The Cybersecurity Ecosystem

Data breaches occur virtually on a daily basis. Cybercriminals are making enormous sums of money by selling breached data, information, or intellectual property on the dark web or in the gray or black markets. It’s a multi-billion-dollar industry run by hacking operations often sponsored by nation-states, criminal organizations, or radical political groups.

Nation-state sponsored cyber-spies make it their full-time job to penetrate government, corporate, and infrastructure systems to gain control over those systems or collect intelligence to progress their own agendas. It’s modern day espionage, but instead of inserting agents on the ground, intelligence and technology are compromised and accessed remotely from anywhere in the world.

Malware secretly installed on your computer can surreptitiously monitor your activity and steal your keystrokes, sending criminals your bank account and credit card login credentials, account numbers, social security number, or any other kind of sensitive information you might otherwise transmit to an online destination.

Another type of malware can hijack your computer’s CPU time and internet bandwidth to add your machine to a huge network of data mining systems that generate bitcoins and other cyber-currency variants. The only ones making money off of this is the criminals—and you’re paying for it!

If you or your company has a website or online business, statistics show that more than half of the traffic hitting your server is probably coming from some sort of cyber-bot or hack attempt. WordPress is a popular web application platform. Wordfence™, a premium security firewall for WordPress, is active on over 2-million WordPress powered sites and stops over 3.5M cyberattacks daily world-wide. Wordfence™ blocks over 1,500 attacks every month on this author’s online business site.

The chances are good that if you’ve ever had an online account with any major retailer, credit card company, business, etc., there is some bit of information about you that can be found circulating on the dark web.

Top 10 Data Breaches of the 21^st Century

Here is a list of the top 10 data breaches of the 21^st century as compiled by CSOonline:

According to the United Nations, the world population as of July 2018 stands at 7.6 billion. These 10 breaches represent over 4.2 billion compromised accounts. I know we’re comparing apples and oranges right now, but if we could correlate a one-to-one relationship between breached accounts and an individual, 56% of all people have had their online identities compromised. That’s a whole lot of cybercrime!

And these are just a handful of the breaches we know about so far. The breach list goes on and on and includes some major players like Sony's PlayStation Network, Anthem Blue Cross, RSA Security, Stuxnet, Verisign, Home Depot, Adobe, Experian, and many, many others. Some of these companies actually provide components for Cybersecurity implementations and they couldn’t even protect themselves. Think about how many breaches there may be that haven’t been discovered yet.

Stuxnet is a little different. It is not a company, but is in fact malware in and of itself. Discovered in 2010, it is a computer worm capable of transferring itself from device to device once it has penetrated a network. As far as can be determined, it was meant to attack Iran's nuclear power program, but it also serves as a template for real-world intrusion and service disruption of power grids, water supplies, or public transportation systems—aka the Internet of Things (IoT).

Stuxnet only targets Siemens S7-300 Supervisory Control and Data Acquisition (SCADA) systems. It damaged Iran’s nuclear program by destroying an estimated 984 uranium enrichment centrifuges that were controlled by Siemens SCADA devices. Stuxnet spread quickly to Indonesia, India, Azerbaijan, United States, Pakistan, and other countries. The attack has been attributed to a joint effort by the US and Israel, although never officially acknowledged as such. If true, it means the worm couldn’t be controlled and ironically turned on its own creators.

Intrusions by Any Other Name

Intrusions come in all sizes and shapes. We already discussed the Stuxnet computer worm, but intrusions go far beyond malware.

Intrusions are often targeted to compromise specific information. For example, customer information from Target and Anthem Blue Cross, intellectual property from Sony Pictures, and employee information from the OPM.

Another type of targeted attack is hacktivism. In February 2015, a hacktivist group calling themselves Lizard Squad hijacked Lenovo’s website redirecting customers to a site that displayed selfie slideshows. It was an embarrassment for Lenovo and the resulting loss of revenue and remediation costs hurt their bottom line.

Intrusion Types/Vehicles

Phishing: A fraudulent attempt to obtain sensitive information such as usernames, passwords, credit card details, and money, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing is typically carried out by email spoofing or instant messaging, directing users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site. The only difference is the URL of the website in concern. An example might be an email reportedly from your credit card company announcing that your account has been locked. You are directed to login and correct the problem. Spoofing emails are often sent to distribution lists where the recipient names have been hidden. Hovering your mouse over the link without clicking it will reveal the link’s destination.

Spear Phishing: A targeted phishing attempt directed at specific individuals or companies. Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the Internet today, accounting for 91% of attacks¹.

Spear phishing is not always conducted through electronic communications. All that’s required is for someone to click on a link. The link may even be on a social networking site like Facebook or Twitter.

Clone Phishing: A type of phishing attack where a legitimate and previously delivered email containing an attachment or link has had its content and recipient addresses hijacked and used to create an almost identical or cloned email. The attachment or link is replaced with a malicious version and sent from a spoofed email address to appear as though it came from the original sender.

Whaling: Phishing attacks directed specifically at senior executives and other high-profile targets.² Whaling scam emails masquerade as critical business communications, sent from a legitimate business authority. The content is often written as a legal subpoena, customer complaint, or executive issue.

DoS, DDoS: A denial-of-service attack (DoS) is a cyberattack in which the criminal seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the Internet. In a distributed denial-of-service attack (DDoS), the incoming traffic flooding the victim website originates from many different sources, effectively making it impossible to stop the attack by blocking a single source.

Botnet, Bots: A portmanteau of “robot” and “network”, a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets are used to perform DDoS attacks, steal data, send spam, and allow the attacker to access the target device and its connection.

To  learn more, download our free Cybersecurity eBook.