Cyber Attacks in the age of the Panama Papers
Cyber Attacks in the age of the Panama Papers
Not since WikiLeaks, has there been such a large information breach of this magnitude. According to ICIJ, over 140 politicians and public officials have been revealed as having offshore holdings, more than 214,000 organizations have been identified, along with many billions’ worth of transactions. The Law Firm Mossack Fonseca has claimed they are victims of a hack from servers abroad. The firm lost 2.6TB of data, and didn’t even notice. The mainstream media has focused on high profile politicians, companies, and criminals, but hardly anyone is talking about the actual law that was broken: the cyber attack. Now we can discuss the ethics of hiding tax dollars offshore, or the ethics of criminals hiding their ill-gotten gains, or how shadow government agencies and actors finance wars, but the topic is information security. Information security is a necessary expense. Just ask the politicians stepping down or being asked to resign.
So what does my company need to worry about concerning information security? What do I as an individual, need to do for my personal information security? You need to go beyond the traditional paradigm of information security:
- Security and Vulnerability Management
- Identity and Access Management
- Endpoint Security
- Network Security
- Web Security
Top Ten Cyber Attacks for 2016
- Cloud Computing
Cloud Computing has been described as the IT nightmare and the hackers dream. With cloud computing you are basically slamming computer environments together with different entities and security protocols. That can give the hacker flexibility once they access the cloud. In addition, Cloud Computing is taking over the file storage space. Apple, Google, and Amazon all have their own flavor of online file storage. Other companies like Box, DropBox, and Carbonite contain company and personal information. The problem is privacy. Who has access to this data? Who else can get access to tax, photos, bank and credit card files in the cloud?
Of course, cloud computing experts say cloud computing is NOT the hackers dream, and that is just a myth. If firms do not properly plan to secure the cloud computing environment, myths have a way of becoming true. If properly planned, the cloud environment may be more secure than ever before. So the next time a celebrity nude photo appears, remember where that data is stored.
2. Critical Infrastructure
The U.S. government has seen a rise in cyber attacks on critical infrastructure, mainly industrial control systems for utilities like: water, electricity, oil and gas. The very first critical infrastructure attack recently happened in the Ukraine. Information security professionals are investigating the situation because of the worldwide ramifications. The Ukraine Utility Cyberattack left roughly 700,000 people without power for several hours. Remember that 2007 Bruce Willis movie ‘Live Free or Die hard’? You get the picture.
3. Mobile Devices
Mobile devices are a new way for hackers to access the network and the cloud. Many mobile apps are basically websites running an application hosted somewhere. In addition, the data on the mobile phone itself can be hacked. There is a product called femtocell which is basically a mini cell tower. Hackers have figured out they can convert this device into a mini cell tower. Femtocell sell for roughly $300, but Verizon said it has since fixed the problem with patches to all their products. But this is just the tip of the ice berg. This can happen to all wireless carriers. It is estimated that the same hackers that use the ATM scanners will start using mini cell towers. Imagine one of these guys sitting next to a CEO capturing all incoming and outgoing transmissions from their cell phone while sitting in the airport. I could happen.
4. Automobile Hacking
This may seem like something out of a science fiction movie, but it is really a big problem. There are 9 hackable cars on the market according to Cyber Security Experts, Charlie Miller of Twitter, and Chris Valasek of IOActive. The first car hacks started with the same diagnostic ports mechanics use to analyze car maintenance and performance, but now that cars have their own Wi-Fi- and Bluetooth systems, all bets are off. Hackers can do everything from listening in on phone calls, tampering with steering controls, cruise control, braking systems, and engine controls.
9 Hackable Cars:
- 2014 Jeep Cherokee
- 2015 Cadillac Escalade
- 2014 Infiniti Q50
- 2014 Toyota Prius
- 2010 Toyota Prius
- 2014 Ford Fusion
- 2014 BMW X3
- 2014 Chrysler 300
- 2014 Range Rover Evoque
5. EMV Chip Credit Cards
You know those new credit cards with the new security chips on them? All the banks are starting to implement such cards. I got mine a couple years ago. Apparently the chip carries your personal banking history and bank account information. Despite all the security hype around chipped cards, they have been hacked before and a newer threat is on the rise. Before they used what was called the “Man in the Middle Hack”, which the hacker intervened in the communication between the card chip and bank. The new cards have worked out that one flaw, but some hackers in Europe figured out an ingenious way to work around that. Basically, they installed their own chip to act as the “man in the middle”. Police in Belgium and France remained baffled to the card theft. The contracted scientists in France to study the chips, and they had to use an X-ray machines and microscopes to find the hacker’s chip.
6. Phishing Attacks
Phishing attacks are the ongoing hack attacks that proliferate our society, from phone calls, email spoofing, online requests, and social media websites like Facebook, Twitter, and Google+. Any attempt to gain access to personal information like usernames, passwords and credit card details is phishing. Fake contacts from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware. Hackers could create a clone of a website and tell you to enter personal information, which is then emailed to them. This is quite common. I personally had someone attempt to award me $80,000 dollars from Facebook for being a loyal participant. They started asking personal questions, but I started answering questions with a question until they deleted their fake profile. Of course, I reported to Facebook.
Malware is an umbrella term used to describe any malicious software code. It comes in many flavors: including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Malware an take the form of executables, scripts, active content, and other software. Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. The next time you download that free movie, keep that in mind.
The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware. It’s such a pain, that it deserves it’s own category. The designers of CryptoWall have stolen at least $325 million with this malicious ransomware. CryptoWall 4.0 is supposed to be even worse still. Imagine your important data saved in a database gets locked down, and the only way to get it back is to pay a ransom for the encryption key. That is what ransomware does. It encrypts your data and holds it hostage. Right now the only way to protect your company’s valuable data is to do daily backups. That is easier said than done.
9. Medical Devices
Ransomware in medical devices is a huge cyber security risk in 2016. From insulin pumps to pace makers, a hacker can put your life under their fingertips. According to the FBI, between April 2014 and June 2015, hackers extorted $18 million from American victims via extortion via personal computers. Unfortunately, individuals cannot put security protocols on medical devices. That is up to the manufacturer.
10. State-Sponsored Hacking
State-sponsored cyber attacks is a real thing. There have been so many rumors about this type of cyber warfare, including: China hacking the US, North Korea hacking Sony, the US hacking Iran and on and on. Well recently, someone shut down Ukraine’s electricity from Russia. I’m sure the execs at Sony were not pleased to have private emails posted on the Internet, but it happened. Ironically, the Guardians of Peace (GOP) demanded that Sony pull it’s film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threatened terrorist attacks at cinemas screening the film. Sony decided to pull nationwide release of the film, and eventually the movie was sent straight to video.
About Terell Jones
Our guest contributor, Terell Jones is the Managing Director, Americas for S2 Management Solutions an managed services and managed security firm in Austin, TX. He runs a blog called the @thegreenITguy.