New book looks at the top threats to, and protection strategies for data
(Editor’s note: A new book hits online and traditional stores today that takes an in-depth look at the greatest threats to data security, and how readers can better protect their corporate and personal information.
Written by Bart McDonough, CEO of Agio, a managed IT and cybersecurity service provider, Cyber Smart describes the cybersecurity threat landscape in-depth—the who, what, when, and how—while showing the reader how to secure their devices and avoid exposure. The book is available on Amazon in e-book and print formats.
While there are several books that address cybersecurity, the majority use fear-based conditioning. Cyber Smart stresses that while all technological advances have risks, there is no reason not to embrace them with open eyes and a keen awareness for keeping private information secure. Information Management has excerpted Chapter Two of the book here, with permission of the author.)
Who is the adversary, our cybersecurity “enemy”?
You’ll probably recognize this popular visual description of a hacker: a hooded figure with a mask, typing on a computer in the shadows of a basement with lines of computer code furiously racing by on the screen. Sounds pretty scary—if it were only true.
The truth is, the adversary can be anyone from a polite neighbor who gardens to a teenager at your kid’s high school. Most commonly, the adversary is an international criminal and terrorist organization. According to the HackerOne study “Who Are Hackers,” which surveyed hackers who helped businesses find system vulnerabilities (for example, bug bounty programs), 90 percent of hackers are under 34 years of age, 97 percent are male, and 45 percent are employed full-time and hack in their spare time.
These cybercriminal and terrorist organizations are well-oiled machines conducting themselves as businesses to target your money and resources. Today’s cyber attackers can be compared to a corporate employee; they have performance reviews, are measured against their peers for how effective they are, and are encouraged to develop sophisticated processes that are repeatable and scalable.
So, who are the targets? Are bad actors singling out individuals? With the exception of some high-profile personalities—such as government officials, wealthy individuals, and celebrities—bad actors aren’t targeting you specifically. But they aren’t exactly removing you from their attack zone either. They are certainly targeting aspects of you—your job title, your college alumni, the type of credit card you have, etc.
The adversary is performing drive-by attacks anywhere and everywhere. It’s like a typical car thief walking around a parking lot lifting door handles, seeing whether any of them will open. If a door is unlocked, they’ll quickly look for items they can steal—an iPhone, a handbag, money in the glove box or the actual car. By practicing the “Brilliance in the Basics,” the handful of cybersecurity habits that you’ll soon learn in Chapter 7, you’ll keep your personal information secure, or “your car doors locked,” and get the adversary to move on.
What are an adversary’s motives? Albert Gonzalez’s hacking incentives— starting at age 14—included money, the thrill of the theft, and an intellectual challenge. The majority of bad actors are after your money and anything they can monetize. Their targets include your credentials, holding your locked files for ransom, stealing your wire transfers, and accessing your computing resources to carry out wide-scale hacking attacks (for instance, as part of a botnet).
While money is a powerful incentive, the adversary has additional cyber attack motivations. While 72 percent of hackers do it for the money, 71 percent do it for fun, 66 percent hack for the thrill of a challenge, and 51 percent hack to “do good in the world.” The 2016 HackerOne study also states that 57 percent of hackers who participated in bug bounty programs did it for free.
These generous hackers are defined as white hat because they perform hacks to help strengthen the cybersecurity of businesses. Black-hat hackers, on the other hand, perform hacks to destruct, monetize, and deplete your computing resources.
What does an adversary do with the credentials and personal information they have accessed? After bad actors gather databases of credentials and information from vulnerable systems and websites, they either keep it to themselves, post it publicly on the Internet or sell it on the Dark Web. On the Dark Web, which is an anonymous form of web browsing that requires a unique Tor web browser to access, compromised information, like your Social Security number, date of birth, and billing address, sells for the low price of $1 to $8, while your credit card number sells for $20 to $60.
Bad actors use purchased personally identifiable information (PII) and protected health information (PHI) to assume someone’s identity, make purchases and perform financial fraud, obtain health insurance, receive payments for faked medical treatments, and open credit card accounts.
The adversary can also steal intellectual property for economic gain (for example, nation-state attackers), perform illegal acts of cybercrime (for instance, criminal organizations), and carry out terrorism and political agendas (for example, terrorist organizations). While these are serious threats, most “normal” people are not in the direct line of fire.
Nation-state attackers focus on targets of national interest or individuals and companies that possess highly sensitive information that can be used to the attackers’ economic advantage. You frequently hear about nation-state adversaries in the news—they hack and influence political elections and leak information taken from high-profile government agencies.
Nation-state hacking groups, such as APT1 (also known as PLA Unit 61398 in China), are more interested in economic gain and technological advancement through the theft of intellectual property, such as military fighter jet blueprints, than making a profit. Other nation-state hacking groups, such as Russia-based Fancy Bear, perform politically focused cyberattacks.
Fancy Bear is connected with Russian efforts to influence the 2016 U.S. presidential election and attacking the Democratic National Committee (DNC). The preferred attack methods of Fancy Bear include spear phishing and spreading false information by hacking into target organizations and feeding altered data to journalists.
A federal indictment from Robert S. Mueller III unveiled how Russian agents used spear phishing attacks to con Democratic Party workers into sharing their login credentials. The Russian agents used real-looking email addresses to send messages with malicious links designed to collect sensitive information, which then allowed them to access the Democratic Party computer networks.
Once inside, Russian bad actors installed malware and stole sensitive political documents—later releasing them to the public for the purposes of interfering with the 2016 U.S. presidential election. The bad actors used the spear phishing attack method against election administrators across different U.S. states to gain access to polling networks. Election officials are increasingly worried about the potentially devastating effects of a phishing email.
“It ’s shockingly easy to compose a spear phishing email that is targeted, that is seemingly genuine, that is loaded with the kinds of personal details that would lure someone into clicking onto an attachment that they shouldn’t,” said Democrat Minnesota Secretary of State Steve Simon.
Thomas Rid, a professor at John Hopkins University, who helped identify Guccifer 2.0, a Russian hacking identity, warned, “As long as people make simple mistakes, even the most sophisticated adversary will use very simple methods.” In one attack scenario mentioned in the indictment, bad actors sent a fake Google security notification to John Podesta, chairman of Hillary Clinton’s campaign, which resulted in Podesta’s assistant clicking the link and typing in his login credentials.
Election offices nationwide are beginning to roll out two-factor authentication for their employee accounts, in addition to cybersecurity training.
Nation-state attackers also focus on stealing state secrets and the personal information of government employees. In June 2015, the U.S. Office of Personnel Management (OPM)—essentially, the government’s HR department—was targeted by nation-state attackers, compromising 21.5 million current, former, and prospective government employee records. The compromised employee records included sensitive information needed to perform background verifications (such as Social Security numbers) and the intimate details of government workers’ security clearance levels.
Nation-states attackers target victims in their home country and abroad. Take additional cybersecurity precautions before traveling, especially to any hostile nation states. You’ll learn more about protecting your information when traveling in Chapter 21.
Cybercrime organizations operate like highly organized businesses. Cybercriminal organizations go after your money by holding your fi les for ransom, installing spyware on your computer to steal and sell your personal information, stealing banking information, and pocketing wire transfers.
Each cybercriminal “employee” helps their “employer” by obtaining your money, personal information, and computing resources. As you saw earlier, most hackers are 34 and younger, and they choose to be a professional cybercriminal as a career. In fact, 80 percent of black-hat hackers are connected to a sophisticated criminal organization.
In May 2017, WannaCry became the most significant ransomware outbreak in history, spreading across the world like wildfire. Cybercriminals from the Shadow Brokers gang used the leakage of powerful U.S. NSA cyber weapons to spread devastating ransomware—incapacitating hospital systems, businesses, and individual computers worldwide.
The U.S. government, specifically the CIA, kept a secret Windows operating system vulnerability to themselves, intending to create a cyber weapon to fight terrorism by exploiting a non-publicized security hole. In doing so, they risked the destructive cyber weapon getting into the wrong hands—and it did. The result? More than 300,000 computers across the world were infected with the WannaCry ransomware strain. The Shadow Brokers gang demanded a ransom of $300 to $600 per compromised system.
As long as you update your devices on a regular basis—one of the core “Brilliance in the Basics” cybersecurity habits—you help safeguard your systems from known vulnerabilities. It’s when these vulnerabilities are unknown that you are at risk. We rely on the manufacturer to create security updates for, or patch, security holes in our devices. It’s crucial that you install these once they’re made available.
Terrorist organizations and hacking activists (hacktivists) want to create fear and terror through the use of cyberattacks. Their motivation is to advance their religious and political agendas. They’ll perform cyberattacks to spread propaganda and use your computing resources to further their large-scale botnet attacks, turning your devices into “bots” that perform commands the bad actor gives behind the scenes.
One day, Cheryl E. Holdren, wife of the former White House official John P. Holdren, received an email from her “husband” asking for their Xfinity home cable service password. Quickly replying without looking more closely at the spoofed phishing email, Cheryl handed over the family’s home network password to the cyberterrorist and political hacking group Crackas with Attitude. Gaining access to the Holdren network, the group redirected the Holdren’s home phone to the Free Palestine Movement headquarters.
This redirect wasn’t the group’s first hack. Crackas with Attitude, a “hacktivist” group promoting Palestinian statehood, had previously hacked into the email accounts of other former U.S. government officials, including CIA Director John Brennan, FBI Deputy Director Mark Giuliano, and James Clapper, along with a number of other high-profile victims. Even officials trained to be on guard and practice caution have fallen prey to the adversary. The threat is real. The consequences are devastating.
Bad Actors Who Got Caught
We hear about all of the ways bad actors carry out cybercrimes against us but not as much regarding the adversary getting caught, prosecuted, and handed a jail sentence. Law enforcement has been doing its best to keep up with the rapidly evolving cyber landscape by working with global law enforcement.
Bad actors are being held accountable for their cybercrimes carried out against innocent individuals and businesses. The following are stories of some big-time bad actors who learned the repercussions for their illegal actions.
(End of Chapter Two)