Cybercrime - no longer a virtual reality
Almost every business uses computers, software and is connected to the internet, the three components needed for a modern day Trojan horse to compromise your operations
The Greeks had not managed to get inside the walls of Troy after a siege, the plan was to create a horse statue to conceal soldiers and convince the Trojans that the Greeks had left and left the horse as a gift.
The horse was taken inside the city to show the citizens the siege was over. At night the hidden soldiers left the horse and opened the city gates to allow the Greeks to enter and attack.
The Darkside Group recently effectively shut fuel supplies to the East Coast of the US as a result of a hack on the company that managed the pipeline. The Colonial Pipeline hack was a major one but one of many that take place every day and the trend is likely to continue thanks to how little most businesses understand about cybercrime and the reticence to spend time and money to protect themselves.
Setting the trap
In the same way most cybercrimes begin with an email with a link or an attachment that the unsuspecting recipient believes is something else.
Often the person that triggers the Trojan horse would not know they did something that exposed the business to harm.
The hackers may first take time to see how much they could hold the company to ransom for and quietly begin looking for all their business files. Once those files have been copied, the soldiers are released from the horse and the hackers will encrypt the companies files and see a message to say they have been hacked.
The trap is sprung
The hackers intention is to get money, they demand a ransom to supply the key to unlock the company files. The ransom is typically in cryptocurrency. A time limit is given. Miss the deadline and the ransom goes up and the sensitive company files might be released to others on the dark web.
If the company holds personal information from clients they might not survive the consequence of the leak, if the information relates to materials used to run the business, it may be the end of their operations.
Setting the ransom to be high enough to justify the efforts for the hackers needs to be offset to ensure it is low enough that paying the ransom is better than not paying or even notifying authorities.
There are now even companies that help with negotiations with hackers to try lower the ransom and recover from the attack.
It will make you WannaCry
One of the most widespread attacks occurred in May 2017. Rather than an email, the attack was launched using a vulnerability on the Windows operating system discovered and exploited by the US National Security Agency (NSA) which was most likely stolen from them and released by hackers. The NSA did not tell Microsoft and may have used it for their own hacking purposes.
Despite a patch having been issued by Microsoft most businesses did not implement it by the time the attack launched.
Hundreds of thousands of machines were infected which both encrypted the files on the machine and looked to find another computer to infect with a program best known as WannaCry.
Amazingly the system did a check to determine it was not being tested (as the hackers may have been locked out of their own systems while they were testing it). The program would check if it could visit a domain, if it could it would stop and not encrypt the files. By ensuring that domain was available the rapid spread was slowed.
That attack appears to have been created by hackers in North Korea who actively use hackers to raise funds for the country.
The group showed what it was capable of when Sony was hacked after producing the comedy movie in which Kim Jung-Un is killed in an assassination plot by the US.
The BBC have a podcast called the Lazarus Heist that lists their high profile hacks over the years.
The Colonial Pipeline attack was by a Russian based group called Darkside. Their targets are typically companies with money and questionable security. The attack was successful in that they were able to encrypt the companies payment information systems. It did not affect the actual pipelines but having lost the means to bill for the fuel movement they shut the pipeline down offering to ship fuel by truck instead.
The problem was that Darkside would typically not want to target such a significant business as it would attract a major response from US authorities.
The crazy thing is that Darkside offered a franchise service of sorts allowing others to find vulnerable targets using their tools for a cut of the proceeds, a partner appears to have executed this attack.
The ransom was $5 million which the company paid, but still took days to restore. That delay further added to the actions by authorities who have forced Darkside to stop operations and remove their access to the servers and even the bitcoin wallets they were using.
It maintained a website on the dark web to allow companies, media and other hackers to get in touch about their operations and to detail which companies they have hacked.
It might be the end for Darkside but there will be many more considering that ransom payments in 2020 alone amounted to $370 million.
With that kind of revenue, many regular programmers and even isolated countries will look to see if they can cash in on the money to be made for businesses that don’t invest nor understand the risks that the rise in cybercrime presents.
South Africa appears to be a good target in having a good mix of fair sized businesses with less than ideal protection. We have seen how much damage can be done with state capture, this is the smaller scale version that could affect many more companies. The costs to secure your networks will not be a welcome one, but if the most common ransom was R150 000 with the average being over R6 million with many not even getting their data back, then even a high cost can be a bargain if it allows you to avoid the crisis of being locked out of your own company.
While this bad news for mid-sized businesses already weary of how much they need to spend just to operate, it would be a good time for cybersecurity firms to see their shares increase.
A final twist in the tale is that insurance companies have added cybersecurity cover to pay for the damage of a hack including covering the ransom. The insurer AXA opted to drop that part of the insurance recently for policies in France. Just days later they too were hacked with a ransomware attack.
Protecting your business from regular attacks is not as complicated as finding a way to ensure staff don’t do what the Trojans did all those years ago and let the Greek horse into the city.
Source : https://pixabay.com/illustrations/hacker-hacking-cyber-security-hack-1944688/