A cyber attack is a strike against a computer system, network, or internet-enabled application or device. Hackers use a variety of tools to launch attacks, including malware, ransomware, exploit kits, and other methods.
In the News
Victims of cyber attacks can be random or targeted, depending on cyber criminals’ intentions. During 2017, WannaCry has emerged as one of the most notable cyber attacks due to its reach and the speed at which it spread. News of the ransomware outbreak started in Europe with Britain’s National Health Service being one of the first targets of the cyber attack before it took off globally. Hospitals were shut down across the United Kingdom as files became encrypted. In the end, thousands of organizations were hit across more than 150 countries.
The WannaCry cyber attack took advantage of two key issues: 1) Hacking tools were stolen from the National Security Agency (NSA) that exploited Windows vulnerabilities; and 2) The majority of the organizations hit by the WannaCry cyber attack had failed to patch and were running some form of the Windows 7 operating system.
While a ransomware attack is just one form of cyber attack, other attacks occur when hackers create malicious code known as malware and distribute it through spam email campaigns or phishing campaigns.
Overall, cyber attacks have been growing at an alarming rate – in volume, sophistication and impact. In May 2017, Check Point products detected more than 17 million attacks each week. More than half included payloads that were unknown at the time of detection and could not be detected by conventional signature-based technology.
In its mid-year report, Check Point Research provides analysis of the year to date, looking at global attacks, trends in malware overall, ransomware, and both banking and mobile malware. According to the report, the percentage of attacks out of the top three ransomware in all regions almost doubled, increasing from an average of 26% to an average of 48%, compared to the same time period as 2016. The report also stated that many of the most prominent recent attacks–like WannaCry and NotPetya–were preventable had organizations used technologies that catch threats before entering the network, versus relying on solutions that detect, post-intrusion. However, 99 percent of organizations do not have proper security mechanisms in place.
Simple malware families are continuing to crop up even as the more sophisticated National Security Agency (NSA) hacking tools leaked by the Shadow Brokers gain greater distribution. With various means for all levels of cyber criminals to create cyber exploits, hackers are upping the ante of their attacks. Ransomware and other types of cyber assaults are targeting public infrastructure and medical facilities worldwide.
Check Point Research identified several key trends emerging for 2017. Below are some highlights.
TREND 1: Nation-state cyber weapons are now in the hands of criminals
- March 2017: Thousands of documents detailing how the CIA hacks into iPhones, Android devices, and Smart TVs were released.
- April 2017: The Shadow Brokers threat group released a dump containing NSA exploits and hacking tools, considered to be the most damaging release yet. The leaked cache, which contains almost 300 megabytes of material, targets most versions of the Windows operating system, plus code for hacking into EastNets, the largest SWIFT service provider in the Middle East.
- May 2017: The WannaCry ransomware was poorly written, was not packed, was not obfuscated, and contained a peculiar ‘Kill Switch.’ And yet, this malware showed great reach, based largely on the Shadow Brokers’ NSA tools leak and more specifically, the EternalBlue exploit for Windows SMB. The leaked code helped upgrade a simple ransomware into a highly influential global attack that impacted numerous public and civil facilities.
- June 2017: The same NSA capabilities that had been evident in the WannaCry attack were reused in NotPetya – an attack focused on Ukrainian organizations that took down entire networks.
TREND 2: The line between adware and malware is fading, and mobile adware botnets are on the rise
- Fireball malware: A browser-hijacker designed to push advertisements, also capable of executing any arbitrary code on its victim’s machine.
- HummingWhale: A new variant of the infamous HummingBad malware, which was prominent in third-party app stores last year. The new version created a new tactic to steal ad revenues; penetrate Google’s security; and upload dozens of apps to Google Play.
- Judy: An auto-clicking adware that could be the largest malware infection ever on Google Play.
- CopyCat: A mobile malware that infected 14 million Android devices, rooting approximately 8 million of them. Hackers raked in approximately $1.5 million in fake ad revenues in two months.
TREND 3: Major cyber breaches are hitting all geographies
- February 23, 2017: Researchers found a critical security flaw in the edge servers of the web security company Cloudflare. A buffer overflow bug caused a major leak of sensitive user information from 3,400 websites, including Uber, 1Password, and OKCupid, an online dating site.
- March 7, 2017: WikiLeaks released more than 8,000 files and documents, alleged to belong to the Central Intelligence Agency (CIA). Dubbed “Vault7,” the release included dozens of exploits and vulnerabilities for various platforms, including web browsers, Windows, Android, Apple products, and security products. The leak also detailed information about practices and methods allegedly used by the CIA.
- April 7, 2017: Unknown hackers breached the emergency siren system of Dallas, Texas, repeatedly activating all of the city’s 156 sirens for approximately an hour late Friday night.
- April 14, 2017: The Shadow Brokers group, which had previously released hacking tools allegedly belonging to the NSA, leaked additional tools, exploiting zero-day vulnerabilities for both Windows and the SWIFT banking system. One month later, a global attack took advantage of that release and infected tens of thousands of machines with the WannaCry ransomware, using a vulnerability in the Windows OS SMB EternalBlue communication protocol. The victims included hospitals, telecommunication companies, car manufacturers and others.
- May 11, 2017: Edmodo, a popular educational technology company based in California, lost the personal data for approximately 77 million user accounts belonging to students, parents and teachers. The stolen data included email addresses, usernames and hashed passwords. It was reported that the hacker offered the data for sale on a dark web forum for $1,000.
Europe, the Middle East and Africa (EMEA)
- January 7, 2017: E-Sports Entertainment Association League, a popular video gaming community owned by the Germany-based eSports company Turtle Entertainment GmbH, suffered a breach that may have revealed personal data of 1.5 million users.
- January 12, 2017: Cellebrite, an Israeli company known for developing mobile forensics and hacking tools, was breached, leading to the theft of 900 GB of customer data.
- April 9, 2017: Wonga, a UK-based loan firm, suffered a breach affecting up to 270,000 customers, most of them in the UK. According to Wonga, the leaked data might include e-mail addresses, home addresses, phone numbers, partial credit card numbers and bank account numbers.
- February 13, 2017: The McDonald’s India app, McDelivery, leaked the personal data of more than 2.2 million customers, including name, email address, phone number, home address and social profiles. McDelivery acknowledged the issue on February 13. However, as of March 17, it hadn’t been fixed and customer data continued to be exposed.
- March 14, 2017: GMO Payment Gateway, the Japanese provider of payment processing services, confirmed that a security flaw in the company’s systems led to the leak of personal and financial data from the websites of two of its clients: the Tokyo metropolitan government and the Japan Housing Finance Agency.
- April 13, 2017: Some 500,000 Australian websites were rendered inaccessible for an hour and a half, after the DNS servers of an Australian Internet company fell victim to a massive DDoS attack.
- April 24, 2017: An unknown hacker broke into HipChat, a group chat platform owned by the Australia-based enterprise Atlassian. User account information, such as names, email addresses and hashed passwords, mig have been stolen, as well as chat room metadata.
Attacks are Preventable
Despite the prevalence of cyber attacks, Check Point data suggests that 99 percent of enterprises are not effectively protected. However, attacks are preventable. The key to cyber defense is an end-to-end cyber security architecture that is multilayered and spans all networks, mobile, and cloud. With the right architecture, you can consolidate management of multiple security layers, control policy through a single pane of glass. This lets you correlate events across all network environments, cloud services and mobile infrastructures.
In addition to architecture, Check Point recommends these key measures to prevent cyber attacks:
- Apply up-to-date security patches across all systems and software
- Segment your network
- Review security products policies and continuously monitor incident logs and alerts
- Conduct routine audits and penetration testing
- Keep user privileges to a minimum