cyber security.
what is cyber security.
Cybersecurity is the practice of protecting sensitive data and critical systems like computers, servers, and networks from cyber threats and malicious attacks.
As technology advances and computers change, cybersecurity is becoming increasingly more significant. This is due to the increased reliance on computer systems, the internet and wireless network standards such as Bluetooth and Wi-Fi, as well as the growth of smart devices and the multitude of devices that represent the ‘internet of things’.
Cybersecurity protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information, protected health information, personal information, intellectual property, data, and governmental and industry information systems.
We could say that cybersecurity is one of the major challenges in the contemporary world. In the last 15 years, an average of more than one data breach or cyber attack per day occurred. They varied in scope and destruction, but most of them had one thing in common - they were preventable.
what is a cyber attack.
A cyber attack is a malicious attempt to steal, expose, change, or destroy data through unauthorized access to computer systems. Hackers and cybercriminals use various methods to launch cyber attacks.
Cyberattacks affect our day-to-day lives and our economy. By destroying, corrupting, or stealing information from our computer systems and networks, they can not only unauthorized access and corrupt our personal data, but also impact electrical grids and fuel pipelines, hospitals and police departments, businesses and schools, and many other critical services that we trust and rely on every single day.
the most common forms of cyber attacks.
malware
Malware is software intentionally designed to damage and disrupt computers, servers, and networks. It may be used to leak private data, gain unauthorized access to information or systems, deny users’ access to their system's information, or interfere with a network's security. Types of malware include Trojans, viruses, spyware, and ransomware.
ransomware
Ransomware is a type of malware from crypto-virology: a field that studies how to use cryptography to design powerful malicious software that encrypts files on an infected computer, restricts users’ access to a computer's files and threatens to publish personal data or block entry until the victim pays a ransom. While simpler ransomware may lock the computer system without sabotaging files, more advanced malware encrypts the computer's files using crypto-viral extortion. Due to the large amounts of money to be made, new versions appear frequently.
social engineering
Social engineering is the act of psychologically manipulating computer users into giving away confidential information. Unlike other types of cyber attacks, social engineering relies on human error rather than faults in computer systems. The kind of details cyber criminals seek often include passwords, bank information, and other personal details.
the evolution of cybersecurity.
The history of cybersecurity starts in the 1970s when words such as ransomware, spyware, viruses, or worms did not exist yet.
For most of the 1970s and 1980s, when computers and the internet were still under development, computer security threats were easily identifiable. A majority of the threats were from malicious insiders who gained access to documents that they weren’t supposed to view.
For example, the Russians used network breaches and malware to deploy cyber power as a form of weapon.
Similarly, Marcus Hoss, a German computer hacker, hacked into an internet gateway located in Berkeley to connect to the Arpanet - the first public packet-switched computer network which is considered the forerunner of the modern internet. He then proceeded to access 400 military computers, including the Pentagon’s mainframes. Hoss’ primary intent was to acquire information to sell to the Russian spy agency, KGB. An astronomer, Clifford Stoll, however, used honeypot systems (a sacrificial computer system that's intended to attract cyberattacks, like a decoy) to detect the intrusion and foil the plot.
These attacks were the start of severe computer crimes utilizing virus intrusion.
1970s: ARAPNET and the Creeper
In the 1970s, Robert Thomas realized the possibilities of creating a program capable of moving in a network and leaving behind a breadcrumb trail wherever it went. This discovery led to the invention of the first computer worm called Creeper. It was designed to travel in between Tenex terminals, using the ARPANET. It printed the message “I’M THE CREEPER: CATCH ME IF YOU CAN.”
In 1972 Ray Tomlinson, the inventor of email, wrote the program Reaper, which chased and deleted Creeper.
1980s: the era of computer worms and the first antivirus
In 1988, Robert T. Morris created the first disastrous computer worm that was the next milestone in the history of cybersecurity. His intention was to gauge the size of internet. The worm was designed to infect UNIX systems so that it would count the total connections present on the web. A worm program would spread across a set of networks and then replicate itself. It turned out to be a huge mistake because a programming error caused the worm to infect machine after machine. As a result, networks clogged, causing the connected systems and internet to crash.
Antivirus software was originally developed to detect and remove computer viruses, hence the name. There are competing claims for the innovator of the first antivirus product.
Possibly, the first publicly documented removal of an "in the wild" computer virus ("Vienna virus") was performed by a German, Bernd Fix in 1987.
Also in Germany in 1987, Andreas Lüning and Kai Figge, released their first antivirus product for the Atari ST platform.
In the US, John McAfee founded the McAfee company (was part of Intel Security) and released the first version of VirusScan. Later in 1987, Peter Paško, Rudolf Hrubý, and Miroslav Trnka created the first version of NOD antivirus, an antivirus program for computers running the MS-DOS operating system, made by the Slovak company ESET.
1990s: the world goes online
With the internet becoming available to the public, more people began putting their personal information online. Organized crime entities saw this as a potential source of revenue and started to steal data from people and governments via the web. Viruses became more aggressive programs. Viruses such as I LOVE YOU and Melissa infected tens of millions of computers, causing a worldwide failure of email systems. The primary delivery method for viruses was the use of malicious email attachments.
Suddenly, cyber threats and attacks were a huge concern necessitating the creation of an immediate solution - antivirus software. As a result, there was a sharp growth of companies creating and retailing antivirus products.
The antivirus solutions scanned business’ IT systems and tested them with signatures written in a database. These programs were designed to detect the presence of viruses and worms and to prevent them from accomplishing their intended tasks.
At the same time, the malware samples produced every day increased in size and scope. Whereas only a few thousands of malware samples existed in the 1990s, the number had grown to at least 5 million by the year 2007.
Consequently, the legacy antivirus solutions could not handle such a capacity as security professionals were unable to write signatures that would keep up with the problems as they emerged. The challenge called for a newer approach that would offer adequate protection to all systems.
Rather than depending on static signatures as the primary technique for detecting viruses, researchers used signatures to identify malware families. The solutions relied on the premise that malware samples were deviations from other existing samples. The endpoint protection platform approach was more effective.
secure sockets layer
In light of the increasing virus and worm attackers, security professionals are required to identify means for protecting users when browsing through the internet.
Shortly after Supercomputing Applications developed and released the first internet browser, in 1995, Netscape released the secure sockets layer (SSL) internet protocol, which enabled users to access the web securely and perform activities such as online purchases.
the rise of the first hacker group
In the 2000s, cyberattacks started being more targeted. One of the most memorable attacks during this period includes the first reported case of serial data breaches targeting credit cards. Between 2005 and 2007, a cybercriminal ring for compromising credit card systems executed attacks that successfully stole confidential information from at least 45.7 million cards. The breach caused a loss amounting to $256 million.
The first hacker group that came into the limelight in October 2003, when it hacked a website belonging to the Church of Scientology, was Anonymous. The group doesn’t have a particular leader, and the members are from different offline and online community users. To date, Anonymous has been linked to many high-profile attack incidents and has motivated other groups such as Lazarus (a cybercrime group made up of an unknown number of individuals run by the North Korean state), to execute large-scale cyberattacks.
There are many hacker groups and organized cybercrime groups today. They consist of individuals with a specific hacking skill and usually launch cyber attack campaigns characterized by different objectives.
EternalBlue
EternalBlue constitutes a notable example of lateral movement vulnerability. Lateral movement attack techniques allow cybercriminals to run codes, issue commands, and to spread across a network. The EternalBlue vulnerability allows an attacker to exploit SMB protocols used to share files across a network. As a result, the protocol highly attracts cyber adversaries.
The EternalBlue exploit has been used by The notorious Lazarus group for the infamous WannaCry attack in 2017. The WannaCry attack was a global ransomware attack targeting health institutions mostly in Europe. It was quite devastating as it caused health services to halt for almost a week.
recent cybersecurity attacks
Today, cybercrime has become mainstream. Cybercriminals have been using attacks for various gains.
Some of the well known cyber attacks include:
Yahoo attacks: Yahoo was the victim of one of the worst attacks in 2013 and 2014 which resulted in a compromise of Yahoo accounts belonging to over 3 billion users. Hackers used spear-phishing techniques to install malware on Yahoo’s servers, allowing them unlimited backdoor access. They were able to access Yahoo’s backup databases with confidential information such as names, emails, passwords, and password recovery questions and answers.
State-sponsored attacks: There have been many cases of state-sponsored attacks. Over 100 US universities were attacked in 2018 using different types of attacks. The attacks led to the loss of intellectual properties amounting to 3 billion dollars. Investigations revealed that Iran was behind the attack. Similarly, there have been many other cases of state-sponsored attacks. In 2014, North Korea sponsored the Lazarus Group which hacked into Sony. The hackers released videos of upcoming films and actors’ images.
Gmail and Yahoo attacks: Iranian hackers were able to successfully hack into the Gmail and Yahoo accounts belonging to top US activists, journalists, and government officials in 2018. After studying the habits of the targets, the attackers used spear-phishing emails to trick them into inputting their login credentials in dummy pages accessible by the hackers. The hacks even overcame the highly acclaimed two-factor authentication techniques.
cybersecurity in the future
Cybercrime is projected to cost the world trillions of dollars in the coming years.
Cybercriminals are expected to use new innovative strategies for executing stealth attacks by leveraging emerging technologies like artificial intelligence, blockchain, and machine learning.
Today, artificial intelligence is integrated into antivirus and firewall solutions to achieve smarter detection and response capability. Moreover, since all organizations have automated most of their processes, cyberattacks are more concerned with compromising system security. The intent is to prevent them from accomplishing normal operations by locking out system users or stealing critical data.
key steps to protect your data against cyber attacks.
As previously mentioned, cyberattacks are malicious attempts to access or damage a computer or network system. Cyberattacks can lead to the loss of money or the theft of personal, financial and medical information, and can damage your reputation and safety.
If you follow these steps, you can effectively protect yourself from potential cyber attack:
Limit the personal information you share online. Change privacy settings and do not use location features.
Keep software applications and operating systems up-to-date.
Create strong passwords by using upper and lower case letters, numbers and special characters. Use a password manager and two methods of verification.
Watch for suspicious activity that asks you to do something right away, offers something that sounds too good to be true, or needs your personal information. Think before you click. When in doubt, do NOT click.
Protect your home and/or business using a secure Internet connection and Wi-Fi network, and change passwords regularly.
Don’t share PINs or passwords. Use devices that use biometric scans when possible (e.g. fingerprint scanner or facial recognition).
Check your account statements and credit reports regularly.
Be cautious about sharing personal financial information, such as your bank account number, Social Security number or credit card number. Only share personal information on secure sites that begin with https://. Do not use sites with invalid certificates. Use a Virtual Private Network (VPN) that creates a more secure connection.
Use antivirus and anti-malware solutions, and firewalls to block threats.
Back up your files regularly in an encrypted file or encrypted file storage device.
Do not click on links in texts or emails from people you don’t know. Scammers can create fake links to websites.
Remember that the government will not call, text or contact you via social media about owing money.
Keep in mind that scammers may try to take advantage of financial fears by calling with work-from-home-opportunities, debt consolidation offers and student loan repayment plans.
Today, due to remote and hybrid work environments, users are more than ever exposed to cyber risk and that calls for an even greater focus on cybersecurity.
what to do if you experienced a cyberattack.
Don't panic, try to act rationally and cautiously.
Check your credit card and bank statements for unrecognizable charges.
Check your credit reports for any new accounts or loans you didn’t open.
Be on alert for emails and social media users that ask for private information.
If you notice any suspicious activity, change all of your internet account passwords immediately.
Consider turning off the device that has been affected. Take it to a professional to scan for potential viruses and remove any that they find.
Let work, school or other system owners know what happened.
Run a security scan on your device to make sure your system is not infected or acting more slowly or inefficiently.
If you find a problem, disconnect your device from the Internet and perform a full system restore.
Let the proper federal, state and local authorities know if you believe you have been a victim of a cyberattack.
Contact banks, credit card companies and other financial services companies where you hold accounts. Close any unauthorized credit or charge accounts.
Report that someone may be using your identity.
File a report with the local police so there is an official record of the incident.
File a report if you think someone is using your Social Security number illegally.
If you need help, Kotar Data Recovery has been successfully recovering data from malware infection, including RansomWare and CryptoLocker attacks since 1999.
