It’s common knowledge that many organizations budget against catastrophic loss in their digital environments by investing in the “Best” security tools. Endpoint protection, firewalls, threat monitoring and detection software, spam filtering tools, and more mitigate threats from external actors.
Movie productions have conditioned us to visualize a hacker as a code-freak sitting in a corner with multiple monitors brute forcing some kind of exploit or backdoor in servers and computer software. While this does happen, it isn’t nearly as prevalent as you’d think. Software and infrastructure companies have their own teams of White Hat hackers who consistently test software and hardware devices to find potential vulnerabilities before bad actors do.
In fact, many private companies that buy and use industry leading technology that has been exhaustively tested and certified by security authorities still take the extra step to hire their own White Hat teams to perform regular penetration and vulnerability testing on their systems.
All that in mind, how is it that hackers are still able to position ransomware in society in ways that affect us in our personal, professional, and public lives?
Human Error Empowers Hackers
As human beings, we are inherently prone to failing our way into success, because we learn best through failure. Within that general line of thinking, human-made security will always be vulnerable. At the end of the day, yes, even the backdoor exploits can be boiled down to human error.
Insider threat can be both intentional and unintentional, leaving a lot to be said about the relationship between responsibility and inevitability in these situations. Black-Hat Hacker organizations should be looked at in the same vein as terrorist organizations, when considering the impact they have on daily life, and potential threat they pose to safety. They aren’t just solo actors, but also networks of criminals who operate with anonymity, and know how to make out with millions in the process.
The most recent episode of Ransomware that made big headlines was the Kaseya hack, a managed service provider that hosts a server, network, and device monitoring and management platform called VSA.
The VSA platform allows customers (corporations) to monitor and manage their cloud and on-premise infrastructure, which makes them a prime target for your neighborhood Ransomware Terrorist. CSO Online published an article that tracks the timeline of this whole event. I would check out what was reported on July 12th if you need some proof of life on the human error aspect of cybercrime.
Exploit or not, sitting behind a VPN on a public Wi-Fi network with an untraceable laptop s/he bought with cash, these criminals are hyper-intelligent, motivated, and risk averse stick-up artists with time on their hands to put in the leg work for a Ransomware score. The most talented ones never get caught.
Ransomware is a Cultural and Geopolitical Problem
Pop culture has made hacking sexy. In movies or TV shows, they’re cunning, capable, and downright battering rams against anything cyber. This is so far removed from the truth that its hysterical. Hackers spend a lot of time researching, learning, and planning an attack, and it isn’t as simple as just firing up a laptop either.
They stalk corporate employees and regular people, both in person and digitally, looking for avenues of attack. They use services like LinkedIn to see where people work, and to understand what they do for a living. Especially important is that they target people who work with technology who generally have access to high-risk systems and resources. They patronize your store-fronts and online businesses looking for exploits on kiosks, card readers, mobile apps, and more. If this sounds creepy, it isn’t the half of it.
Edward Snowden confirmed for us that the US was in fact spying on… everyone. Yet, there is no possible way that they were able to watch/ analyze all the data of every person they were monitoring. The claim that it was for anti-terrorism purposes seems fair, but at what cost? Logic dictates that some, but not all, elected officials and security agencies aren’t responsible enough to be trusted with this scale of data, and the ability to tap into every device to spy on a country’s citizens.
This is the power that ransomware gives criminals over citizens, corporations, and countries when they take aim. They go so far as to learn about your personal life, like your first pet, your first car, your family members and their details, etc. Most of us publish all this online, and many times they are answers to our security questions! Then, they use that information to hunt you for credit card numbers, passwords, bank account information, SSNs, corporate credentials etc. Your data is a link of records that trace back to you, and the wrong person use it to make life a living hell. Personal data leaks lead to both personal and corporate cyber-crime perpetuation that is extremely difficult to mitigate.
How it Affects Regular People
If you think a person whose life has been hijacked and is under severe threat of having their life ruined by a hacker goes straight to the authorities, you’re living in a bubble. Everyone is a target, and anyone can be a victim.
They access your cameras on your devices, and they use them to record you and your activity online. They can track your phone if they can infect it, and in many cases can clone it to see exactly what you see. They can also use keyloggers to capture plain text passwords even if they are hashed. Cyber Terrorists can ruin your life, and they are practiced in finding weak-points both in the physical and digital reality.
Anything that bothered you about what the NSA can and has done by having your entire cyber life a click away should give you pause when considering the same cyber threats by non-government actors with no good intentions in mind.
Don’t think that cybercrime is only for the technically proficient; The Internet is a hell of a gateway to information. The highly motivated criminal can buy Malware Online with ease. With some basic technical knowledge and a well-researched target, criminals can find ways to deliver malware through emails, dubious links, entering poorly protected home wireless systems, and much more.
How it Affects Cities and Corporations
When the City of Atlanta’s municipal systems were held hostage by Ransomware back in early 2018, all hell broke loose. The SamSam virus had crippled most systems that involved court scheduling, payment processing, and many other integral public systems that we rely on. In fact, I was a beneficiary of this hack; I had received a speeding ticket just shortly before it happened, and the digital record of the occurrence vanished. I called with the physical ticket, but they couldn’t locate the citation # since all the systems were down, and they did not seem to have a physical record of it either.
Outside of just ransomware, cyber theft is extremely prevalent as well, as hackers really choose whether to steal or hold ransom once they enter a privileged system. In most recent times, you can think of Colonial Pipeline, Kesaya being ransomwared into the news, but most recently T-Mobile was hacked and lost 40 million records, which reports say also included Social Security Numbers!
The financial burden placed on corporations, in fines, remedial security expenditures, and loss of public trust that leads to loss of business are direct costs. However, the cost to individuals in situations like this include Identity Theft, and complete financial ruin that is not easy to recover from.
How to Prevent Ransomware Attacks
For our Security Professionals and Network experts, keep doing what you’re doing with Firewall Tech, Malware Detection, and Anti-Virus, but bolster those with Identity and Access Management. Build Identity Management into every network, and control access to the network and service access within the network with MFA and strong IAM policies and process.
Invest in Privileged Access Management Solutions that prevent breaches from hitting critical systems; A hacker who has accessed a network only has as much power as the accounts he/she can rig/ commandeer for their nefarious purposes. PAM is the last bastion of defense your servers and computers have against Hackers who can circumvent the best firewalls and detection software.
For our personal lives, use VPNs at home, and practice self-protective online and in-person activity. In fact, we published an article about protecting yourself against Identity and Financial Theft a while back here that also applies to protecting yourself from Ransomware.
Teaching Security to the General Public
At the end of the day, Ransomware isn’t just a problem for corporations. The mistakes made by the companies we trust with our information have far reaching consequences. The reason for this can’t be pinned down to technology issues; The fault lies in the culture of security in society as a whole.
We teach children not to trust strangers in public, but do we really educate kids or adults on how to combat threats that occur over the internet? As a society, we have advanced exponentially since the internet was first invented, but with that advancement came an advancement in risk, and I don’t think we truly scaled to match that advancement from a cultural standpoint as it pertains to security.
At places of business, and at home, we should be teaching the risks and key techniques to avoid cyber threat to both technical and non-technical minds alike. With increased general knowledge about security and staying safe digitally, our threat vector as a whole becomes increasingly smaller for hackers to exploit innocent people who didn’t know any better.
For Organizations, our advice is to build security into the minds of your personnel and into your systems. For the Regular Joe, invest time in learning how to stay safe online just like we do in the real world.