 

However, everything being favorable, the continued circulation of WannaCry shows that at least some unencrypted devices remain infected. Regrettably, certain unencrypted systems asymptotically decrease, never reaching zero. In 2020, Conficker - a Malware Family that was initially identified as targeting a vulnerability in Microsoft Server - was the 15th largest form of malware by Trend Micro. "Other variants after the first Conficker worm spread to other machines by dropping copies of itself in removable drives and network shares," according to Trend Micro. 

Though ransomware profits may be rising, the most frequently viewed malware in the wild has improved little in recent times from a quantitative point of view. 

The Finnish security company, F-Secure, for example, lists network exploits and file handling errors as the most malicious code attacks in 2020. And the most frequently viewed form of attempted exploit still battles the EternalBlue vulnerability of SMB v1. "There are three different threat detections that contributed to this: Rycon, WannaCry, and Vools," Christine Bejerasco, vice president of security firm F-Secure, Tactical Defense Unit, stated.