Cybersecurity has become a top priority for businesses all around the world. Both large organizations and small to medium sized enterprises (SMEs) are on the radar for malicious actors;Since hackers are becoming more sophisticated with their network penetration techniques, organizations must combat this emerging threat by putting the proper safeguards in place.
Organizations should be vigilent in taking the proper precautions when storing or transmitting sensitive data. The best way to mitigate the impact of a cyber attack is to have a plan to defeat various attack scenarios. For example, your business could suffer from the following types of cyber attacks:
- DDoS Attacks
- Spam, Phishing and Whaling Attacks
- Database Related Exploits
Take a closer at each of these attack vectors and how these specific attacks have impacted businesses all around the world.
Twitter and Others Fall Victim to DDoS Attack
In October of 2016, DNS provider Dyn was hit by one of the largest DDoS attacks ever reported. TechCrunch says that Twitter, Spotify, Shopify and other high profile websites were inaccessible during this DDoS attack.
Cybersecurity experts say that unsecured IoT devices were the root cause of this DDoS attack. Hackers likely used default credentials to login to IoT devices to launch a massive ping attack on Dyn’s core DNS servers.
The hackers achieved their desired result in restricting general accessibility to many US based websites for several hours.
Hollywood Hospital Forks Over $17,000 to Ransomware Creator
In February of 2016, Hollywood Presbyterian Medical Center was hit with one of the most high profile ransomware attacks of the year. In order to remediate the ransomware infection, the hospital was forced to pay out over $17,000 to get the encryption keys to reclaim their data.
HPMC is just another name on the list of healthcare providers that have been hit with ransomware. Some studies show that healthcare providers deal with 88% of all ransomware viruses.
At its core, ransomware isn’t very sophisticated; it mainly relies on desktop PCs and servers that do not have the latest patches or virus protection installed. The cost of not running updates and installing virus protection? It’s being reported that some ransomware creators have netted over $300M in profits from their malicious software endeavors.
SnapChat Impacted by Whaling Attack
Email attacks are rather unsophisticated since they generally rely upon the ignorance of the recipient to unknowingly relay personal or private information back to the malicious actor.
You’ve probably heard of Email Phishing; this technique has given birth to a new type of attack called a “Whaling attack.”
In February of 2016, SnapChat was forced to admit that it inadvertently sent confidential information about its employees to a scammer posing as the CEO through email. This type of attack can generally be prevented by training employees to recognize scam emails.
Nevertheless, other high profile companies have been impacted by these same types of email scams. An Austrian Aircraft company recently fired its CEO for falling victim to a Whaling attack. In fact, the CEO sent nearly 50 million Euros to scammers, effectively wiping out a year’s worth of profit for the company.
Adult Website Gets Hacked – Reveals Info on 300M+ Users
It’s no secret that some people decide to use the internet to access adult websites. Most people who use these services would rather keep this part of their life private.
In November of 2016, TheNextWeb began reporting that AdultFriendFinder.com had its database breached through a local file inclusion exploit. The discovery was made when hackers took the personal data of AFF’s users and leaked their details on the darknet.
The AdultFriendFinder hack dwarfs the Ashley Madison hack, which reportedly leaked over details on over 30M users back in 2015.
How to Combat These Types of Attacks
The main takeaway from these high profile cyber attacks is that businesses must get back to the basics of common sense network security policies.
For example, ransomware can be mitigated by installing patches and up-to-date antivirus definitions. Email scams can largely be avoided by using email filtering software combined with information security awareness training for employees.
Network administrators must regularly review their firewall logs. Database exploits must be tested for regularly and remediated rapidly. Before publishing any web application that links to databases that contains personal data, your team should use regression testing and penetration testing to ensure all web applications cannot be easily exploited.
Each of these high profile cyber attacks could have been avoided by simply implementing common sense network security policies throughout their respective enterprise environments. Learn from the mistakes of these high profile cyber attacks and take the proper precautions to mitigate the latest emerging threats.