.png)
.png)
.png)
When you hear a news report about a major security breach, do you ever wonder how it happened? Or if a cyberattack like that could happen to you?Shockingly, many attacks could be prevented by something as simple as installing a security patch. However, by studying the costly mistakes of others, you can discover better cybersecurity defenses.For over 25 years, WEBIT Services has built effective cybersecurity procedures for hundreds of clients. It is passionate about using strategy and education to protect its clients.By the end of this article, you will learn about five recent major cyberattacks, their effects, the vulnerabilities exploited, and security practices to prevent similar attacks.
In 2017, a Russian hacker group called Sandworm designed a cyberweapon they dubbed "NotPetya." This ransomware attack was designed to spread and inflict maximum damage as quickly as possible.Once activated, NotPetya spread indiscriminately across the globe. Maersk, a worldwide shipping leader, was one of many random international victims.
NotPetya exploited a vulnerability in M.E.Doc software, using it to infect users. For example, if someone installed M.E.Doc on their device, NotPetya would infect that device and any other devices connected to the same network.The company that designed M.E.Doc had not updated its servers for at least four years. As a result, there were no security patches, leaving several holes ripe for cyber exploitation.When a single Maersk employee installed M.E.Doc, the NotPetya ransomware spread throughout the company, rendering systems useless. Once Maersk employees received messages demanding payment, the damage was done.The vicious attack shut down every international Maersk operation.
Maersk staff set up a recovering station in its London office. They worked tirelessly to rebuild the network only to realize that there were no clean backups.Unfortunately, no one foresaw the possibility of all backups and devices being infected and shut down. They had planned for isolated events but not an internationally downed system.Luckily, they discovered a single, uninfected backup device. At the time of the attack, a Maersk office in Ghana experienced a blackout and was taken offline. This disconnection isolated and saved the lonely backup. Maersk flew the device to London and rebuilt its system.
NotPetya is estimated to have cost roughly $10 billion in damages internationally.Maersk is estimated to have lost between $250-$300 million due to the NotPetya infection and subsequent shutdown.
Several different elements affected the attack and resolution of Maersk's NotPetya infection.
A single, disconnected device saved Maersk's system and company.
If the M.E.Doc software company had updated and patched its servers, NotPetya would not have spread.
Maersk had an incident response plan that accounted for isolated attacks but not an infection that took out every company system.
WannaCry took the world by storm in 2017. Like NotPetya, WannaCry was indiscriminate ransomware. It took advantage of a vulnerability in the Microsoft Windows operating system and attacked any Windows user it could reach.Like all ransomware attacks, WannaCry encrypted devices, making them unusable. Victims received messages demanding bitcoin payments or their files would be deleted in three days.Unfortunately, WannaCry's faulty coding could not track which computers were infected or who made payments, so it's unclear if anyone who paid got their files back.
When Microsoft discovered the security vulnerability, it quickly released a security patch two months before the WannaCry attacks.However, thousands of Windows users failed to install the patch and were infected.
It's estimated that WannaCry infected roughly 230,000 computers, costing $4 billion in losses globally.Unfortunately, the list of victims included thousands of NHS hospitals within the United Kingdom. Experts estimate £92 million in damages for NHS hospitals alone.
The creators of WannaCry did not target specific businesses. Instead, they exploited a vulnerability in an operating system. As a result, they attacked anyone with that vulnerability.
When Microsoft learned of the vulnerability, it corrected it through a security patch. Users who installed the patch were not infected.
In November 2014, a hacker group called the "Guardians of Peace" leaked confidential data from Sony Pictures. The leaked data included:
Experts determined that the group had spent at least two months hiding in Sony's system copying files. However, the group claimed it had been within Sony's systems for a year. This claim has not been verified.
The Guardians of Peace gained access through phishing campaigns. They sent emails to Sony employees that looked like internal emails. Employees opened malware-infected attachments thinking they were receiving files from a colleague.Once the malware was activated, the cybercriminals could steal login credentials. This information allowed them free rein to access, take, and publicize Sony's confidential information.
Sony claimed it suffered roughly $35 million in damages from the cyberattack. Sony also found itself involved in multiple lawsuits from employees regarding their stolen information and Social Security numbers. In response, Sony paid for two years of data protection for affected employees.The Guardians of Peace were particularly interested in Sony's unreleased comedy The Interview. They threatened terrorist attacks if the film played in theaters. Initially, Sony was set to pull the film but later gave it a limited release in theaters.
Phishing emails and social engineering remain the cause behind most security breaches. As a result, employees must know how to recognize and report suspicious messages.
If a cybercriminal steals your login credentials, they cannot enter the system or program unless they also have the authentication code.
In November 2013, Target discovered cybercriminals in its system. The hackers stole data from 40 million credit and debit cards, affecting roughly 70 million customers.Initially, Target had no idea how the breach occurred, but it alerted customers that their information may have been compromised.
Eventually, experts learned how cybercriminals got inside Target's system.A third-party vendor clicked a phishing link, and a Trojan Horse virus infected its computer. The virus stole the vendor's login credentials for the Target system. Once inside the Target system, cybercriminals began harvesting card data.This suspicious activity triggered alerts within Target's security system. However, the program could not delete the virus because its automated malware deletion feature was turned off.The Target security team had turned off the automated feature because it preferred manually reviewing security events. Unfortunately, this delay allowed the criminals to continue harvesting data and selling it on the black market.
The breach alone is estimated to have cost Target $291 million. In addition, roughly 90 lawsuits were filed, and Target paid an $18.5 million settlement.Target's holiday sales dropped by 46% due to the breach.
The attack occurred because a third-party vendor and Target failed to follow security procedures and compliance standards, particularly important when credit cards are involved.
Even if a criminal has your login credentials, they cannot access systems or accounts without the unique multi-factor authentication.
In 2019, Baltimore city systems were hit with a ransomware attack. As a result, city servers were unusable and shut down.The city's bureaucratic functions had to resort to a manual system, which took two weeks to create.During the downtime, several events or functions were canceled or severely delayed. This included:
It's believed that Baltimore's infrastructure was infiltrated due to out-of-date software and hardware.The city's IT team alerted leadership that the technology was outdated and no longer supported updates. Unfortunately, this leaves a hole in the security system and creates easier access for cybercriminals.However, the technology was not replaced, and shortly afterward, Baltimore suffered ransomware attacks.
It's estimated that this ransomware attack cost the city $18.2 million. The city continues to recover from the attack three years later.
Once hardware or software reaches End-of-Life status, it is no longer supported by the manufacturer and will not receive security updates. As a result, old technology with security holes is a natural target for cybercriminals.
Examining each of these attacks shows the importance of quality security practices. To avoid similar attacks, users should:
Speak with your IT provider or internal IT team about your current security practices and risk analysis. For example, do you have an incident response plan for IT downtime? Are you following a security framework?If your IT provider does not have answers to these questions or will not discuss them, it may be time to reevaluate your IT partnership. Security should be a top priority.When was your last risk assessment? Risk assessments should be performed every quarter or after a significant organizational change. Now might be the perfect time to request it if you've not had one.WEBIT Services is passionate about helping clients reach their cybersecurity goals. We believe education and knowledge are the first steps in building effective cybersecurity practices.If you're looking for a new IT provider, schedule a 30-minute consultation to see if WEBIT Services can help.If you're not ready to talk to our team of experts but would like to learn more about cyberattacks and cybersecurity, we recommend the following articles:
.svg)
