Cybersecurity 2015
The past 2015 was very “rich” in cyber attacks and showed that even the most reliable protection of large international corporations is subject to hacking. Even super protected companies could not resist the attack of hackers. Such as: US Human Resource Management Service; US health insurance company Anthem and Premera; Ashley Madison dating site for adultery; Mandarin Oriental, Hilton and Trump Hotels; British telecommunications company TalkTalk and Hong Kong online store VTech.
In 2014, a group of hackers broke into the well-known film company Sony Pictures, systematically putting online personal data of employees, pirated copies of films and other secret information. The attack brought damage from which the film company is recovering so far.
Last year, extortionists from cyber gangs gained particular popularity. Such are the hackers of a group called DD4BC who use DDoS attacks to extort money from Internet companies, corporations and private people.
')
“Cyber attacks are real and really harmful” - this is the main idea that they tried to convey at a seminar on prevention and recovery from cyber attacks. The seminar was conducted by British law firm Kemp Little in London.
From the words of the head of data protection and a member of the cyber security team at Kemp Little, Nicolas Fulford:
According to the review of information security breaches for 2015 (PwC review), the average cost of damages due to unlawful actions of hackers in large British companies ranges between £ 1.4m and £ 3.14m. In a small business, costs are estimated at between £ 75,000 and £ 311,000 .
Compared to 2014, the figures have risen significantly - from 233% to 273% per year. In small business - from 115% to 270%. And according to surveys, most companies expect violations to continue to increase in 2016.
In October, another powerful DDoS attack was launched on the telecommunications company TalkTalk. The provider’s website went offline for several hours. And during this time, the attackers managed to steal the company's customer data: phone numbers, addresses, contact details and even credit card numbers, bank details. Given that the company has about 4 million customers, the scale of the problem is quite global. After a hacker attack, TalkTalk shares fell 10%. And in general, the costs of addressing the consequences have reached about £ 35 million.
This is the third cyber attack on the TalkTalk servers in a year. At the moment, it is not known whether all the personal information of the clients was properly encrypted.
As a result of the investigation, Scotland Yard police arrested five people. Among them was an 18-year-old teenager who posted about a million user data online. The youngest suspect, a 15-year-old boy, was arrested at the Antrim County police station and subsequently transferred to bail for his relatives. The oldest of the detainees is 20 years old.
Compared to the US, British law is more loyal to violations of this kind.
The site of adultery AshleyMadison.com (the slogan "Life is short. Get an affair") also did not escape the sad fate. In August, hackers from the international group Impact Team hacked an intriguing resource and demanded that the owner, Avid Life Media, shut down their websites: AshleyMadison.com and Established Men. But after ALM ignored the requirements, the hackers uploaded about 13GB of personal data to the “traitors”.
The site operates in more than 50 countries and has 37 million users. Given the specificity and need for strict anonymity, one can imagine the severity of the consequences. In addition, well-known public figures used the services of AshleyMadison. Particularly interested users found among the data laid out rather interesting e-mail addresses of high-ranking civil servants. Like former British Prime Minister Tony Blair.
The Impact Team, which calls itself international, argues that ALM’s choice is fraudulently profitable by customers. Resource declares over privacy and high secrecy. Delete the same data is possible only with the function Full Delete, for which you have to pay $ 19. That is, to completely remove your account from the site - you need to lay out almost two dozen dollars. But according to the Impact Team, the Full Delete function is a trick for pumping out money, since user data is not deleted. Actually, this was confirmed by hacking, as well as rumors that in fact there were few real women on the site and the bots were in correspondence with men. The reputation of AshleyMadison.com has been hit hard.
Theft of credit card data in hotels of the Mandarin Oriental Hotel Group has shown how weak the security of POS terminals can be. The data was stolen from a credit card using an “isolated number” of payment card systems in hotels in Europe and the USA, after the company’s network was hacked. Hotel management claims that only the data on the credit card itself has been stolen. Personal information about visitors, account numbers, passwords and everything else remains intact.
Software from some hotels in the Mandarin Oriental network has been infected with malware. But experts have identified and eliminated the virus. Now the company actively cooperates with law enforcement agencies and increases the level of cyber security of its hotel complexes.
By the way, other hotel chains, such as Hilton, Starwood Hotels, Trump Hotels, were also attacked.
The demands of the cyber bandy DD4B, which uses DDoS attacks to extort Bitcoin (digital or cryptocurrency that is not supported by the central bank or the government), are growing. With the help of Bitcoin maneuvers, hackers played online casinos and bookmakers, extorted from major financial institutions in the USA, Europe, Asia, Australia and New Zealand.
Kaspersky Lab indicated that the actions of the cyber group were directed against many large organizations around the world and against certain individuals in the Middle East.
In April, an information security company, FireEye, accused the Chinese government of covering and almost running a cyber-spy campaign that has been going on for a decade. The main goal of the campaign is the theft of classified information belonging to organizations in Southeast Asia and India. In July, Symantec declassified the corporate spy group Morpho, which over the past few years has put at risk a number of major corporations.
In August, the US authorities arrested nine suspected trade traders, according to preliminary data, conspiring with the cyberband DD4B. The suspects hoped that the hackers would get them secret commercial information from news resources.
UK law enforcement officers work with public and private partners to help companies and UK consumers fight cybercrime.
After numerous high-profile attacks on corporations across the UK, the NCA began actively helping network administrators manage key parts of the UK Internet infrastructure.
The British government has participated in several international operations aimed at combating cybercrime. Law enforcement organizations, government cybersecurity teams and private organizations participated in the dismantling of the Dorkbot botnet. With this malicious program, attackers infected the computers of many users around the world. The virus spreads through social networks, spam, removable media. In essence, the actions of Dorkbot resemble the classic Troyan - the work of anti-virus products is disrupted, updates are blocked. The malicious program receives instructions from hackers via the IRC protocol.
NCA, in cooperation with European crime agencies, stopped the servers used by the botnet. A number of arrests were also made at 140 airports in different countries. During the international law enforcement operation, some 130 suspects were detained.
In June 2015, the FBI called on companies to be especially vigilant. Security officials announced that a type of malicious software that encrypts company data has spread across the network. For providing the decoding key, the attacker who started the process naturally demanded money.
This type of encryption is quite difficult to detect, because it belongs to the CTB-Locker family with its new versions (CryptoWall, TorrentLocker and BandarChor). CTB-Locker uses smart methods of evading security software, avoids the detection of phishing emails.
Labs at McAfee advise organizations to prioritize e-mail phishing emails and use tools like the Intel Security Phishing Quiz.
The past year has once again emphasized the importance of enhanced cyber security. To underestimate the seriousness of DDoS attacks is not only very dangerous, but also expensive. According to preliminary estimates by the British company Neustar, losses can cost as much as £ 100,000 per hour.
As Seth Berman, Executive Director of Stroz Friedberg, said:
According to tradition, a little advertising in the basement, where it does not hurt anyone. We remind you that due to the fact that the total network capacity of the Dutch data center where we provide services has reached 5 Tbit / s (58 points of presence, including 36 points of exchange, in more than 20 countries and 4213 peering inclusions ), we offer dedicated servers for rent at incredibly low prices, just a week! .
In 2014, a group of hackers broke into the well-known film company Sony Pictures, systematically putting online personal data of employees, pirated copies of films and other secret information. The attack brought damage from which the film company is recovering so far.
Last year, extortionists from cyber gangs gained particular popularity. Such are the hackers of a group called DD4BC who use DDoS attacks to extort money from Internet companies, corporations and private people.
')
Cybercrime should not be underestimated: Kemp Little Workshop
“Cyber attacks are real and really harmful” - this is the main idea that they tried to convey at a seminar on prevention and recovery from cyber attacks. The seminar was conducted by British law firm Kemp Little in London.
From the words of the head of data protection and a member of the cyber security team at Kemp Little, Nicolas Fulford:
Potential cyber attacks combined with increasing consumer awareness mean that no sensible business will ignore such a threat.
Hackers have ravaged the British government for £ 3.14 million
According to the review of information security breaches for 2015 (PwC review), the average cost of damages due to unlawful actions of hackers in large British companies ranges between £ 1.4m and £ 3.14m. In a small business, costs are estimated at between £ 75,000 and £ 311,000 .
Compared to 2014, the figures have risen significantly - from 233% to 273% per year. In small business - from 115% to 270%. And according to surveys, most companies expect violations to continue to increase in 2016.
TalkTalk company lost £ 35 million
In October, another powerful DDoS attack was launched on the telecommunications company TalkTalk. The provider’s website went offline for several hours. And during this time, the attackers managed to steal the company's customer data: phone numbers, addresses, contact details and even credit card numbers, bank details. Given that the company has about 4 million customers, the scale of the problem is quite global. After a hacker attack, TalkTalk shares fell 10%. And in general, the costs of addressing the consequences have reached about £ 35 million.
This is the third cyber attack on the TalkTalk servers in a year. At the moment, it is not known whether all the personal information of the clients was properly encrypted.
As a result of the investigation, Scotland Yard police arrested five people. Among them was an 18-year-old teenager who posted about a million user data online. The youngest suspect, a 15-year-old boy, was arrested at the Antrim County police station and subsequently transferred to bail for his relatives. The oldest of the detainees is 20 years old.
Compared to the US, British law is more loyal to violations of this kind.
Draining 13GB of data from the scandalous site Ashley Madison
The site of adultery AshleyMadison.com (the slogan "Life is short. Get an affair") also did not escape the sad fate. In August, hackers from the international group Impact Team hacked an intriguing resource and demanded that the owner, Avid Life Media, shut down their websites: AshleyMadison.com and Established Men. But after ALM ignored the requirements, the hackers uploaded about 13GB of personal data to the “traitors”.
The site operates in more than 50 countries and has 37 million users. Given the specificity and need for strict anonymity, one can imagine the severity of the consequences. In addition, well-known public figures used the services of AshleyMadison. Particularly interested users found among the data laid out rather interesting e-mail addresses of high-ranking civil servants. Like former British Prime Minister Tony Blair.
The Impact Team, which calls itself international, argues that ALM’s choice is fraudulently profitable by customers. Resource declares over privacy and high secrecy. Delete the same data is possible only with the function Full Delete, for which you have to pay $ 19. That is, to completely remove your account from the site - you need to lay out almost two dozen dollars. But according to the Impact Team, the Full Delete function is a trick for pumping out money, since user data is not deleted. Actually, this was confirmed by hacking, as well as rumors that in fact there were few real women on the site and the bots were in correspondence with men. The reputation of AshleyMadison.com has been hit hard.
Outdated POS terminals
Theft of credit card data in hotels of the Mandarin Oriental Hotel Group has shown how weak the security of POS terminals can be. The data was stolen from a credit card using an “isolated number” of payment card systems in hotels in Europe and the USA, after the company’s network was hacked. Hotel management claims that only the data on the credit card itself has been stolen. Personal information about visitors, account numbers, passwords and everything else remains intact.
Software from some hotels in the Mandarin Oriental network has been infected with malware. But experts have identified and eliminated the virus. Now the company actively cooperates with law enforcement agencies and increases the level of cyber security of its hotel complexes.
By the way, other hotel chains, such as Hilton, Starwood Hotels, Trump Hotels, were also attacked.
DD4B Extortionist Cyberbrigade Increases Operational Extent
The demands of the cyber bandy DD4B, which uses DDoS attacks to extort Bitcoin (digital or cryptocurrency that is not supported by the central bank or the government), are growing. With the help of Bitcoin maneuvers, hackers played online casinos and bookmakers, extorted from major financial institutions in the USA, Europe, Asia, Australia and New Zealand.
Kaspersky Lab indicated that the actions of the cyber group were directed against many large organizations around the world and against certain individuals in the Middle East.
In April, an information security company, FireEye, accused the Chinese government of covering and almost running a cyber-spy campaign that has been going on for a decade. The main goal of the campaign is the theft of classified information belonging to organizations in Southeast Asia and India. In July, Symantec declassified the corporate spy group Morpho, which over the past few years has put at risk a number of major corporations.
In August, the US authorities arrested nine suspected trade traders, according to preliminary data, conspiring with the cyberband DD4B. The suspects hoped that the hackers would get them secret commercial information from news resources.
National Crime Agency (NCA) helps the British in the fight against cybercrime
UK law enforcement officers work with public and private partners to help companies and UK consumers fight cybercrime.
After numerous high-profile attacks on corporations across the UK, the NCA began actively helping network administrators manage key parts of the UK Internet infrastructure.
The British government has participated in several international operations aimed at combating cybercrime. Law enforcement organizations, government cybersecurity teams and private organizations participated in the dismantling of the Dorkbot botnet. With this malicious program, attackers infected the computers of many users around the world. The virus spreads through social networks, spam, removable media. In essence, the actions of Dorkbot resemble the classic Troyan - the work of anti-virus products is disrupted, updates are blocked. The malicious program receives instructions from hackers via the IRC protocol.
NCA, in cooperation with European crime agencies, stopped the servers used by the botnet. A number of arrests were also made at 140 airports in different countries. During the international law enforcement operation, some 130 suspects were detained.
Cryptographic Data Encryption
In June 2015, the FBI called on companies to be especially vigilant. Security officials announced that a type of malicious software that encrypts company data has spread across the network. For providing the decoding key, the attacker who started the process naturally demanded money.
This type of encryption is quite difficult to detect, because it belongs to the CTB-Locker family with its new versions (CryptoWall, TorrentLocker and BandarChor). CTB-Locker uses smart methods of evading security software, avoids the detection of phishing emails.
Labs at McAfee advise organizations to prioritize e-mail phishing emails and use tools like the Intel Security Phishing Quiz.
The past year has once again emphasized the importance of enhanced cyber security. To underestimate the seriousness of DDoS attacks is not only very dangerous, but also expensive. According to preliminary estimates by the British company Neustar, losses can cost as much as £ 100,000 per hour.
As Seth Berman, Executive Director of Stroz Friedberg, said:
It is impossible to completely destroy cybercrime, but you can significantly reduce the risk of attack from hackers. If you limit the "movement" of intruders on the network, companies will have more time to take appropriate measures.
According to tradition, a little advertising in the basement, where it does not hurt anyone. We remind you that due to the fact that the total network capacity of the Dutch data center where we provide services has reached 5 Tbit / s (58 points of presence, including 36 points of exchange, in more than 20 countries and 4213 peering inclusions ), we offer dedicated servers for rent at incredibly low prices, just a week! .
Source: https://habr.com/ru/post/274359/
All Articles