Pub. 1 2019 Issue 6

THREAT TYPES I have listed the most common types of threats that are currently being used to attack organizations in the following sections. Data Breach Data Breach is the type of incident that you hear about in the news, espe- cially if it involves a large number of consumer accounts. The sad truth is that the attacked companies could have prevented most of the breaches if they had implemented and tested basic security measures. If you measure the size of the breach by the number of stolen records, the biggest data breach to date was an attack against Yahoo, but there are other well-known names on the list like Equifax, eBay, Target, TJX, JPMor- gan Chase and Uber. The key to defending against a data breach is understanding that the bad guys can steal identities after they have the information from a data breach. With companies such as Yahoo, a compromised account can be used to attack other online services that are not even part of the breach. For instance, imagine you have an account at Bank of America, and you have a Yahoo account as your primary email address. An attacker who has your email can ask for a password reset. Voila, they now have access to your checking account, too. Ransomware Attack Ransomware attacks are becoming more and more common. The hack- ers research a target organization and determine the risk and reward. For example: • Does the organization have a large budget for security? • Are they likely to have cybersecurity insurance? Many municipalities, nonprofits and government organizations do not have a large budget. They often rely on contractors to provide security services. They also usually have insurance, so if they were to be hit by ransomware, it is cheaper for them to pay the deductible and have the insurance company deal with the criminals. The likelihood of letting the insurance company pay the majority of the money creates an incentive for the bad guys. They now have a “prospect base” to target and can be sure that they will probably get paid. One recent attack in particular, “GandCrab,” was set up as a “ransomware as a service” where hackers recruited partners and allowed them to use the hacker’s platform to collect the ransom. The parent organization col- lected a commission. According to Trend Micro, the organization collected over $2 billion, laundered the money and then retired. For them, at least, crime paid very well. While the overall number of ransomware threats seems to be declining, 2019 has seen a marked jump in targeted attacks and the amount of money collected by hackers. Why? The bad guys are now researching their victims and targeting them specifically. Crypto Mining During a crypto-mining attack, the criminals install malware that does no damage to the computer. Instead, it uses your spare computing power to mine cryptocurrency. A large number of infected systems can generate large sums of money. According to a Forbes 2018 article, hackers with 2,000 bots at their disposal can generate $568 in Monero (another cryp- tocurrency) per day or $204,400 per year. The more infections there are, the more money can be made. Denial of Service (DOS) DOS attacks happen when a hacker wants to bring a website or service down, either for notoriety or as a vendetta. It is very difficult for an individual business to protect against this, and even the major cloud providers sometimes struggle. Most software is currently housed in the cloud, and therefore the responsibility to guard against a DOS attack falls on the cloud provider. As a result, you do not have to worry about denial of service unless your organization hosts your service. MOTIVATIONS Why do hackers attack? It has to do with human nature. Some people are depend- ably honest, some people are dependably dishonest, and some people are dishonest only if they can make a lot of money and get away with the theft. Hacking can pay well, and because of the dark web, it is very difficult for anyone to track down the perpetrators. The chance they will get caught is small. Also, some hackers like the thrill of the work. Wielding a large botnet or attacking an organization they do not like makes them feel powerful. Finally, some nation-states are involved in hacking. An example of this was when a security engineer named Brendan Salis- bury first realized that the U.S. Office of Personnel Management had been hacked. Experts think Chinese hackers were responsible. COMMON ATTACK VECTORS The most common attack vectors are: • Phishing emails: an employee falls for the scam by clicking on a link, and either installing malware or divulging sensitive information. • Drive-by attacks: a user either accidentally visits a malicious site, or an advertisement displayed in the browser contains malware. Hackers can exploit vulnerabilities if you The key to defending against a data breach is understanding that the bad guys can steal identities after they have the information from a data breach. N E W H A M P S H I R E 23