Every so often, reports emerge of big companies being hacked and held at ransom for the release of their digital assets, while concurrently, there is news of cybercriminal rings being tracked, found, and apprehended.
Cyber-security organizations are at a constant battle with hackers in this game of cat and mouse. Vulnerabilities that are left unfixed are inevitably breached, whereas, sometimes, some robust and well-maintained security systems get hacked too. Despite cybercrime and hacking being some of today’s buzzwords, most people do not know how they exactly happen.
People learn from history. So, what better way to know about cyber-attacks than to dig into the archives and study 3 of the biggest cyber-attacks in recent history? It’ll show us why and how hackers can accomplish such feats.
1. The Citrix Breach
Passwords are necessary credentials and need to be robust, unpredictable, and easy to remember. Conversely, people often tend to use a simplistic password for convenience or a series of passwords following a particular pattern. The Citrix breach of March 2019 provides proof of why that should never be an option.
Citrix, the remote networking software service, is a massive firm with high profile clients. However, its system was compromised when a team of hackers capitalized on its weak encryption credentials and gained entry into the network.
The hackers used brute force methods by trying all possible combinations of passwords, starting with the most common ones that follow patterns. The technique is known as ‘password spraying.’ Although clever, the longer and stronger the password combination is, the less effective this strategy becomes.
The takeaway from this unfortunate event is to make your passwords are as secure as possible. That requires complex passwords having multiple character types and a lack of predictable patterns, which should be unique to each service used and changed regularly.
2. REvil Ransomware Attack
In August 2019, 22 Texas towns were hit with an unusual hack-attack. They had all lost access to their demographic data files and were held for ransom. The hackers had simultaneously breached US citizens’ data in 22 separate towns across Texas, and the REvil ransomware wouldn’t release the files unless a collective ransom of $2.5 million was paid up.
After the files were recovered, the fault was revealed to be a single point of failure; an IT company that was breached by the ransomware. The 22 towns had all outsourced their IT services to that particular company.
The lesson to be learned here is that your data needs to be controlled and distributed wisely. No matter the safety precautions you take to protect your data from your own end, if you give your data to an unsecure body, it’s prone to attacks from their end too.
3. WannaCry Hacking
The UK’s National Health Service was held on a standstill back in May 2019. All computer systems were hacked and seized courtesy of the ransomware strain’s global release known as ‘WannaCry.’ Hospital functions like appointments and surgeries were halted entirely since the systems were infiltrated at critical points.
The entire situation needed weeks of expert ethical hacking to undo, but the damage done was permanent. The only plus side to this, however, is the takeaway from this lesson. Updating software is a crucial practice since many software vulnerabilities are regularly patched up by developers, and systems with obsolete software are much easier to sabotage.