4 Lessons From The Most Devastating Cyber Attack In History
Today’s history lesson comes from Wired, who did a really interesting piece last year on the Notpetya cyber attack that targeted the Ukraine, but led to billions of dollars in collateral damage. And really, the story isn't even really about Ukraine or other companies. The story is truly about a nation-state’s weapon of war that was released in such a medium that it knew no borders.
Today’s history lesson comes from Wired, who did a really interesting piece last year on the Notpetya cyber attack that targeted the Ukraine, but led to billions of dollars in collateral damage. And really, the story isn't even really about Ukraine or other companies. The story is truly about a nation-state’s weapon of war that was released in such a medium that it knew no borders. The collateral damage didn’t just affect it’s intended victim, but crossed over everywhere at once. It’s a warning to businesses like yours and mine to be prepared for the worst. You may not be the original intended target, but if you don’t take active precautions then you could easily be taken down like so many other companies and countries mentioned in the following story.
SUMMARY OF NOTPETYA CYBER ATTACK
For four or five years, Ukraine and Russia have been in an undeclared war that has killed more than 10,000 Ukranians. The conflict is so bad that Ukraine has become a testing ground for Russian cyberwar tactics. They have penetrated networks, hacked governmental organizations and companies as well as media outlets to railway firms. They’ve even gone as far as causing widespread power outages.
During this time unbeknownst to anyone, Russian military hackers hijacked Linkos Group company’s update servers to give them a hidden back door into the thousands of PCs around the country and the world. Then they waited…and in June 2017, the Russian saboteurs used the back door they had setup and released a piece of malware called NotPetya, their most vicious cyberweapon yet.
The code that the hackers pushed out was honed to spread automatically, rapidly, and indiscriminately.
“To date, it was simply the fastest-propagating piece of malware we’ve ever seen,” says Craig Williams, director of outreach at Cisco’s Talos division, one of the first security companies to reverse engineer and analyze NotPetya. “By the second you saw it, your data center was already gone.”
Within hours of its first appearance, the worm raced beyond Ukraine and out to countless machines around the world, from hospitals in Pennsylvania to a chocolate factory in Tasmania. It crippled multinational companies including Maersk, pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, food producer Mondelēz, and manufacturer Reckitt Benckiser. In each case, it inflicted nine-figure costs. It even spread back to Russia, striking the state oil company Rosneft.
READ THE FULL STORY: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
FOUR LESSONS FOR EVERY BUSINESS FROM NOTPETYA
A number of mistakes, oversights, and criminal acts went into making this attack successful. You’ll also no doubt want to take a look at how something similar might impact you and what steps you can take to protect yourself. There are a lot of takeaways in this story, but here are four very important ones that apply to every business that utilizes computers in running their business:
Enforce utilizing only approved software - Maersk would not have been impacted had ONE finance executive not installed an accounting application on his computer. This stresses the importance of creating and sticking to approved software lists within your organization. Now, this one may have been approved – the story doesn’t say, but in this interconnected world, one mistake can cost a lot.
Patch management of the operating systems and applications - Cyber criminals can infect computers that aren’t patched, and then grab the password from those computers to infect other computers that are patched. Patching was lackluster at best and was a known vulnerability that could have been corrected, but wasn’t.
Backups, backups, backups - Maersk got lucky by finding one domain controller that wasn’t infected as they had no backups – they depended on replicas saving their day, and in this case, I supposed it did, but only because of a power outage isolating one network out of hundreds.
Know your risks and have mitigation plans - Understand that you can do almost everything right and still be impacted – so understand your risks and have mitigation plans for your most critical processes.
Bonus – Vendor risk management. You can do everything right, but if the firms who provide your cloud applications, websites, even IT services are vulnerable, then you must understand that their risks are your risks. Be sure to include these vendors in your overall risk management program and see how they address their risks so you can make informed decisions.
CLOSING
RealTime specializes in helping businesses with complete technology solutions, backups, cyber protections and mitigation plans, vulnerability assessments and more. If you don’t have a plan in place, contact RealTime to begin the process of protecting your business. Feel free to contact us here or call us at (334) 678-1417.
WHY CYBERCRIMINALS ARE ZEROING IN ON SMALL BUSINESSES
Small Businesses (SMBs) have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have full-time IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.
Large corporations have the resources to invest heavily in the most sophisticated security strategies and successfully stop most cybercrime attempts. A typical large enterprise may have over twenty inhouse IT dedicated employees ensuring that every device connecting to their network is adequately protected.
In comparison, Small Businesses (SMBs) have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have full-time IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.
SMBS ARE NOT “TOO SMALL TO MATTER”
Since most cybercrimes affecting smaller businesses go unreported by the media, there is no sense of urgency by SMBs to prepare for cyber attacks. Too many SMBs mistakenly view their operations and data as trivial to hackers. They feel that large online retailers, global banks, and government entities are much more attractive targets for hackers.
The goals and methods of cyber attackers are evolving and will continue to evolve. The era of one “big heist” for hackers is over. Cybercriminals today often prefer to infiltrate the data of many small businesses at once, stealing from victims in tiny increments over time so as to not set off an immediate alarm. This method takes advantage of those SMBs who are especially lax with their security processes and may not even realize there has been a security breach for days or sometimes even weeks.
SMBS - THE ACCESS RAMP TO BIGGER & BETTER DATA
Many breaches are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget.
SMBs, however, are often the inroad to larger better-protected entities. They are often sub-contracted as a vendor, supplier, or service provider to a larger organization. This makes SMBs an attractive entry point for raiding the data of a larger company. Since larger enterprises have more sophisticated security processes in place to thwart cyber attacks, SMBs often unknowingly become a Trojan horse used by hackers to gain backdoor access to a bigger company’s data. There is malware specifically designed to use a SMBs website as a means to crack the database of a larger business partner.
For this reason, many potential clients or business partners may ask for specifics on how their data will be safeguarded before they sign an agreement. Some may require an independent security audit be conducted. They may also ask SMBs to fill out a legally binding questionnaire pertaining to their security practices.
Moving forward, a SMB that is unable to prove they’re on top of their infrastructure’s security will likely lose out on potentially significant deals and business relationships. More large enterprises are being careful to vet any business partners they’re entrusting their data.
TO STAY SECURE A GOOD DEFENSE IS THE BEST OFFENSE
SMBs must understand that the time has come to get serious with their security.
Cybercrime is only one cause of compromised data. There are 3 primary causes of breached security at businesses according to the Symantec Global Cost of a Data Breach study. Only 37% are attributed to malicious attacks. The remaining 64% are human error and technology errors.
Data breaches aren’t always about bad people doing bad things. Many are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget.
REALTIME CAN PUT TOGETHER A GREAT DEFENSE FOR YOUR BUSINESS
Contact RealTime now to discuss a great defense for your business. Email us here or call us at (334) 678-1417.