This has been one of the most miserable and awful years as for as Cyber Security is concerned. There have been a lot of ransomware attacks, data leaks, malware attacks, DDoS attacks, Man in the Middle hacks, Spear Phishing and many more type of attacks.
In March, WikiLeaks released tons of sophisticated hacking tools from a famous Intelligence Agency. Millions of lines were actually coded by its team. And so many other Intelligence Agencies have developed their own hacking tools.
In April a group called The Shadow Brokers released another trove of hacking tools from the same Intelligence Agency, which they claim to have hacked in the year 2016.
Almost all the Intelligence Agencies use these tools for Espionage. Now there is no need of a special agent going in the middle of a desert alone risking his life to save us. A software spy can do the trick for us. Cyber Espionage is evolving rapidly.
These agencies use vulnerabilities in the Operating Systems, Applications, etc., When they find a vulnerability, they do not report it to the developer. If they report these as soon as they find them, the developer can fix it with an update. They use it to further their Cyber Espionage missions.
With a huge budgetary allocation, Intelligence Agencies are able to hire top notch hackers to develop hacking tools. These agencies are one of the main reasons for the current fragility in Cyber Security.
The release of these tools in the open has helped hackers immensely. Hackers tweak these tools to their advantage. Maybe the easy availability of these tools led to a spike in so many data breaches and ransomware attacks this year.
In the month of May a ransomware called WannaCry infected hundreds of thousands of targets. Majorly the ransomware affected the healthcare institutes of UK. Putting a lot of patients in trouble due to the delay in vital medical procedures. WannaCry used one of Microsoft Windows vulnerabilities for which Microsoft had released a patch MS17-010 in march. A lot of institutions had not applied the patch and hence they got infected. Security updates are a must for an organisation to be highly secure. WannaCry was developed by another notorious Intelligence Agency.
Later in the month of June, a new ransomware called Petya/Goldeneye spread like wild fire. It infected huge networks in multiple countries. Human error is also one of the major reasons for a data breach to happen. This reflects in the misconfigured AWS S3 bucket data breaches. A few examples are Accenture, Viacom, Verizon, Talent Pen, etc.
Personal data of about 14 million Verizon customers was left exposed by a technology provider Nice Systems, which left Verizon customer data unprotected on an Amazon Web Services S3 storage instance. This security lapse was discovered by research firm Upguard.
A major breach at Equifax jolted the whole Cyber security world. Personal Identities of about 145 million Americans were stolen by a Cyber Criminal. He used a vulnerability in Apache Struts for which an update had been released by Apache. An update could have saved all those 145 million Americans from losing their Personal Identities.
Likewise there were a lot of other attacks and breaches. They have become a new normal for the industry. Whenever there is a major breach, a lot of noise is generated. People start talking about Cyber security. They talk about spreading awareness. This goes on for a few days or maybe two three months and then we forget about the breach and continue as if nothing happened.
© Copyright 2024 Agni Information Systems (P) Ltd.
