Read time approx. 4 min
Cyber Security has been a subject talked about a lot more often in recent days. We hear stories about big hacks and billions of dollars stolen from large companies and institutions. Just couple of weeks ago, the biggest by volume exchange “Binance” has lost 40 million Dollars worth of Bitcoin (main and most known cryptocurrency). ( Read about it on yahoo finance binance hack)
So, you might be wondering, what motivates hackers to perform a well-orchestrated hack, worth billions of dollars?
The reasons are not necessarily always the same.
Some do it for the money, some for the fame or to warn the institution about low security settings. Hackers are a community with very well laid out rules, some are bad (black hackers), but some are good (so called “white hackers”) and will perform hack for both good and bad reasons.
So, what are the major cyber attack threats? What are the main features and mechanics behind the attacks?
Cyber-attacks can come in a different form, as you probably know. The most common, just to name a few, are:
- Social engineered Trojan,
- Unpatched Software (such as Java, Adobe Reader, Flash),
- Network travelling worms,
However, hackers are getting more sophisticated these days, and focus on devices used by public on daily basis, including mobile phones, tablets and domestic wi-fi networks. Why? Mainly for the money. You might think, personal accounts do not bother me as a business. Well, you couldn’t be any more wrong. It only takes one device, one tablet, one mobile to breach work network, by careless employee, with malware planted at domestic device brought physically to their workplace.
Hackers actively seek the source of income. Credit cards details, account numbers and passwords as well as personal data are targeted to transfer funds, obtain credit, or to be sold on dark web for financial purposes. “Advanced threat actors such as nation-states, organized cybercriminals and cyber espionage actors represent the greatest information security threat to enterprises today. Many organizations struggle to detect these threats due to their clandestine nature, resource sophistication, and their deliberate "low and slow" approach to efforts. For enterprises, these more sophisticated, organised and persistent threat actors are seen only by the digital traces they leave behind” – source https://www.secureworks.com/blog/cyber-threat-basics
How are the hacks designed to work on big companies??
Typically, big companies and organisations have a dedicated systems and team of people responsible for the security. They would endlessly scan the network and data drives to reveal possible threads and look for forensics associated with the attacks. Hackers typically would use more then one form of attack to enter the network, system or data. The most popular is ethical hacking. Where, human factor comes to play. Vulnerable member of the team would be “used” to plug the external device to the computer, usually by tricking the person with the very believable story. Lets use an example here. Imagine you work in reception of well-known city centre hotel. You are approached by well dressed gentleman- me. I do look nervous and approach you to inform I have just arrived for a job interview. You instruct me to take a seat and inform a manager about my arrival. However, I come back to the desk within a minute and say: “Oh my god, I have just realised I have forgot to print my CV. Is there any possibility you can help? I have it on my usb drive”.
99% of the time, the person behind the desk will say “Of course, let me print it out for you. As you can imagine, there is a hidden malware file prepared on the usb stick, which enters the system immediately after plugging in and waits for activation, WE ARE IN!
Final question to ask, what is hierarchy of damage and where do the major treats sit on it?
It makes no difference if you are an individual or a company affected by the attack. There is going to be damage. Usually personal attacks are less damaging to the economy, area or community.
Large attacks can affect millions of people if not the entire nations. Again, lets base this on real life example.
If you open a phishing email, disclose sensitive information or passwords, you probably at most loose a little bit of money. Unlucky if you were a millionaire!
If you were a big company or organisation, you could potentially lose billions and collapse as a business. Leaving people without jobs, affecting local community, decreasing taxes paid to the government, increasing poverty and unemployment in the area. Your business can have impact on other local businesses, decreasing production, export and manufacturing process. This are just financial aspects. There is also a psychological side of things to consider, which may lead local community to fear, anxiety and uncertainty. Which than can lead to mass relocation and completely wipe cities from the map!
Taking all of the above into consideration, I think, you can start to imagine the importance of good cyber security in the world when almost of all the aspects of everyday leaving are digitalised.
I hope my blog will get you thinking next time you pick the password for your online work account, constructed with your name and 2 repeated numbers!