The recent Microsoft Windows targeting WannaCry Ransomware that is depriving worldwide organizations of their own internal data is being done by leveraging internal
Network Security to penetrate all attached devices. The scale and scope of the organizations effected has alarmed the internet users around the globe. Cyber attackers used known North Korean Group Lazarus tools to code a malicious virus to get into the systems of hospitals, corporate and other institutions.
According to estimates well over 250,000 systems in 150 countries have currently fallen victim of this data breach and the count is still growing. Hackers locked the data, denied access to the owners and demanded huge money in bitcoins. To date of the few reported ransoms paid ($1.4 Million USD) – none have yet to receive any unlock of their data and now have the loss of their data and useless ransom monies paid.
The WannaCry ransomware that attacked computers in 150 countries has lines of code that are identical to work by hackers known as the Lazarus Group, according to security experts. The Lazarus hackers have been linked to North Korea, raising suspicions that the nation could be responsible for the attack.
As the internet has become accessible to citizens it has successfully triumphed as the perfect communication medium; this is what compels people to upload and share their personal data. In this scenario, prospects of any cyber attack in the form of WannaCry ransomware are not unpredictable.
Surprisingly, the recent attack is not new in history. In last two decades, when internet was not a mass media, many dangerous cyber attack took place the shook the world.
Here are few eye-opener network security breaches that raised questions over authenticity of the internet technology’s trust worthiness.
Attack on popular websites
In 2000, a denial of service attack took down the popular websites like eBay, Amazon, Yahoo, CNN and E*Trade; all these platforms catered to millions of users by acting as online trading platforms and search engines. Surprisingly, a 15 year old boy orchestrated this attack. Officials like, then US White-House Chief of Staff John Podesta and US Senator Jon Kyl condemned the attack and suggested for more vibrant and stringent security measures. They also hoped that these cyber attack must have made the public more aware about internet security threats.
Internet crash in 2003
A virus known as SQL slammer caused internet to crash in 15 minutes. It affected the systems around the globe. This cyber attack reportedly made businesses to halt their operations, ATMs became out of function and passengers became stuck at airports due to cancellation of flight. Again policy makers termed it as a wake up call and asked consumers to remain cautious than ever.
2010 Attack on Google
In a targeted operation, that was later named as “Operation Aurora”, Chinese hackers attacked on Google’s corporate support, causing damage to a handful of companies. Reportedly, the reason of attack was to steal the Google’s intellectual property. This cyber attack was also a whistle blower.
2010 Cyber attack on Iran’s nuclear program
Stuxnet, a computer virus attacked the Iran’s nuclear infrastructure, it also targeted the Uranium enrichment facility. This cyber attack was alarmingly dangerous in nature. The reason is that infrastructural programs about such sensitive plans have very tight security. If these kinds of programs and organizations are vulnerable to security breach, then how an ordinary system is safe?
2012 Cyber attack on Saudi and Qatari corporations
In August of 2012, a Iranian virus called Shamoon deliberately destroyed data files on over 30,000 corporate computers of Saudi Aramco – the world’s largest oil exporter. The code was traced to Iran and within 2 weeks the same code was detected coming from Iran into Qatar’s natural gas company RasGas. It took 2 months for normal operations to recover from these attacks.
2015 US Federal Data breach in Office of Personal Management
This massive incident took place in 2015; it victimized almost 21.5 Million US Federal employees, contractors, family members and others who had undergone US federal background checks. The data from this theft is still being used to destroy the personal lives of those affected. This was a major network security breach that held the US government accountable for such week security measures. This hack remains the largest data breach ever suffered by the US federal government to date.
This data breach has been found to be the result of Chinese made networking gear that had been installed in US Government contractor networks and persisted in penetrating US Federal networks on June 4 and June 12 of 2015. The Obama administration pressed the Xi administration for this Chinese govt sponsored attack with no results.
2016 attack on internet infrastructure company DYN
This not so long ago cyber security attack that took down, Twitter, Airbnb, Amazon and Spotify. Hackers targeted the popular DNS services company DYN, which is an key internet infrastructure company. This was a DDoS (Distributed Denial of Service) attack. Hackers managed to overwhelm DYN services through flooding it with an armada of ever growing dens requests. Hackers leveraged known default login passwords to devices like digital IP cameras, Cable / DSL Routers, NVR/DVRs, baby monitors and a lot of Internet of Things devices(Mostly all cheap Chinese managed network devices) and then by infecting them with automated Mirai Malware that turned these devices into DNS robots attacking DYN. ”It’s important for [Internet of Things] vendors who haven’t prioritized security to take this escalating series of attacks as a wake-up call,” The Washington Post quoted Casey Ellis of cyber security firm Bugcrowd as saying. “We’re entering a period where this is very real, calculable, and painful impact to having insecure products.”
A Serious Wake-up call for everyone (Governments and Citizens Alike)
It is not only connection to the internet that can cause a virus to spread and steal data of the users, even devices like cameras, scanner and printers can also make hackers to peek into systems of ordinary users, take over their data and ask for ransom money. All the above mentioned attack, including this latest WannaCry ransomware is a proof how easy it is for hackers to get control of any computer, where it belongs to a person or an organization that operates in strict security measures.
Managing security of internet communication lies in the hands of federal government. Now days, every bit of personal information related to a citizen has a record on the system. Whether it is social security number, credit card history, online shopping record or any such detail, a system somewhere in the world knows about all these things. Data breach of any website directly puts the security and privacy of a person at the stake.
People need to exercise more care while interacting on internet, downloading uploading files and even using the gadgets. Usually, cheap and low qualify gadgets are prone to be infected with malicious software. Public needs to take precautionary measures at personal levels. It also needs to pressurize policy makers and government officials by holding them accountable for their actions that may otherwise jeopardize the network security.
On another note, it has been discovered that Microsoft Corporation has purposely withheld free virus patch updates from Windows XP and Vista operating systems that could have prevented the WannaCry Ransomware getting access to the systems. Microsoft despite knowing the vulnerabilities present in its PC software, chose to withhold the release of the security patch for a certain section of clients in an effort trying to convince users to switch to its more secure and newer Windows 10.
Get Better Network Security Now!
Enable-IT designs and manufactures Secure and Encrypted ETHERNET EXTENDER solutions. Made in the USA, custom Options on any product at time of order and OEM in days – makes us more responsive to customer needs. We take great pride in using the highest quality materials and actual craftsmanship when building our products. We can even customize these at time of order to fit your specific needs as we manufacture in our very own US West coast facilities.