Hackers are targeting enterprise networks with greater determination than ever; these recent cyberattacks are keeping enterprise CISOs up at night.
As enterprises come to rely more heavily on an increasingly critical foundation of IT infrastructure, they’re taking a long, sober look at the most recent onslaught of cyberattacks. With damaging breaches coming against major corporations like Facebook and Marriott Hotels, many are wondering what they can do to avoid a similar fate. And this may be the only silver lining: that high-profile attacks can help IT departments better understand the threat environment — and better prepare for it.
Much is at stake — a forecast from CSO Online claims that the average ransomware attack costs a company $5 million. To help mitigate the growing array of cybersecurity risks, it’s important to stay up to date on the most current threats and recent attacks. Here is a list of the biggest cyberattacks of the past few years, along with some professional advice for what your business can do to better protect its network.
May 2017: WannaCry
Widely considered one of the most destructive attacks in the history of the internet, the WannaCry ransomware attack of May 2017 was a global affair. WannaCry’s cryptoworm targeted computers running the Microsoft Windows operating system, encrypting user data and demanding Bitcoin ransom payments in return for a de-encryption key. Major corporations all over the world were hit.
The attack was stopped within 4 days of its discovery after Microsoft released an emergency patch. Unfortunately, WannaCry had already affected more than 200,000 computers across 150 countries, causing damages in the hundreds of millions of dollars.
The WannaCry disaster reinforced the need for network administrators to stay up to date on their patch management and intrusion prevention systems. After all, a network is only as strong as its weakest link.
Oops, Yahoo Did It Again
In late 2016, Yahoo! reported two major data breaches of user account data which compromised usernames, email addresses, telephone numbers, security questions, and dates of birth.
Yahoo! was not initially forthcoming with these breaches. In November 2016 they first informed the public that a breach had occurred in 2014 and claimed it only affected 500 million users. But one month later, in December 2016, they disclosed that an earlier breach had occurred which affected 3 billion Yahoo! users. In 2017, FOX News reported that the compromised Yahoo! data was available for sale on the dark Web for over $300,000.
These hacks are considered the largest user data breaches in the history of the Internet. The hackers likely used manufactured web cookies to falsify login credentials, which allowed them to log into any account without a password.
There’s much to be learned from these massive Yahoo! attacks. One significant takeaway is that data breaches can result in serious reputational damage and loss of consumer trust, especially for organizations that attempt to conceal the fallout. Yahoo! Came under serious fire both for their inadequate security controls and their lack of transparency with the public.
These attacks also reinforce the importance of utilizing best practices in password management, and should likewise serve as a reminder to add cookie controls to network browser programs.
The Costly Consequences of Dyn’s DDoS Attack
In the Fall of 2016, a distributed denial-of-service (DDoS) attack against Dyn wiped out a massive swath of the internet. The attack against Dyn’s network, which generates 40 billion traffic optimization decisions for more than 3,500 enterprise customers every day, caused major internet platforms like Twitter, Amazon, Pinterest, PayPal, and Netflix to suffer outages. The attack prevented these platforms from accessing Dyn’s major customer sites, and as a result, Dyn lost 8% of its business domains.
The DDoS went after Dyn’s Domain Name System (DNS) and worked in accordance with a Mirai botnet — a malware that turns networked devices running Linux into remotely controlled bots and uses them as part of a botnet in large-scale network attacks.
DDoS attacks continue to pose serious threats to enterprises, and as the Dyn story illustrates, the costs can be severe. Organizations can (and should) fortify their defenses against these kinds of cybersecurity threats by training employees to recognize and react to the signs of a DDoS attack, implementing effective security policies, and addressing network vulnerabilities.
What’s New in the Phishing World: W-2 Theft
Sometimes major network attacks originate with the most basic of cyber-tactics. During the 2017 tax season, a simple phishing attack resulted in over 30,000 compromised W-2s. As reported by Forbes after the attack “The IRS is urging businesses and organizations to be on the lookout for scams relating to their employees' W-2 forms. The W-2 is a treasure trove of personal information. Stealing them — or tricking an employee into handing them over — is a major win for fraudsters.”
When it comes to highly-sensitive documents like W-2s, it’s crucial that enterprises take all necessary measures to safeguard against these phishing scams. Otherwise, they can expect to hear from an army of lawyers.
One of the most vital steps in the effort to prevent phishing scams is training users to recognize and report phishing attempts. Just one mistake from one employee could put an entire company at risk of a network security breach that could compromise thousands.
The Marriott Data Breach
In November 2018, hackers stole sensitive data from over half a billion guests of Marriott Hotels after having regularly breached the hotel chain’s reservation system over the course of four years. Hackers exfiltrated sensitive information like names, addresses, credit card numbers, and phone numbers of hotel guests — in some cases they even got a hold of passport numbers, travel destinations, and arrival and departure dates. It’s considered to be one of the biggest customer data breaches since the Yahoo! hacks from only several years ago.
In general, hotels tend to be highly susceptible to data breaches. This can be credited to the interconnectedness of businesses within a hotel’s operations (shops, restaurants, dry cleaning services, business centers, etc.). When there's a breach in one location, it can spread quickly across the rest of the organization as it’s very difficult, and expensive, to have a uniform security policy in place across these different entities. Hotels would stand to gain from establishing regular network security assessments to address any security vulnerabilities that may be lurking in the far-flung reaches of their organizations.
NotPetya
The NotPetya malware affected thousands of computers worldwide in 2016 and 2017. It was created to resemble Petya — a ransomware that essentially holds user data hostage until they pay up. Although NonPetya superficially resembles previous forms of ransomware, there are a number of important features that make NotPetya significantly more dangerous.
For one, NotPetya spreads on its own. Once it encrypts a hard drive, the infected system will crash after a few minutes. Instead of simply encrypting data (as Petya would), NotPetya also harvests the target computer’s user credentials and uses them to infect other computers on the same local network.
More importantly, NotPetya does not give its victims the chance to regain access to their devices. In other words, those infected with NotPetya cannot pay a ransom to get their data back — their networks are simply damaged beyond repair. NotPetya is now widely considered to be a state-sponsored Russian cyber warfare weapon (although Russia has never claimed ownership), whereas Petya was employed by hackers trying to earn a buck.
With innovative hacking efforts like these on the rise, it’s essential that enterprise IT departments equip their organizations with the tools necessary to thwart emerging cyber threats. If you don’t already have a highly effective training plan in place, it’s advisable to develop one right away. Ultimately, the security of your business, your network, and your data depends on it.
Take advantage of the opportunity to have a TTI expert come to your office and host a free discussion on the latest in cybersecurity protection. Schedule your roundtable discussion today, and learn how an experienced network security provider like TTI can give your IT department the skills it needs to keep hackers at bay.