[BreachExchange] A brief history of cyber risk: From data breaches to ransomware

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jul 27 19:24:22 EDT 2017


http://realbusiness.co.uk/tech-and-innovation/2017/07/
27/a-brief-history-of-cyber-risk-from-data-breaches-to-ransomware/

Our history is filled with cyber risk incidents, stretching back to the
HMRC CD-ROM debacle, through to software vulnerabilities like Heartbleed
and WannaCry. If anything, it highlights the need for companies to take
serious steps to mitigate the impact of future attacks.
Over the past five years, two major themes have boosted awareness around
data protection and cyber risk – data loss incidents and widespread
software vulnerabilities. Today, a third – ransomware – has risen to
prominence, currently representing the primary driver for security
awareness and data protection in UK organisations.

>From Adobe to Sony – data increasingly unsafe

With a long history stretching back as far as the HMRC CD-ROM debacle,
which concerned 25m people, data loss incidents have continued to grow in
prominence and frequency. Data loss from global brands like Adobe, Yahoo!,
Sony, eBay and many more have had the public asking whether businesses are
well enough equipped to secure their data.

Heartbleed sees more data haemorrhaging from firms

Simultaneously, serious software vulnerabilities – some of which are no
doubt taken advantage of by hackers in many high-profile data breach
incidents – gained massive, mainstream media attention. First came
Heartbleed, then Shellshock, followed by POODLE and Sandworm. From this
point, further questions are asked of employers and their attention to –
and investment in – cyber risk.

When hitherto unknown – “zero day” – vulnerabilities in software and
hardware widely used by businesses are suddenly disclosed, what hope do
organisations have of guaranteeing that customer data will remain fully
protected?

Many are starting to believe that it’s not a case of “if”, but “when”,
meaning bosses must concede that they will face data loss at one stage or
another, and that they must invest more heavily and diversely in
mitigation, response and backup technologies, in addition to the existing
prevention and detection tools which are clearly shown to be failing.

Ransomware to the fore

Most recently, cyber risk incidents and disclosures of vulnerabilities have
given way to hard-hitting ransomware outbreaks.

A strain of malware which can be spread in the usual fashion – by infected
email attachments or malicious links which exploit software vulnerabilities
– ransomware is designed to lock systems and encrypt data unless a fee is
paid or action performed.

Ransomware has a long history, but it first entered the wider public eye a
few years ago when CryptoLocker began spreading. What set CryptoLocker
apart, and what has set a precedent for future ransomware strains, was
that, thanks largely to the anonymity it provides the criminals behind the
attacks, it demanded payment in the cryptocurrency “Bitcoin”.

Whether those affected by ransomware should actually pay the ransom has
been widely debated [they shouldn’t]but, either way, outbreaks within
organisations will have an immediate, devastating impact.

It will make you WannaCry

On Friday, 12 May 2017, the WannaCry ransomware attack began rapidly
spreading across the globe. Affected organisations included FedEx, Nissan
UK, Telefonica, the NHS and many more. The timing of the attack, right
ahead of the weekend, only added to the desperation to restore systems.
Many businesses simply had to resort to paper and pen while IT staff
grappled with the sheer scale of the outbreak.

Organisations who paid the ransom took a chance that those behind the
attack would provide the means to decrypt data while those that didn’t
simply had to set about factory-resetting, or restoring from back-ups.

Petya or not – the threat to data intensifies

On Wednesday, 28 June 2017, a variation of a previously seen strain of the
Petya ransomware – since dubbed “NotPetya”, began spreading. Initially
concentrated in Ukraine, the attack began spreading widely, affecting UK
organisations such as advertising company WPP. At the time of writing the
motivation behind this attack is still unclear – some researchers have
claimed NotPetya was designed to simply destroy data, rather than generate
revenue from ransom demands.

Can the threat ever be neutralised?

What we have learnt is that, despite all the cyber defences in the world,
if a vulnerability exists that isn’t yet known about and patched against,
an organisation is at risk from future ransomware attacks.

It’s also true that smaller and growing businesses with limited IT
resources face an even greater struggle to defend against the barrage of
cyberattacks and mitigate the cyber risk of data loss. Businesses should
ensure that they are training staff so that they understand cyber threats
and how actions can place corporate data at risk, with this information
then reinforced through easy-to-read policies.

First and foremost, organisations can no longer rely simply on preventative
cybersecurity measures to keep data secure from new attacks. It’s time to
implement more comprehensive, multilayered defences that include data
backup, enabling bosses to quickly revert to a healthy point prior to an
attack taking hold, regardless of its timing or sophistication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170727/300a9697/attachment.html>


More information about the BreachExchange mailing list