• Skip to main content

Victor Font Consulting Group, LLC

The DEX Intranet Specialists

Call Us:

+1 919-604-5828

  • Home
  • Care Plans
    • Care Articles
    • Optional Subscriptions
  • Consultations
  • Products
    • Code Snippets
    • Public GitHub Repositories
    • Gist Snippets
    • Pastebin Snippets (Free)
    • Free Plugins
  • FAQs
  • Support
    • Graphic Design
  • Contact
    • Speakers
    • Portfolio
  • Resources
    • Free WordPress Video Training
    • Tutorials
    • Articles
    • Cybersecurity
    • EU Referral Network
You are here: Home / Cyber Security / The Cybersecurity Ecosystem

The Cybersecurity Ecosystem

By Victor M. Font Jr.
August 22, 2018Leave a Comment

Data breaches occur virtually on a daily basis. Cybercriminals are making enormous sums of money by selling breached data, information, or intellectual property on the dark web or in the gray or black markets. It’s a multi-billion-dollar industry run by hacking operations often sponsored by nation-states, criminal organizations, or radical political groups.

Nation-state sponsored cyber-spies make it their full-time job to penetrate government, corporate, and infrastructure systems to gain control over those systems or collect intelligence to progress their own agendas. It’s modern day espionage, but instead of inserting agents on the ground, intelligence and technology are compromised and accessed remotely from anywhere in the world.

Malware secretly installed on your computer can surreptitiously monitor your activity and steal your keystrokes, sending criminals your bank account and credit card login credentials, account numbers, social security number, or any other kind of sensitive information you might otherwise transmit to an online destination.

Another type of malware can hijack your computer’s CPU time and internet bandwidth to add your machine to a huge network of data mining systems that generate bitcoins and other cyber-currency variants. The only ones making money off of this is the criminals—and you’re paying for it!

If you or your company has a website or online business, statistics show that more than half of the traffic hitting your server is probably coming from some sort of cyber-bot or hack attempt. WordPress is a popular web application platform. Wordfence™, a premium security firewall for WordPress, is active on over 2-million WordPress powered sites and stops over 3.5M cyberattacks daily world-wide. Wordfence™ blocks over 1,500 attacks every month on this author’s online business site.

The chances are good that if you’ve ever had an online account with any major retailer, credit card company, business, etc., there is some bit of information about you that can be found circulating on the dark web.

Top 10 Data Breaches of the 21st Century

Here is a list of the top 10 data breaches of the 21st century as compiled by CSOonline:

Breach
Impact
Details

Yahoo

3 billion user accounts
Assumption: a state-sponsored actor hacked system. Compromised data includes names, dates of birth, email addresses, passwords, and security questions and answers.

Adult Friend Finder

More than 412.2 million accounts
Hackers collected 20 years of data on six databases that included names, email addresses and passwords.

eBay

145 million users compromised
Using the credentials of three corporate employees, hackers had full access for 229 days. Compromised data included names, addresses, dates of birth and encrypted passwords.

Equifax

143 million consumers
Social Security Numbers, birth dates, addresses, and in some cases drivers' license numbers; 209,000 consumers also had their credit card data exposed.

Heartland Payment Systems

134 million credit cards
Exposed through SQL injection used to install spyware on Heartland's data systems

Target

Credit/debit card information and/or contact information of up to 110 million people compromised
Hackers gained access through a third-party HVAC vender to its point-of-sale (POS) payment card readers. The company estimated the cost of the breach at $162 million.

TJX Companies, Inc.

94 million credit cards exposed
Unknown how hackers compromised system. Two theories: breached wireless transfer between two Marshall's stores in Miami, Fla, or breaking into the TJX network through in-store kiosks that allow people to apply for jobs electronically

Uber

Personal information of 57 million Uber users and 600,000 drivers exposed
Two hackers were able to access Uber’s GitHub account, where they found username and password credentials to Uber’s Amazon Web Services account. Uber paid the hackers $100,000 to destroy the data with no way to verify that they did.

JP Morgan Chase

76 million households and 7 million small businesses
Data included contact information—names, addresses, phone numbers and email addresses—as well as internal information about the users, according to a filing with the Securities and Exchange Commission

US Office of Personnel Management (OPM)

Personal information of 22 million current and former federal employees and contractors

Hackers, said to be from China, were inside the OPM system starting in 2012, but were not detected until March 20, 2014. A second hacker, or group, gained access to OPM through a third-party contractor in May 2014, but was not discovered until nearly a year later. The intruders exfiltrated personal data—including in many cases detailed security clearance information and fingerprint data.

For details, see the House Committee on Oversight and Government Reform report: “The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation.”

According to the United Nations, the world population as of July 2018 stands at 7.6 billion. These 10 breaches represent over 4.2 billion compromised accounts. I know we’re comparing apples and oranges right now, but if we could correlate a one-to-one relationship between breached accounts and an individual, 56% of all people have had their online identities compromised. That’s a whole lot of cybercrime!

And these are just a handful of the breaches we know about so far. The breach list goes on and on and includes some major players like Sony's PlayStation Network, Anthem Blue Cross, RSA Security, Stuxnet, Verisign, Home Depot, Adobe, Experian, and many, many others. Some of these companies actually provide components for Cybersecurity implementations and they couldn’t even protect themselves. Think about how many breaches there may be that haven’t been discovered yet.

Stuxnet is a little different. It is not a company, but is in fact malware in and of itself. Discovered in 2010, it is a computer worm capable of transferring itself from device to device once it has penetrated a network. As far as can be determined, it was meant to attack Iran's nuclear power program, but it also serves as a template for real-world intrusion and service disruption of power grids, water supplies, or public transportation systems—aka the Internet of Things (IoT).

Iranian President Mahmoud Ahmadinejad during a tour of uranium enrichment centrifuges at Natanz in 2008. Source: Office of the Presidency of the Islamic Republic of Iran
Iranian President Mahmoud Ahmadinejad during a tour of uranium enrichment centrifuges at Natanz in 2008.
Source: Office of the Presidency of the Islamic Republic of Iran

Stuxnet only targets Siemens S7-300 Supervisory Control and Data Acquisition (SCADA) systems. It damaged Iran’s nuclear program by destroying an estimated 984 uranium enrichment centrifuges that were controlled by Siemens SCADA devices. Stuxnet spread quickly to Indonesia, India, Azerbaijan, United States, Pakistan, and other countries. The attack has been attributed to a joint effort by the US and Israel, although never officially acknowledged as such. If true, it means the worm couldn’t be controlled and ironically turned on its own creators.

Siemens Simatic S7-300 PLC CPU with three I/O modules attached,
Image By Ulli1105 - Own work, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=1623227
Siemens Simatic S7-300 PLC CPU with three I/O modules attached
Image By Ulli1105 - Own work, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=1623227

Intrusions by Any Other Name

Intrusions come in all sizes and shapes. We already discussed the Stuxnet computer worm, but intrusions go far beyond malware.

Intrusions are often targeted to compromise specific information. For example, customer information from Target and Anthem Blue Cross, intellectual property from Sony Pictures, and employee information from the OPM.

Another type of targeted attack is hacktivism. In February 2015, a hacktivist group calling themselves Lizard Squad hijacked Lenovo’s website redirecting customers to a site that displayed selfie slideshows. It was an embarrassment for Lenovo and the resulting loss of revenue and remediation costs hurt their bottom line.

Intrusion Types/Vehicles

Phishing: A fraudulent attempt to obtain sensitive information such as usernames, passwords, credit card details, and money, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing is typically carried out by email spoofing or instant messaging, directing users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site. The only difference is the URL of the website in concern. An example might be an email reportedly from your credit card company announcing that your account has been locked. You are directed to login and correct the problem. Spoofing emails are often sent to distribution lists where the recipient names have been hidden. Hovering your mouse over the link without clicking it will reveal the link’s destination.

Spear Phishing: A targeted phishing attempt directed at specific individuals or companies. Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the Internet today, accounting for 91% of attacks1.

Spear phishing is not always conducted through electronic communications. All that’s required is for someone to click on a link. The link may even be on a social networking site like Facebook or Twitter.

Clone Phishing: A type of phishing attack where a legitimate and previously delivered email containing an attachment or link has had its content and recipient addresses hijacked and used to create an almost identical or cloned email. The attachment or link is replaced with a malicious version and sent from a spoofed email address to appear as though it came from the original sender.

Whaling: Phishing attacks directed specifically at senior executives and other high-profile targets.2 Whaling scam emails masquerade as critical business communications, sent from a legitimate business authority. The content is often written as a legal subpoena, customer complaint, or executive issue.

DoS, DDoS: A denial-of-service attack (DoS) is a cyberattack in which the criminal seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the Internet. In a distributed denial-of-service attack (DDoS), the incoming traffic flooding the victim website originates from many different sources, effectively making it impossible to stop the attack by blocking a single source.

Botnet, Bots: A portmanteau of “robot” and “network”, a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets are used to perform DDoS attacks, steal data, send spam, and allow the attacker to access the target device and its connection.

To  learn more, download our free Cybersecurity eBook.

1 “Fake subpoenas harpoon 2,100 corporate fat cats“. The Register. Archived from the original on January 31, 2011. Retrieved July 31, 2018.
2 Stephenson, Debbie. “Spear Phishing: Who's Getting Caught?“. Firmex. Retrieved July 31, 2018.
  • 3shares
  • Facebook2
  • Twitter0
  • Pinterest1
  • LinkedIn0
  • Print
  • SMS0

About Victor M. Font Jr.

Victor M. Font Jr. is an award winning author, entrepreneur, and Senior IT Executive. A Founding Board Member of the North Carolina Executive Roundtable, he has served on the Board of Advisors, of the North Carolina Technology Association, the International Institute of Business Analysis, Association of Information Technology Professionals, Toastmasters International, and the North Carolina Commission for Mental Health, Developmental Disabilities, and Substance Abuse Services. He is author of several books including The Ultimate Guide to the SDLC and Winning With WordPress Basics, and Cybersecurity.

Reader Interactions

VictorFont.com runs on the Genesis Framework

Genesis FrameworkThe Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Check out the incredible features and the selection of designs. It's that simple—start using Genesis now!

Click here to download The Genesis Guide for Absolute Beginners (PDF - 1.4 MB)

Leave a Reply Cancel reply

Your email address and website will not be published. Required fields are marked *
Posting a comment means that you agree with and accept our Comment & Product Review Policy

Call: +1 919-604-5828

Send us an E-mail

Accessibility Statement | Affiliate Marketing Disclosure | Capability Statement

Cookie Policy | Comment & Product Review Policy | Privacy Policy | Site Map | Terms & Conditions

Copyright © 2003–2023 Victor M. Font Jr.

Return to top of page