Cybersecurity: An Overview - Cybersecurity are measures or steps geared towards protecting
electronic devices or information stored in cyberspace (cloud storage) against
unauthorized or criminal access. Thanks to the penetration of internet and
affordability of technological gadgets, we now live in a more interconnected
world than ever before. An unintended consequence of proliferation of
technology and enhanced interconnectivity is increased risk of cyberattacks –
cybercrime, ransomware, cyber-extortion, cyberespionage, cyberbullying, and
other variants.
A United States-based Consultancy firm – Accenture, submits that ‘’cyberattacks will cost hospitals in the U.S. more than
$305 billion over the next five years and that one in 13 patients will have
their data compromised by hackers’’. It will also interest you to know that as
at September 2015, Google posited there were about 1.4
billion active Android devices worldwide. Now the bad
news is that Hackers News reports that scores of malicious Apps on Google Play Store can root and
hack about 90% of such Android devices. June 2016, French police
was hit by a cybersecurity breach
during which the personal details of 112, 000
officers (serving and retired, and their families) were uploaded to a Google
Drive storage service.
Imagine the far-reaching cybersecurity implications. To
further buttress the import of cybersecurity or lack of it, few weeks after the
account of Facebook CEO Mark Zuckerberg was hacked into, the hacking group
which goes by the moniker – OurMine owned up to hacking the social media accounts of Google CEO Sundar Pichai. Oculus boss Brendan Iribe’s twitter account, Uber’s Travis Kalanick,
Twitter’s Dick Costolo, CEO of Spotify and Amazon CTO Werner Vogels accounts
have all been hacked. Hacktivist group-
OurMine says, "we are just trying to tell everyone that nobody is
safe! Of a truth, they are not far from the truth. Nobody, organization or
critical infrastructure can boast of a foolproof defense against cybersecurity
threats. Cybersecurity experts are in agreement that it is not a matter of ‘if’
or ‘when’ your data will be hacked, but whether you'll ‘know’ when
your data has been hacked.
What is Ransomware,
Cyber-extortion?
Ransomware
is coined from the word ransom - money demanded for the return of a captured
person or something precious. In this case, ransomware is malicious software that
encrypts, or holds valuable digital information, a website ‘hostage’ until a ransom
is paid. Cyber-extortion is a form of cybercrime in which payment (ransom) is
demanded to forestall actual or threatened cyber-attack on an individual’s or
organizations electronic device, data, a website, computer network or system. Ransomware
and cyber-extortion represent a new wave of cybercrime tantamount to physical
kidnap for ransom and extortion (KRE). Difference here is that the former
entails remotely infecting a computer, mobile device, and a website, amongst
others, with a malware (virus). Trend Micro
reportedly blocked more than 66 million ransomware-related spam, malicious URLs, and
threats from January to May 2016. A ransomware cyberattack inter-alia affects business continuity, leads to
financial losses, and undermines reputation of the organization. The challenge
with ransomware is that it is stealth, works behind-the-scene. For instance a Trojan, malware like Acecard can infect an operating
system and lie low for several months, even years, before it can be detected or
starts causing havoc.
Modus Operandi of
Ransomware, Cyber-extortionists
According
to Security
Week magazine, there are three main tactics employed by
cyber-extortionists. They are: (a) the threat of a
data compromise or a distributed denial of service (DDoS), (b) threat to
release compromised data publicly in order to blackmail, extort money from the
victim and (c) infecting the target device or website with ransomware usually
via spam emails, malicious attachments, and links and demanding ransom payment
before restoring access.
The Hacker News reports that variants of Cerber Ransomware recently targeted Microsoft Office
365 email users via spam or phishing emails conveying malicious attachments
with an ability to bypass MS Office 365's built-in security tools. On the other
hand, Locky and Dridex ransomware malware employ malicious Macros to hijack
systems. Over $22 million was reportedly pilfered from UK banks with Dridex
Malware which got triggered via a nasty macro virus.
Typical file extensions employed or targeted by ransomware
include: .doc, .docx, .pdf, .xls, .xlsx, .ppt, .pptx, .jpg, .jpeg, .bmp, .tiff,
.png, .mpg, .mpeg, .avi, .3gp, .mp4, .m3u, .mp3, .wav, .zip and java extensions
among others.
Prime Targets of Ransomware, Cyber-extortion?
From
insurance firms to Financial institutions, Banks, hospitals, airlines,
airports, critical infrastructure, educational institutions, state and local
governments, law enforcement agencies, small and large businesses, individuals
and in fact anything – device that can be connected to the internet or data
stored on the Cloud, are susceptible to ransomware cyberattacks. For instance, in 2015, ‘’hackers stole the records of about 80 million customers of Anthem Inc.,
the second largest United States health insurer’’. Unlike
physically kidnapping a victim for ransom and extortion which ordinarily
entails collecting cash ransoms, the popularity of ransomware in the cybercrime
world stems from the fact that the malware can be monetized anonymously and
receipt of payment made almost untraceable using digital or cryptocurrency - Bitcoin.
Cyber Insurance and
Ransomware-as-a-service (Raas)
The proliferation of ransomware attacks birthed a new insurance
product known as cyber insurance -
an insurance product used to protect businesses and individuals against
Internet-based risks such as cyberattacks, cybercrime, hacking, amongst others.
On the flip side, cybercriminals now
also tout ‘ransomware-as-a-service’ (RaaS). This entails cybercriminals offering
their tools or charging their clients a fee to help them propagate ransomware.
Just lately, security researchers at Trend Micro discovered a new family of
malware - banking-Trojan-as-service which was dubbed Manjit (BKDR_MANGIT.SM). The aforesaid
ransomware was allegedly created and sold by a Brazilian hacker, one Ric or
Ricardo Marques Silva and boasts of the capability to bypass multiple authentication processes employed by Brazilian banks.
Internet of Things (IoT),
Interconnectivity Will Boost Ransomware Attacks
To this end, a cybersecurity
special report postulates that ransomware
will worsen due to vulnerabilities in Internet of Things (IoT), medical
devices, web cameras, IP Phones, Internet Protocol CCTV Cameras, DVRs, SmartHouses
or SmartCities, wearables such as SmartWatches, public Wi-Fi,
proliferation of mobile Apps with malicious code, amongst
others. Globally, an excess of 5 billion IoT devices
were said to have been installed in 2015 and it is estimated that this will reach 20 billion by 2020. Cybercriminals
exploit IoT devices because they have weak login credentials, have little or no
secure communication channels and are online are 24/7. By the way, Internet of
Things (IoT) is defined as ‘’a system of interconnected computing/mobile devices,
mechanical and digital machines, objects, animals or people that are provided
with unique identifiers and the ability to transfer data over a network without
requiring human-to-human or human-to-computer interaction or
intervention’’.
Ransomware Cyberattack Likened To An
‘Epidemic’
The United States Federal Bureau of Investigation (FBI) says more than 2,500 complaints were reported to the Internet Crime
Complaint Center (IC3) in 2015. Crypto-ransomware attacks reportedly accounted for almost 90 percent of all ransomware attacks in
Italy and Germany in 2015 whereas it was less than 10 percent in the previous
year, 2014. Given its proliferation and sophistication (for
instance a new Cerber ransomware variant is said to morph every 15 seconds to
avoid detection), some cybersecurity experts have likened ransomware cyberattacks
as an epidemic. It is trite that ransomware or
cyberattacks are generally underreported. Kaspersky researchers say crypto ransomware variants such as: RANSOM_MIRCOP.A, TeslaCrypt,
XORBAT, ZIPPY, CBT-Locker, CryptoLocker, CryptoWall, Linux.Encoder.1, CryptXXX,
Bart ransomware and other strains encountered by users leapt from
131,111 to 718,536 from April 2015 to March 2016, i.e. nearly 500%
increase. Canadian and United States governments issued a rare
joint alert in March 2016, warning businesses of heightened ransomware attacks.
In 2015, victims of ransomware in the United States reportedly
paid about $325m; cybersecurity analysts estimate it will be much higher in
2016.
Typical Incidents of
Ransomware Cyberattack
Several
healthcare establishments in the United States such as - MedStar Health, Chino
Valley Medical Center, Desert Valley Medical Center, and Methodist Hospital in
Kentucky, Hollywood Presbyterian Hospital, and Kansas Heart Hospital – have all
witnessed and reported ransomware attacks. Earlier in
2016, United States-based Hollywood Presbyterian Medical Center, with the Los
Angeles hospital had to declare an "internal emergency" after cybercriminals
infected its Information Technology systems with ransomware. The University of
Calgary in Canada was forced to pay masterminds of a ransomware attack $20,000 in untraceable
Bitcoin after its IT systems were hit by a massive and devastating ransomware
attack on 28 May, 2016. The foregoing reinforces why ransomware cyberattack is
said to be an epidemic and the biggest
cybersecurity threat.
Nigeria, Africa Not Immune
From Ransomware
As
we have seen from the foregoing, ransomware is a global malaise but there is no
concrete or acknowledged evidence of such incidents in Nigeria yet. This is not
surprising given our penchant for playing the Ostrich or reactionary approach
to issues. That this is not publicly acknowledged today doesn’t mean such
threats are non-existent because a typical ransomware attack doesn’t manifest immediately,
it can lie fallow for months, years before it bares its fangs. Going by the Nigerian Communications Commission assertion that, ‘’as
at September 2015, over 97 million Nigerians used the Internet on a daily basis’’,
it follows that Nigeria cannot be immune from the risk of ransomware attacks or
other forms of cyberattacks. According to Kaspersky, ‘’45.3 percent of
Kaspersky anti-virus users in Nigeria reportedly encountered malware that
spread in local networks, through USBs and storage disks while 13.8 percent
were said to have faced cyber threats from the internet in the third quarter of
2015’’.
Kaspersky went further to assert that globally, Nigeria ranks as 64th most
attacked country in terms of malware and 128th in terms of cyber threats.
Similarly, Nigeria is said to lose N89 billion ($450 million) to cybercrimes annually, as at 2015. Recall that in January
2016 the infamous “Anonymous hacker collective launched a cyber-campaign
against the Nigerian government, accusing it of corruption, greed, and theft. Granted ransomware cyberattack in
Nigeria has not been acknowledged, it is a question of when it will be
acknowledged. Though statistics of ransomware in South Africa is vague
but anecdotal
evidence suggests it is widespread.
Ransomware is also said to have hit neighbouring Ghana. Recall that sometime in February 2016, cybercriminals broke into
Bangladeshi Central Bank account domiciled at the Federal Reserve Bank of New
York and got away with $81 million while attempting to siphon nearly $1 billion
through the bank's SWIFT credentials. Forensic investigators say Bangladesh's central bank was vulnerable to hackers because it
did not have a firewall and used second-hand, $10 switches to network computers
connected to the SWIFT (Society for Worldwide Interbank Financial Telecommunication).
SWIFT, the international money transfer network owned up to a number of
cyberattacks on its system and asked banks to update their software. Note that
SWIFT’s messaging services are deployed by nearly 11,000 financial institutions
spread across more than 200 countries. If Nigerian financial institutions are
signatories to SWIFT and the platform has been repeatedly compromised, it will be a miracle that Nigerian
institutions are immune against such attacks. A lot of cybersecurity awareness
in needed in Nigeria which is why this writer penned this write-up. A Nigerian
adage says it is better to search for a black goat during the day than at
night. It is comforting that the Central Bank of
Nigeria (CBN), commercial banks and other stakeholders in the electronic
payment space, under the aegis of the Nigeria Electronic Fraud Forum (NeFF)
recently held a meeting to brainstorm proactive solutions to forestall ransomware attacks
in Nigeria.
In
the words of Rod Piechowski, senior director of health information systems at
HIMSS, ‘’security is everybody's business. It's not
just up to the security or Information Technology department, if you work with or
own electronic devices, it's your responsibility too."
To be continued…
The next tranche of this write up will discuss comprehensive best
practices to prevent ransomware cyberattacks.
Written
by:
© Don Okereke
(Security
Junkie/Analyst/Consultant, Writer)
Follow
me on Twitter: @donokereke
August,
2016
1 comment:
Post a Comment