Let us consider the top two attacks in 2017, Equifax and WannaCry, and explore how the attacks could have been avoided and the top takeaways a business needs to follow to mitigate future risks. Both of these incidents could have been prevented with good cyber-hygiene and by following basic IT security standards.
Impact: $439 Million cost and 147.9 million customers compromised.
Equifax is one of the top 3 credit reporting agencies, and because of the sensitive data they handle (i.e., social security numbers, credit cards, and other personal identifiable information), they are a treasure trove of personal financial data for cybercriminals. The hackers discovered a vulnerability in Equifax’s usage of an open-source framework called Apache Struts for its online web app and exploited it. Consequently, the attackers entered through this back door to gain entry to Equifax’s customer information.
How the Incident could have been Avoided
While the breach occurred in May 2017 through a vulnerability, there were available sets of code that Apache fixed and by leaving their system unpatched led to the breach that otherwise could have been averted. However, it should be noted that this may be a case of delay in patching (a set of codes and changes that can be applied to a computer program to update or improve it) rather than outright negligence. Equifax confirmed the Apache Struts vulnerability, but they did not take countermeasures in an appropriate amount of time. This highlights the importance of a layered approach to managing vulnerability (identifies, classifies, remediate, and mitigate vulnerabilities) and patch management (a set of system managements that involves testing, and installing multiple patches). Equifax would have benefited from software distribution and patch management simultaneously. In both cases, companies should research software to do vulnerability scans, risk prioritization, and auditable patch management.
1. Necessary precautions need to be taken to ensure that not only has a company formed a stronger business relationship with its partners, but they are working and requiring their partners to be reputable and qualified. WhiteHawk provides products like the Vulnerability Manager Assessment by Flexera, which impowers IT security and Operations with intelligence to continuously track, identify, and remediate vulnerable applications—before exploitation leads to costly breaches.
2. Patch systems regularly and exercise vigilance regarding easy access points. WhiteHawk offers products like SolarWinds, SCCM, Intune, or Airwatch to address software vulnerabilities and help getting a management system that can monitor patches.
3. Think about cyber-hygiene in terms of layers. Put in place enough security layers to adequately defend and deter cybercriminals from thinking a business is an easy target. Read more about this issue and the top cybercrime trends and how to improve your Cyber Hygiene.
Impact: $4 billion (estimate) and it affected more than 200,000 computers in 150 countries.
WannaCry is a type of ransomware (a type of software that is designed to block the ability to access a computer system until money is paid to unlock the data) that occurred in 2017 and is classified as a cryptoworm. Hackers (the US and the UK suggest North Korea backed the attack) used a computer exploit called EnternalBlue, which was developed by the National Security Agency (NSA) and subsequently leaked online by a hacker group known as ShadowBrokers. After that, WannaCry hackers discovered a vulnerability in Microsoft Windows operating system and spread the virus. Data was then encrypted, and systems locked down until a ransom was paid in the form of bitcoin or some untraceable crypto-currency.
How the Incident could have been Avoided
The hackers were counting on organizations not patching their systems or being too slow to apply security patches in time. Many organizations, like the National Health System (NHS) for England, were using outdated Windows XP operating systems. The fact is, no organization should have suffered from the attack if the necessary patches (software updates) that Microsoft released were installed in the first place.
Foundational IT security practices are the easiest way to prevent or mitigate the impacts of a cyber attack.
1. All users need to exercise a healthy dose of skepticism when receiving emails from unknown users or unusual requests and especially those that contain suspicious links or attachments. As pointed out in the article about Cybercrime Trends for 2018, a good practice to avoid opening malicious links is hovering over the link in an email before clicking it. Hovering over a link will display its true URL, and then the user can decide if it’s safe to visit or report it.
2. Ensure computers are running the latest versions of a supported operating system and that updates are being done through a trusted site/operation. Users should avoid just clicking the “remind me tomorrow” option regarding updates.
3. Ensure that a data backup system is in place (removable hard drive or reputable cloud service) and being tested for effectiveness. This will allow data to be retrieved in the case of a ransomware attack and the threat to pay can be ignored. Read the recommended article to understand how to Protect Your Business from the Next Ransomware Attack.
4. Lastly, have a database, network (i.e., Nessus, SAINT, OpenVAS), and web application security (i.e., Nikto, Qualys, Sucuri, Burp Suite) vulnerability scanning systems in place to identify risk reports and someone to review and report them to the appropriate parties in a company. A vulnerability scanning system is a software application that inspects the potential points of exploit on a computer or network to identify security holes. In the case of WannaCry, the hackers attacked a weakness in an operating system that was already recognized by Microsoft.