Week 8: Security and Protecting Yourself on the Internet
What is Internet Security?
It involves establishing rules and measures to use against attacks over the Internet. The Internet is often an insecure channel for exchanging information, exposing it to threats of intrusion or fraud, which can be done in various ways:
1. Malicious Software: A computer user can be tricked or forced into downloading software onto a computer that is of malicious intent. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.
2. Denial-of-service (DoS) attacks: This is an attempt to make a computer resource unavailable to its intended users. This generally consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Attackers commonly target cloud computing environments like organizations and governments.
3. Phishing: This is an attack which targets online users for extraction of their sensitive information such as username, password and credit card information. Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page. Victims are directed to fake web pages, which are dressed to look legitimate, via spoof emails, instant messenger/social media or other avenues.
Today's internet security however, is in a state of crisis. There has been an alarming increase in cyber-attacks since the start of 2017, and these aren't just your standard corporate breaches ― instead there has been viral, state-sponsored ransomware, leaks of spy tools from US intelligence agencies, and full-on campaign hacking. With their shocking scope and targeting of some of society’s most critical infrastructure, and even interfering with political outcomes like the recent Russian interference in the U.S. election (the alleged hacking of Democratic party emails and 21 state election systems).
Here's a recap of some of this year's biggest cyber-incidents:
Shadow Brokers
The mysterious hacking group known as the Shadow Brokers first surfaced in August 2016, claiming to have breached the spy tools of the elite NSA-linked operation known as the Equation Group. They offered a sample of alleged stolen NSA data and attempted to auction off a bigger trove, following up with leaks for Halloween and Black Friday in 2016. This April, though, marked the group's most impactful release yet. It included particularly significant alleged NSA tools, including a Windows exploit known as EternalBlue, which hackers have since used to infect targets in two high-profile ransomware attacks.
The identity of the Shadow Brokers is still unknown, but the group's leaks have revived debates about the danger of using bugs in commercial products for intelligence-gathering. Agencies keep these flaws to themselves, instead of notifying the company that makes the software so the vendor can patch the vulnerabilities and protect its customers. If these tools get out, they potentially endanger billions of software users.
1. Malicious Software: A computer user can be tricked or forced into downloading software onto a computer that is of malicious intent. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.
2. Denial-of-service (DoS) attacks: This is an attempt to make a computer resource unavailable to its intended users. This generally consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Attackers commonly target cloud computing environments like organizations and governments.
3. Phishing: This is an attack which targets online users for extraction of their sensitive information such as username, password and credit card information. Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page. Victims are directed to fake web pages, which are dressed to look legitimate, via spoof emails, instant messenger/social media or other avenues.
Today's internet security however, is in a state of crisis. There has been an alarming increase in cyber-attacks since the start of 2017, and these aren't just your standard corporate breaches ― instead there has been viral, state-sponsored ransomware, leaks of spy tools from US intelligence agencies, and full-on campaign hacking. With their shocking scope and targeting of some of society’s most critical infrastructure, and even interfering with political outcomes like the recent Russian interference in the U.S. election (the alleged hacking of Democratic party emails and 21 state election systems).
Here's a recap of some of this year's biggest cyber-incidents:
Shadow Brokers
The identity of the Shadow Brokers is still unknown, but the group's leaks have revived debates about the danger of using bugs in commercial products for intelligence-gathering. Agencies keep these flaws to themselves, instead of notifying the company that makes the software so the vendor can patch the vulnerabilities and protect its customers. If these tools get out, they potentially endanger billions of software users.
On May 12 a strain of ransomware called WannaCry spread around the world, hitting hundreds of thousands of targets, including public utilities and large corporations. Singapore was also hit. Notably, the ransomware temporarily crippled National Health Service hospitals and facilities in the United Kingdom, hobbling emergency rooms, delaying vital medical procedures, and creating chaos for many British patients.
Though powerful, the ransomware also had significant flaws, including a mechanism that security experts effectively used as a kill switch to render the malware inert and stem its spread. US officials later concluded with "moderate confidence" that the ransomware was a North Korean government project gone awry that had been intended to raise revenue while wreaking havoc. In total, WannaCry netted almost 52 bitcoins, or about $130,000 — not much for such viral ransomware. WannaCry's reach came in part thanks to one of the leaked Shadow Brokers Windows vulnerabilities, EternalBlue. Microsoft had released the MS17-010 patch for the bug in March, but many institutions hadn't applied it and were therefore vulnerable to WannaCry infection.
A display panel with an error can be seen at the main railway station in Frankfurt am Main, Germany, 13 May 2017. Germany's railways were one of the targets in the worldwide cyber attack.
Petya/NotPetya/Nyetya/Goldeneye
A month or so after WannaCry, another wave of ransomware infections that partially leveraged Shadow Brokers Windows exploits hit targets worldwide. This malware, called Petya, NotPetya and a few other names, was more advanced than WannaCry in many ways, but still had some flaws, like an ineffective and inefficient payment system.
Though it infected networks in multiple countries — like the US pharmaceutical company Merck, Danish shipping company Maersk, and Russian oil giant Rosnoft — researchers suspect that the ransomware actually masked a targeted cyberattack against Ukraine. The ransomware hit Ukrainian infrastructure particularly hard, disrupting utilities like power companies, airports, public transit, and the central bank, just the latest in a series of cyber assaults against the country.
Cybersecurity must be a top-of-agenda item for world and corporate leaders. We need fresh, practical approaches to protecting an internet that has rapidly become the central nervous system of the planet.
Comments
Post a Comment