What is a cyber attack? Recent examples show disturbing trends

From virtual bank heists to semi-open attacks from nation-states, the last couple of years has been rough on IT security. Here are some of the major recent cyber attacks and what we can learn from them.

1 2 Page 2
Page 2 of 2

The massive credit rating agency announced in July of 2017 that "criminals exploited a U.S. website application vulnerability to gain access to certain files," getting personal information for nearly 150 million people. The subsequent fallout enraged people further, especially when the site Equifax set up where people could see if their information had been compromised seemed primarily designed to sell Equifax services.

Ed Szofer, CEO of SenecaGlobal, says the Equifax breach is particularly bad "because they had already been told about the fix — it needed to be implemented in a tool called Apache Struts that they use — well before the breach even happened.  And yet they failed to do so fully in a timely manner. To prevent such breaches from happening requires a shift in culture and resources; this was not a technical issue, as the technical fix was already known. Equifax certainly had the resources, but it clearly did not have the right culture to ensure the right processes were in place and followed."

Yahoo (revised)

This massive hack of Yahoo's email system gets an honorable mention because it actually happened way back in 2013 — but the severity of it, with all 3 billion Yahoo email addresses affected, only became clear in October 2017. Stolen information included passwords and backup email addresses, encrypted using outdated, easy-to-crack techniques, which is the sort of information attackers can use to breach other accounts. In addition to the effect on the account owners, the breach could spawn a revisiting of the deal by which Verizon bought Yahoo, even though that deal had already closed.

The truly scary thing about this breach is that the culture of secrecy that kept it under wraps means that there's more like it out there. "No one is excited to share a breach, for obvious PR reasons," says Mitch Lieberman, director of research at G2 Crowd. "But the truth eventually comes out. What else do we not know?"

GitHub

On February 28, 2018, the version control hosting service GitHub was hit with a massive denial of service attack, with 1.35 TB per second of traffic hitting the popular site. Although GitHub was only knocked offline intermittently and managed to beat the attack back entirely after less than 20 minutes, the sheer scale of the assault was worrying; it outpaced the huge attack on Dyn in late 2016, which peaked at 1.2 TB per second.

More troubling still was the infrastructure that drove the attack. While the Dyn attack was the product of the Mirai botnet, which required malware to infest thousands of IoT devices, the GitHub attack exploited servers running the Memcached memory caching system, which can return very large chunks of data in response to simple requests.

Memcached is meant to be used only on protected servers running on internal networks, and generally has little by way of security to prevent malicious attackers from spoofing IP addresses and sending huge amounts of data at unsuspecting victims. Unfortunately, thousands of Memcached servers are sitting on the open internet, and there has been a huge upsurge in their use in DDoS attacks. Saying that the servers are "hijacked" is barely fair, as they'll cheerfully send packets wherever they're told without asking questions.

Just days after the GitHub attack, another Memecached-based DDoS assault slammed into an unnamed U.S. service provider with 1.7 TB per second of data.

Cyber attack statistics

If you want to understand just what's going on in the murky world of cybercrime, diving into the numbers can give you a real sense of what's going on out there. For instance, we've grown rather numb to constant tales of breaches of personally identifying information, but in the aggregate the amounts are truly staggering: in the first half of 2019 alone, 4.1 billion records were exposed.

Verizon, which issues a detailed report on data breaches every year, helped break down who the victims and perpetrators were in 2019. By their estimation, a full 34 percent of breaches were inside jobs, 39 percent were perpetrated by organized crime, and 23 percent by state actors. And when it came to the victims, by far the biggest category were small businesses, who bore the brunt of 43 percent of attacks.

The costs are staggering as well. Ransomware alone cost $8 billion dollars in 2018; interestingly, only $1 billion of that consists of ransom payments, while the rest takes the form of lost revenue and damages to company reputation from downtime. Other types of cybercrimes also take their toll. Radware estimated that a cyberattack on a large enterprise would end up costing $1.7 million in 2019.  For small businesses the cost is lower — just $86,000 — but that can still be devastating to a company without much by way of reserves.

Cyber attack maps

It can take a lot of effort to comb through all those numbers (and really, we're just scratching the surface and providing a few nuggets here—by all means follow the links for more details). So you can see the why someone might prefer all that info presented in an easy-to-grasp visual medium like a cyber attack map. These futuristic displays show what attacks are emerging from what countries and focusing on what targets, and give the impression of offering a bird's-eye view of the current internet threat landscape.

The problem is that an impression is all they really have to offer. Most of the data they display isn't live, and it certainly isn't comprehensive. But they can be useful in starting conversations about security, getting students interested in cyber security, and serving as sales tools for cyber security tool companies. (Many security experts dismissively refer to them as "pew pew" maps.)

Cyber attack prevention

Looking for tips on how to prevent falling prey to cyber attacks like these? CSO has you covered:

This story, "What is a cyber attack? Recent examples show disturbing trends" was originally published by CSO.

1 2 Page 2
Page 2 of 2