2020: a year of offline & online virus attacks
Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say ~ Edward Snowden
Cyberattacks, Most aspects have changed beyond recognition in the past nine months-the way we live and work and the use of the internet and cases of cybersecurity have increased enormously. Phishing & Ransomware attacks are becoming more sophisticated, in which carefully targeted digital messages are transmitted to trick people or organization into clicking a connection that can then install malware or reveal sensitive data which literally kidnap an individual or organization’s databases and keep all of the information for ransom. The emergence of cryptocurrencies such as Bitcoin is credited with helping to fuel ransomware attacks by allowing anonymous payment of ransom demands.
Prominent one, SolarWinds is an America based company, who is expertise in software development of network, system, security and information technology infrastructure for several big private companies and federal government. In December 2020, it was found that SolarWinds had faced a major setback where attackers installed their malware or malicious code on Orion platform where more than 17,000 customers of the company suffered a heavy data leakage. This Orion platform is a product of SolarWinds which is specifically designed to monitor the networks of systems and report on any security problems, so they have to have access to everything, which is what made them such a perfect conduit for this compromise. In the initial level of investigation USA is alleging Russia for this hacked and Russia has denied this allegation. This is among one of the biggest cyber-attack on US government agencies and private companies where large amount of data was compromised.
Area of concern for USA: This cyber-attack has shattered Federal Government and Public & Private Sector players in the USA. In the initial level of investigation, it was identified this cyber-attack was carried away by a nation with top cyber offensive capabilities and the worst part is attacker has able to found the details of certain government customer to the company.
This attack was unique in nature, because generally major cyber-attacks conducted against the data owner, i.e federal government or any organization. But this time attack is on the third-party vendor, who is generally a part of data supply chain, which had made this attack more catastrophic. Hackers managed to access a system that SolarWinds uses to put together updates to its Orion product and it is presumed that damage of this attack was identified after a month or more than a month which is a devastating fact for entire federal & private sector of USA.
Till now prime federal victims of this cyber-attack was US Departments of State, Homeland Security, Commerce, and the Treasury, as well as the National Institutes of Health. Among the private sectors major IT giant Microsoft’s 40 clients across eight countries and security cyber security firm FireEye has confirmed the devastating impact of this cyber-attack.
This attack was so novel in nature that every organization or company should be concerned because unknowingly their networks could be breached and the adversary is monitoring and observing their actions for a long period of time.
Failure of the threat detection system in USA: Most of the times the USA has proved themselves as a leader of world’s science and technology. For past few years USA is investing a hefty amount for its digital threat identification & intrusion system “Einstein”. But failure of “Einstein” on identifying supply chain attacks or threats is an embarrassment of USA.
USA is victimized: Globally it is well accepted fact that USA is the only super power in field Military, Science and Technology. But this time USA is the prime victim of cyber-attack and its sever consequences. Till now final assessment of the loss for this attack in not published yet but it is assumed that this time in the field of cyber technology & data protection science USA has faced a major jolt. Which could be a game changer in the field of Cyber world and data security. Sometimes in cyberspace our opponent might have bigger and better weapon to act as a deterrent, but smart players always keep their capabilities under wraps.
Blame Game: This cyber-attack is nothing less than a reputational attack on USA’s Science and Technology development. Even though USA is searching for some evidence but still not nothing concrete is found yet. Possibility of insider trading is denied by SolarWinds but impact of this cyber-attack was clearly visible from investors front. Major investors of SolarWinds has sold millions of dollars’ stock, which has raised a lot of questions to this company and its involvement in the novel cyber-attack. According to the USA, they are clearly stating that Russia is engaged in this cyber-attack and President Trump is hinting that there is a possibility of Chinese Involvement as well. As investigations are still going on, so lots of theories are floating in global media but it would be too early to make any closure statement on this “#Cyber Attack / #Insider #trading.”
A few other cybersecurity incidents in 2020 are listed below. The rankings are based on the impact caused to the organization by the security breach.
1. Experian Breach - Experian, a consumer credit reporting agency, has experienced a massive breach of the personal data of its clients, impacting an estimated 24 million South African consumers and almost 800,000 firms. This is one of the largest ever data breaches witnessed in South Africa. According to Experian team an individual fraudulently claimed to represent one of its clients and then requested “services” from the firm, prompting the release of the data.
2. MGM Hotel - MGM Resorts had suffered a data breach last year and it was reported that personal information such as name, email address, and mobile number of approximately 10.6 million (1.06 crore) guests were compromised which was reported by ZDNet last year. But in July, 2020 it appears that the data breach was much larger than initially reported, and it is reported that over 142 million (14.2 crore) MGM Hotel guests’ data might have been impacted which looks like the actual number of guests impacted may be nearly 14 times higher. After a hacker posted an ad on a dark web cybercrime marketplace, the latest data breach data from MGM guests came to light and according to the ad, the hacker is selling information for $2,900.
3. Cognizant Technology Solutions Corp - Cognizant Technology Solutions Corp which has about 3,00,000 employees was hit by a “Maze” ransomware cyberattack in month of April, resulting in service disruptions for some of its clients. Ransomware is a type of malicious program used by hackers in an infected system to take control of files and then demand hefty payments to recover them. In May, 2020, Cognizant revealed that it paid a ransom of $50–70 million to cyber attackers to restore its services.
4. University of California - In June, 2020, University of California, San Francisco (UCSF) paid a partial ransom demand of $1.14 million to recover files locked down by a ransomware infection. On June 1, the ransomware attackers encrypted data on servers inside the school of medicine. Administrators quickly attempted to isolate the infection and ringfence a number of systems that prevented the ransomware from traveling to the core UCSF network and causing further damage. The BBC was able to follow the negotiation, made in the Dark Web, between hackers and the university. The hackers first demanded $3 million which was countered by the UCSF with a $780,000 offer, together with a plea that the novel coronavirus pandemic had been “financially devastating” to the academic institution. However, this offer was dismissed, and a back-and-forth eventually led to the agreed figure of $1,140,895, made in Bitcoin (BTC). In return for payment, the hackers provided a decryption tool and said they would delete data stolen from the servers.
5. Zoom App - In April, 2020, Computer Emergency Response Team of India, the national cyber-security agency, warned about the cyber vulnerability of the famous video conferencing app ‘’Zoom’’, used by tens of thousands of professionals who are working from home in the country due to the COVID-19 pandemic, and released an advisory outlining the safety measures for both the operator and the users. The famous video-conferencing app has been mired in controversy by recent cases of Zoom bombing, which the company has recognised in its blog, and a flaw in the iOS app that sends user data to Facebook.
Sum-up
Privacy is not for the passive; it is for active technologists who are mindful of risks and rewards of the best asset class of the business they do i.e. DATA business.
Points to ponder:
a) Are we accepting the fact digital transformation requires investment in security?
b) Is cyber security regime, a part of board agenda?
c) Is cyber security plan discussed on paper or inclusively deployed at root level?
@EnkryptLaw team do pro-bono assessment for startups, progressive and high-growth companies. Do reach-out to me at vikas@enkryptlaw.com.
Acknowledgment for content: #bbc, #microsoft, #crn, #wired, #lexology, #bloomberg, #google
