From identity theft to international espionage, cyber security has quickly become an omnipresent and universal concern to both the private and public sector. Where once virus infected spam would wreak havoc on an individual personal computer, now the immensely sophisticated and ever evolving cyber threats of today cause global disruption and damage on both financial and political levels.
As the global economy, political governance, critical infrastructure, enterprise and social sphere become inextricably dependent on the internet and cloud based software, it is information that has fast become the target of cyber attacks.
In May 2017, one of the largest mass ransomware attacks in history was launched with WannaCry ransomware affecting over 230,000 computers in 150 countries, encrypting their systems and holding their information for ransom.
A similar attack followed shortly after in June with Petya ransomware. Like WannaCry, Petya spreads rapidly through networks that use Microsoft Windows. This new generation of cyber threats has affected law enforcement agencies, banks, private enterprise and infrastructure around the world. With millions of people affected around the globe and the risk to information here to stay, how do you start to understand and assess an unseen threat?
Hackers, their hats and their motives
While there’s no doubt that artificial intelligence will eventually bring with it a completely invisible enemy, today’s intangible cyber threats are still created and controlled by physical people acting on individualised motives. So, understanding cyber security starts with understanding those behind the attacks. Hackers have been around as long as computers and are loosely categorised into ‘white hat, grey hat and black hat hackers’.
White Hat Hackers
Typically employed by organisations or as security consultants, white hat hackers work within the law to identify vulnerabilities, monitor hacker activity and dialogue and work to strengthen cybersecurity. White hat hackers are sometimes reformed malicious hackers who have been recruited by private organisations.
Grey Hat Hackers
Working illegally and usually without permission, Grey Hat Hackers find security loopholes and weaknesses and then report them publicly. According to McGraw Hill Education “sometimes they give the company a chance to fix the problem before publicly posting it. Others do not; they immediately publish the problem, allowing malicious hackers the opportunity to exploit it”.
Black Hat Hackers
Also known as malicious hackers, ‘black hat’ hackers and activists operate criminally using their skills and knowledge to exploit vulnerabilities for political, financial or disruptive purposes. Black hatters either utilise security flaws that have been published by grey hat hackers or find vulnerabilities themselves, then exploit these flaws to launch attacks to deface, destroy, disrupt, steal information for ransom or as a political strategy.
Hackers work both autonomously and as part of hacking syndicates, and sometimes in collaboration with nation states, such as in the alleged case of the 2016 US electoral disruption by Russian led hackers. While politically motivated cyber threats are undoubtedly a major concern, when it comes to standard security issues for public and private organisations, it is the hackers using ransomware to hold information hostage for payment that is the most destructive. So how does it work?
Ransomware and Software Vulnerabilities
The term software vulnerability refers to a glitch, weakness, bug or flaw in a software that creates a security issue. Ransomware is a type of malware designed by hackers to maliciously encrypt files for ransom, and software vulnerabilities are typically used as a means to gain access to vulnerable file systems.
According to RightScale’s annual State of the Cloud Survey released in January 2017, 85% of enterprises use a multi-cloud strategy, with most businesses and government organisations now running essential operations through private and public cloud-based applications. In the case of May’s WannaCry attack, the ransomware targeted a vulnerability in Microsoft Windows software, with Windows 7 the most affected, with the victim’s files then being locked for ransom.
The Australian Cyber Security Centre’s 2016 Report explains “ransomware encrypts the files on a computer (including network fileshares and attached external storage devices) then directs the victim to a webpage with instructions on how to pay a ransom in bitcoin to unlock the files. The ransom has typically ranged from $500 – $3000 in bitcoins [itself a cyber currency]”.
The implications of locked files and networks are extreme, with major disruptions to transport, breaches in national security and massive loss of customer and client information just scraping the top of the potential consequences. Many small businesses have experienced extreme reputation damage after client information has been lost, not to mention the risk of customer payment details being stolen and released to the web. With our society becoming more dependent on internet infrastructure, how can software developers protect against ransomware?
Software developers and IT security consultants are constantly monitoring and repairing software vulnerabilities, releasing patches and updates, to block security threats and prevent a virus gaining entry. Antivirus software companies are also constantly releasing updates to detect known viruses and threats.
What happens however when a hacker identifies a previously unknown software vulnerability?
A Zero-Day Threat refers to a vulnerability exploit that occurs on the day the vulnerability is identified, meaning there have been 0 days for developers, consultants and antivirus software companies to become aware of the threat and take pre-emptive action. Due to the threat being previously unknown, traditional antivirus and antimalware software usually will not detect or protect against a zero-day threat, turning cyber security into a multi-layered, multi-channel strategy.
Preparing for a Ransomware Attack
There is no one-shoe-fits-all guide for preparing for a ransomware attack, and in particular zero-day threats. That being said, IT service providers like CrossPoint Telecom are able to provide risk assessment services, managed IT security services, and perhaps most importantly, managed backup and data recovery services, to reduce the risk of attacks and mitigate the potential damage an attack might cause. While prevention may be impossible, when it comes to cyber security, preparation is key.