When you hear a news report about a major security breach, do you ever wonder how it happened? Or if a cyberattack like that could happen to you?
Shockingly, many attacks could be prevented by something as simple as installing a security patch. However, by studying the costly mistakes of others, you can discover better cybersecurity defenses.
For over 25 years, WEBIT Services has built effective cybersecurity procedures for hundreds of clients. It is passionate about using strategy and education to protect its clients.
By the end of this article, you will learn about five recent major cyberattacks, their effects, the vulnerabilities exploited, and security practices to prevent similar attacks.
1. NotPetya and Maersk
In 2017, a Russian hacker group called Sandworm designed a cyberweapon they dubbed "NotPetya." This ransomware attack was designed to spread and inflict maximum damage as quickly as possible.
Once activated, NotPetya spread indiscriminately across the globe. Maersk, a worldwide shipping leader, was one of many random international victims.
How was Maersk infected?
NotPetya exploited a vulnerability in M.E.Doc software, using it to infect users. For example, if someone installed M.E.Doc on their device, NotPetya would infect that device and any other devices connected to the same network.
The company that designed M.E.Doc had not updated its servers for at least four years. As a result, there were no security patches, leaving several holes ripe for cyber exploitation.
When a single Maersk employee installed M.E.Doc, the NotPetya ransomware spread throughout the company, rendering systems useless. Once Maersk employees received messages demanding payment, the damage was done.
The vicious attack shut down every international Maersk operation.
Resolving Maersk's NotPetya infection
Maersk staff set up a recovering station in its London office. They worked tirelessly to rebuild the network only to realize that there were no clean backups.
Unfortunately, no one foresaw the possibility of all backups and devices being infected and shut down. They had planned for isolated events but not an internationally downed system.
Luckily, they discovered a single, uninfected backup device. At the time of the attack, a Maersk office in Ghana experienced a blackout and was taken offline. This disconnection isolated and saved the lonely backup.
Maersk flew the device to London and rebuilt its system.
NotPetya's side effects
NotPetya is estimated to have cost roughly $10 billion in damages internationally.
Maersk is estimated to have lost between $250-$300 million due to the NotPetya infection and subsequent shutdown.
Lessons from NotPetya's attack on Maersk
Several different elements affected the attack and resolution of Maersk's NotPetya infection.
1. If possible, have a backup on a separate server or network to prevent infection from spreading.
A single, disconnected device saved Maersk's system and company.
2. Apply security patches and system updates within 30 days.
If the M.E.Doc software company had updated and patched its servers, NotPetya would not have spread.
3. Have an incident response plan that addresses every possible (if unlikely) scenario.
Maersk had an incident response plan that accounted for isolated attacks but not an infection that took out every company system.
2. WannaCry ransomware attacks
WannaCry took the world by storm in 2017. Like NotPetya, WannaCry was indiscriminate ransomware. It took advantage of a vulnerability in the Microsoft Windows operating system and attacked any Windows user it could reach.
Like all ransomware attacks, WannaCry encrypted devices, making them unusable. Victims received messages demanding bitcoin payments or their files would be deleted in three days.
Unfortunately, WannaCry's faulty coding could not track which computers were infected or who made payments, so it's unclear if anyone who paid got their files back.
How WannaCry infected victims
When Microsoft discovered the security vulnerability, it quickly released a security patch two months before the WannaCry attacks.
However, thousands of Windows users failed to install the patch and were infected.
WannaCry's side effects
It's estimated that WannaCry infected roughly 230,000 computers, costing $4 billion in losses globally.
Unfortunately, the list of victims included thousands of NHS hospitals within the United Kingdom. Experts estimate £92 million in damages for NHS hospitals alone.
Lessons from WannaCry
1. Ransomware attacks are often random
The creators of WannaCry did not target specific businesses. Instead, they exploited a vulnerability in an operating system. As a result, they attacked anyone with that vulnerability.
2. Install security patches and system updates.
When Microsoft learned of the vulnerability, it corrected it through a security patch. Users who installed the patch were not infected.
3. Sony Pictures Hack
In November 2014, a hacker group called the "Guardians of Peace" leaked confidential data from Sony Pictures. The leaked data included:
- Emails between employees
- Upcoming film plans and scripts
- Copies of unreleased films
- Salary information
- Personal information about employees and families
- Roughly 47,000 unique social security numbers.
Experts determined that the group had spent at least two months hiding in Sony's system copying files. However, the group claimed it had been within Sony's systems for a year. This claim has not been verified.
How the Guardians of Peace hacked Sony
The Guardians of Peace gained access through phishing campaigns. They sent emails to Sony employees that looked like internal emails. Employees opened malware-infected attachments thinking they were receiving files from a colleague.
Once the malware was activated, the cybercriminals could steal login credentials. This information allowed them free rein to access, take, and publicize Sony's confidential information.
Effects of the Sony Pictures Hack
Sony claimed it suffered roughly $35 million in damages from the cyberattack.
Sony also found itself involved in multiple lawsuits from employees regarding their stolen information and Social Security numbers. In response, Sony paid for two years of data protection for affected employees.
The Guardians of Peace were particularly interested in Sony's unreleased comedy The Interview. They threatened terrorist attacks if the film played in theaters. Initially, Sony was set to pull the film but later gave it a limited release in theaters.
Lessons from the Sony Pictures Hack
1. Cybersecurity training to recognize phishing and social engineering.
Phishing emails and social engineering remain the cause behind most security breaches. As a result, employees must know how to recognize and report suspicious messages.
2. Use multi-factor authentication to help protect systems.
If a cybercriminal steals your login credentials, they cannot enter the system or program unless they also have the authentication code.
4. The 2013 Target Data Breach
In November 2013, Target discovered cybercriminals in its system. The hackers stole data from 40 million credit and debit cards, affecting roughly 70 million customers.
Initially, Target had no idea how the breach occurred, but it alerted customers that their information may have been compromised.
How Target was infiltrated
Eventually, experts learned how cybercriminals got inside Target's system.
A third-party vendor clicked a phishing link, and a Trojan Horse virus infected its computer. The virus stole the vendor's login credentials for the Target system.
Once inside the Target system, cybercriminals began harvesting card data.
This suspicious activity triggered alerts within Target's security system. However, the program could not delete the virus because its automated malware deletion feature was turned off.
The Target security team had turned off the automated feature because it preferred manually reviewing security events. Unfortunately, this delay allowed the criminals to continue harvesting data and selling it on the black market.
The effects of the Target Data Breach
The breach alone is estimated to have cost Target $291 million. In addition, roughly 90 lawsuits were filed, and Target paid an $18.5 million settlement.
Target's holiday sales dropped by 46% due to the breach.
Lessons from the Target Data Breach
1. Follow compliance and security measures, especially when dealing with credit card data.
The attack occurred because a third-party vendor and Target failed to follow security procedures and compliance standards, particularly important when credit cards are involved.
2. Protect systems with multi-factor authentication
Even if a criminal has your login credentials, they cannot access systems or accounts without the unique multi-factor authentication.
5. Baltimore City Systems Ransomware Attack
In 2019, Baltimore city systems were hit with a ransomware attack. As a result, city servers were unusable and shut down.
The city's bureaucratic functions had to resort to a manual system, which took two weeks to create.
During the downtime, several events or functions were canceled or severely delayed. This included:
- City council meetings were shut down
- Hearings were canceled
- People were unable to pay city bills, including water bills
- The city websites were knocked out.
- People could pay for anything online or use credit cards; all payments had to be submitted in person.
- Citizens could not pay for tickets or submit applications.
- Real estate sales halted because deeds could not be created or submitted.
- Baltimore city government emails were offline.
How Baltimore's infrastructure was infiltrated
It's believed that Baltimore's infrastructure was infiltrated due to out-of-date software and hardware.
The city's IT team alerted leadership that the technology was outdated and no longer supported updates. Unfortunately, this leaves a hole in the security system and creates easier access for cybercriminals.
However, the technology was not replaced, and shortly afterward, Baltimore suffered ransomware attacks.
The effects of the ransomware attack on Baltimore
It's estimated that this ransomware attack cost the city $18.2 million.
The city continues to recover from the attack three years later.
Lessons from Baltimore's ransomware attack
1. Update systems and replace End-of-Life hardware and software.
Once hardware or software reaches End-of-Life status, it is no longer supported by the manufacturer and will not receive security updates. As a result, old technology with security holes is a natural target for cybercriminals.
Next steps for protecting your business from cyberattacks
Examining each of these attacks shows the importance of quality security practices. To avoid similar attacks, users should:
- Have a backup on a separate, secure network, if possible.
- Have a thorough incident response plan.
- Be aware that cyberattacks are more often random than targeted.
- Promptly apply updates and security patches.
- Employ security training to keep employees educated.
- Utilize multi-factor authentication.
- Follow compliance and security standards.
- Replace End-of-Life technology.
Speak with your IT provider or internal IT team about your current security practices and risk analysis. For example, do you have an incident response plan for IT downtime? Are you following a security framework?
If your IT provider does not have answers to these questions or will not discuss them, it may be time to reevaluate your IT partnership. Security should be a top priority.
When was your last risk assessment? Risk assessments should be performed every quarter or after a significant organizational change. Now might be the perfect time to request it if you've not had one.
WEBIT Services is passionate about helping clients reach their cybersecurity goals. We believe education and knowledge are the first steps in building effective cybersecurity practices.
If you're looking for a new IT provider, schedule a 30-minute consultation to see if WEBIT Services can help.
If you're not ready to talk to our team of experts but would like to learn more about cyberattacks and cybersecurity, we recommend the following articles:
- 5 factors that changed cybercrime
- Would you pay the ransom? | Understanding ransomware attacks
- Cyber extortion vs. ransomware: What's the difference?
- How at risk am I? | A cybersecurity self-assessment