Cyber attacks are on the rise and causing major headaches for organisations world wide. These attacks can cause organisations serious disruptions and can ruin their reputations both financially and with their customers.
In this article about cyber attacks we shall examine:
- The rise in cyber attacks
- What ransomware means and how it works
- Whether ransoms should be paid
- The cause and spread of the Petya Virus
- How small businesses are becoming increasingly targeted by cyber criminals
- Some measures that could be taken by victims to protect themselves
- The chaos and financial damage that cyber attacks cause
Why are cyber attacks on the rise?
A cyber attack can wipe out a computer system causing devastating damage to businesses, governments and other large organisations. With the growing use of technology and the amount of data that organisations and individuals use, it is not surprising. Cyber attacks are evolving daily, with news of new attacks on global corporations continuously being reported. Criminals can make a lot of money through fraud and identity theft, competitors steal ideas and strategies or disrupt businesses to give themselves an advantage, and “hacktivists” break past on-line firewalls to make their political opinions heard.
Ransomware is the latest form of cyber attack
Just recently, a major cyber attack was launched on companies in the US, Europe and the Middle East that caused chaos for employees and customers worldwide. It is the second global ransomware attack to be launched in the last two months, this one has been named “Petya”. The attack caused computers to shut their users out and displayed a ransom note demanding 300 dollars (235 pounds sterling). Many organisations worldwide were attacked including the Ukrainian National Bank, British advertising firm WPP and logistics company Maersk. At least one hospital in Pittsburgh is reported to have been caught up in the chaos.
What is ransomware and how does it work?
Ransomware works in a similar way to a computer virus or a worm, gaining access to a computer in a number of different ways. It can enter a system either by getting the user to open an infected email, by installing an infected program or through navigation to a polluted website. When a computer is infected the virus can operate in several different ways. A common way is to assault users with a series of adverts, indecent images or phony warnings until a ransom is paid to have them removed.
Another way in which the attack can work is by locking users out of one or more parts of their computers until they pay the ransom. It occasionally does this by issuing a fake warning from a police force or government agency. The other way that the virus operates is to remove important files from the host computer, encrypt them and threaten the user with deletion unless the ransom is paid. The cost of the ransom can vary greatly from tens, to hundreds of pounds and a time limit is usually given to the victims. In order to make the ransoms difficult to trace for law enforcement agencies, they are usually paid in Bitcoin.
Does paying the ransom restore the damage?
Experts do not encourage victims to pay ransoms as it encourages cyber criminals to use this type of criminal activity to gain easy money. Even when ransoms are paid there is no guarantee that the criminals will restore the computer files. In the past, after paying ransoms, victims have reported that financial information accessed by criminals from their computers had been used against them to demand extra payments.
How does the Petya ransomware work?
The latest attack resembles the Petya virus that was first seen last year, but strictly speaking there are many differences that have led Russian cybersecurity specialists to rename it “NotPetya”. This form of ransomware locks a computer’s hard drive in addition to locking files. This kind of virus has a devastating effect on computers, making it very difficult to restore information and leaving them very vulnerable to theft of sensitive information. The ransomware spreads itself by using the Eternal Blue vulnerability in Microsoft Windows, or through other Microsoft tools. It tries one option and if it doesn’t succeed, it tries another.
Is there any protection against this new cyber attack?
Antivirus companies have updated their software and claim that they can identify and stop the infection. Microsoft have released a patch that defends users from Eternal Blue vulnerability which can be downloaded, and by keeping Windows updated you should be protected from future attacks. A vaccine for the virus can be created by installing a single read only file named – perfc – and placing it in a “C:/Windows” folder. Instructions on how to do this have been posted on the Bleeping Computer website. Although the user’s computer will be protected it can still spread the virus through the network, the kill switch has not been found that would stop the spread of the attack.
Where did it originate and how far has it spread?
According to Ukrainian cyber police the virus seems to have taken hold via a software update mechanism built into an accounting program that is used by companies that work with the Ukrainian government. Many Ukrainian organisations were affected. including the metro system, the airport, government banks and state power utilities. At Chernobyl, radiation monitoring systems were taken off line resulting in employees checking radiation levels with hand held devices. A second wave of attacks was launched by sending out attachments.
Antivirus companies have updated their software and claim that they can identify and stop the Petya virus.
The attack was reported on around 2000 computers in many countries including the US, Germany, the UK and France. Both public and state run organisations reported problems, especially in the Ukraine. The spread of the virus seems to have been limited due to the fact that the virus tries to spread internally within networks as opposed to externally.
So was this just another cyber attack?
There is speculation that this latest attack was in fact not money orientated, but designed to cause disruption and possibly spread a political message. The low cost of the ransom payment and the email address provided, which was taken off line by the provider, has caused suspicions. The Bitcoin wallet, where some 8000 dollars worth of Bitcoin had been deposited remains untouched. All of these factors support the theory that this was a political attack on the Ukraine, as it happened just a few days before the celebrations of the country’s constitution day.
The Ukraine has previously blamed Russia for other cyber attacks that have been directed at the country. Part of the western Ukraine was temporarily left without power in 2015 due to an attack on its power grid. The Russian government denies any such attacks on the Ukraine.
So what have we learned so far?
- Cyber attacks cost businesses a lot of money and are on the increase
- Cyber criminals can earn a fortune through fraud and by stealing information
- Ransomware is a new virus that infects computers and can be stopped by paying a ransom
- It spreads itself through attachments or by visiting an infected site
- Paying the ransom can encourage cyber attacks
- A vaccine has been found for the Petya virus
- Originating in the Ukraine, the virus spread worldwide
- There is speculation that this was a politically motivated attack on the Ukraine
Small businesses are being increasingly targeted by cyber criminals
Latest research shows that British companies have reported the second largest amount of fraud and cyber attacks in the world, second only to Columbia. In 2016 a whopping 92% of small businesses confirmed that they had been a victim of a cyber attack or a loss of information. Viruses and insider theft were the highest reported crimes and ex employees were said to be the main perpetrators. Small businesses are fast becoming the favoured target for cyber criminals as they can be easy targets due to not being prepared. Hackers prey on these small businesses who often do not have the resources or the manpower to protect themselves.
New resolutions aimed at protecting customer data are about to be introduced by the EU
In an effort to protect customer data. the EU are introducing new measures aimed at protecting its citizens from fraud and other crimes associated with cyber attacks. Due to come into force in 2018, the EU’s new General Data Protection Regulation will be imposing huge fines for offenders who do not protect their computer systems. Fines for allowing security breeches resulting in the loss of company data could reach 20 million pounds or 4% of the company’s annual turnover, which ever is greater.
Small businesses can be easy targets for cyber attacks
Many small businesses consider themselves too small and unimportant to be of any interest to cyber criminals. The opposite is true, hackers are increasingly seeing small companies as a doorway into the larger companies that they may have dealings with. Larger companies, with much bigger budgets, are quite often well protected against cyber criminals, making them much harder targets to compromise.
What can businesses do to protect themselves?
Around 80% of cyber attacks can be stopped by following some simple steps. It is important for small businesses to get informed and set up these measures to improve their security for all our sake. Cyber security firms recommend using random words as passwords, installing malware and antivirus software on all company devices, making sure that this software is kept up to date by installing regular updates and educating staff on cyber security. A new government backed initiative, aimed at helping small businesses combat cyber attacks has been launched aimed at helping improve security. It is called the Cyber Essentials Scheme and is easily subscribed to.
Can cyber attacks be so damaging?
Recently, British Airways were victim to a power outage that incapacitated two of its data centres for days. This lead to chaos lasting for days as flights were postponed and customers were stranded at airports without their baggage. British Airways will have to pay out an estimated 150 million pounds in compensation to its customers for all the upsets. BA have stressed that human error caused the incident but many are not convinced and suspect that cyber criminals were involved through a hack or some kind of ransomware.
The Wannacry virus hit the world a few months ago and had a shocking global effect by hitting businesses and institutions including the UK’s NHS. Over 40 hospitals were affected by the attack which saw staff scrambling to resume A&E and ambulance services in the areas that were affected. These recent attacks have been a lesson to all and have seen organisations taking new and improved measures to protect themselves. Part of the plan has to be to have back up plans in case of these cyber disasters, whether they are from an attack or naturally occurring. By resolving issues as soon as possible and getting the business back on track the fallout can be minimised.
What conclusions can be drawn from the increasing amount of cyber attacks
It seems this growing crime phenomenon is here to stay and that everybody needs to become informed as to what precautionary measures can be taken to limit damage. Hacking is becoming so widespread and can range from a minor inconvenience to companies having to shut their doors. Many have seen their reputations ruined and have had to face financial ruin due to compensation and large fines being paid out. This is the future that we have to face and we need to learn to deal with it and protect ourselves in the best manner possible.