Technology, in the case of cybersecurity, has been a double-edged sword. It has allowed individuals, businesses, and governments to be more connected than ever before, but it has also created new avenues for criminals and hackers to cause havoc.
While cyberattack incidents have been happening for at least half a century, the massive damage that they can inflict is only just coming to light. This blog will explore some of the major cybercrime incidents in history and how we can protect ourselves against them.
China’s Great Cannon
Most people are aware of the Great Firewall that monitors the internet traffic entering and exiting China. It dominated as a defensive technique, blocking prohibited websites and servers. However, a few years ago, the Great Cannon emerged as its offensive counterpart. It could prevent access and change harmless content into malicious content as it passed through the internet. By acting as the “man-in-the-middle”, it was able to hijack traffic and replace unencrypted text.
In 2015, GreatFire became the first victim, primarily due to its anti-censorship stand. The company was also using two GitHub software repositories, one for instructions to evade the firewall and the other, a mirror of the New York Times. They were also using something called “Collateral Freedom”, wherein they were hosting their content on encrypted services that were vital.
In March that year, GreatFire was the victim of a Distributed Denial of Service (DDoS) cyberattack. It was flooded with traffic almost 2500 times its normal level, amounting to 2.6 billion requests per hour. While China could not entirely take it down, the company’s bills on Amazon, which was hosting its servers, shot up to a staggering USD 30,000 per day. Following this incident, the Great Cannon went after its next target, GitHub. About 1.75% of the traffic intended for Baidu, China’s largest search engine, was diverted to GitHub, overwhelming its servers. As a result, the website was down for a few days and was not accessible by the public.
Such an attack was unprecedented, which is why initial reports pointed to the Great Firewall. The discovery of this new weapon came to light only after deeper research. Researchers at the University of Toronto, University of California, Berkeley, the International Computer Science Institute and Princeton University have found that China can intercept any foreign web traffic as it flows to Chinese websites and injects it with malware.
Preventing a DDoS Cyberattack
DDoS attacks were on the rise for the past few years but got a big boost due to Covid-19. As a result, cybercriminals have found new avenues for carrying out such attacks, and the impact has been catastrophic. Not only do companies suffer from outages and high server costs, but they also miss out on revenue opportunities and customer goodwill.
The first and foremost precaution is to be aware of the warning signs of a DDoS attack. If you are facing inconsistent connectivity or website crashes, it is a red flag. Division of the cyberattack into several lower-volume ones can make it look like a harmless disturbance.. Next, companies can use anti-DDoS hardware and software. Network firewalls and load balancers, for example, are a good starting point to monitor and filter the incoming traffic. Additionally, configuring the hardware to detect and stop a DDoS attack from taking place is also helpful.
SolarWinds’ Supply Chain Attack
In December 2020, US cybersecurity company, FireEye, fell victim to a cyberattack and reported the same. However, as teams began to investigate the matter, new revelations came to the surface. The crime was not conducted in isolation but was a part of a much larger cyberattack impacting both private and public organisations.
A hacker group apparently affiliated with the Russian government attacked a major IT firm, SolarWinds. Their clients include a large chunk of the US Fortune 500, all US military branches, the Pentagon, and the State Department. Among its other services, it produces a network and applications monitoring software called Orion. Hackers successfully planted a virus in one of Orion’s updates distributed to hundreds of its top customers, thus compromising their systems. This was termed as a “supply chain attack”.
During FireEye’s investigation, it was revealed that the cybercriminals modified Orion’s plug-in called SolarWinds.Orion.Core.BusinessLayer.dll. The compromised part of the software looked legitimate but allowed them to access sensitive information. Instead of holding files to ransom, the hackers maintained a low profile and robbed credentials for lateral movement through the network. Although the breach was discovered in December, the malware was apparently injected in March. It was silently stealing information from multiple sources and clients for espionage. It was also termed as one of the most significant attacks against the US government.
The most striking feature of this cyberattack was how so many organisations were damages by breaching just one target. Supply chain attacks are harder to detect because software updates from authorised sources and are allowed to pass. The stakes are higher for smaller businesses that don’t have the equipment to detect malware or viruses quickly. The recent attack on Kaseya was on similar lines and compromised the systems of almost 1500 businesses worldwide. Hackers demanded a huge ransom to restore access.
Preventing a Supply Chain Cyberattack
Rigorous anti-virus testing is not done for software updates from companies considered safe. To prevent supply chain attacks, careful examination of each update is essential before installing. Additionally, companies should use software developed by those that themselves have reasonable security procedures in place. If such issues are detected and resolved at the source, a lot of burdens will be reduced. Lastly, only a few trusted vendors should supply software. The more exposure to different software firms, the more vulnerable a company is to such a cyberattack.
Pegasus’ Zero-Click Attack
Pegasus, developed by Israel’s NSO Group, was termed “a world-leading cyber intelligence solution that enables law enforcement and intelligence agencies to remotely and covertly extract” data “from virtually any mobile device”. Once installed on the phone, the spyware was capable of extracting a lot of data. Monitoring everything from call logs and passwords to microphone and location details was made possible. However, the NSO Group was explicit about selling it only to Governments and using it to tackle terrorists and criminals.
Initially, Pegasus exploited smartphone vulnerabilities by tricking users into clicking malicious links, known as spear phishing. The modes were primarily SMS, emails and WhatsApp messages. However, in 2019, Amnesty International reported that Pegasus could now infect phones through a “zero-click attack”, meaning that the user did not need to take any action. In addition, it was capable of exploiting “zero-day vulnerabilities” or bugs in the phone’s operating systems that manufacturers did not yet know. That year, WhatsApp reported how the NSO Group hacked into 1400 devices through a zero-day vulnerability through a missed call. Once installed, Pegasus could erase the call log, making it impossible for the user to detect it. Even Apple’s iMessage became a carrier of spyware.
Pegasus’ transformation into a zero-click attack and ability to hack phones through mediums like WhatsApp and iMessage have dramatically increased the number of targets it can reach. Additionally, its programming is such that it removes any trace of its existence. So, a regular user will have no idea about it. There are also reports of the NSO Group exploiting vulnerabilities in other regularly used apps to enhance its cyberattack.
While Pegasus is in use since 2011, it was recently in the headlines for its alleged misuse. Government officials, leaders of the opposition, business leaders, pro-democracy figures and journalists in different countries were allegedly spied on.
Preventing a Zero-Click Cyberattack
Dealing with zero-click attacks is hard since they exploit inherent loopholes of an operating system. Therefore, developers and device makers have to constantly monitor new bugs and ensure patches are provided to users. In addition, updates should be rolled out in case of a genuine cyberattack.
For users, as a precaution, phones and apps must be up-to-date so that new security patches are present on the device. This works best in tandem with other cyber hygiene practices, such as not clicking on unknown links and downloading anything from spammy sites. Since most zero-click attacks target a particular section of people, the general public may relatively be safe. That should not, however, mean that one puts their guard down.
Bangladesh’s Bank Heist
In 2016, one of the biggest heists was uncovered when the Bangladesh Central Bank (BCB) was robbed by unknown cybercriminals. However, instead of stealing any login credentials of the bank’s clients, the hackers attacked the bank itself. They got their hands on the SWIFT account, a closed network for inter-bank communication and transferring large sums of money.
On February 4, the hackers got access to the SWIFT account details of a few BCB officials and sent requests to the Federal Reserve Bank of New York to transfer funds to bank accounts in the Philippines and some other countries. The printer installed at BCB was configured to print the receipt of every successful transaction automatically. However, on February 5, employees discovered that due to a system fault, no slips were printed. When they failed to print any slips manually, they realised that the software linked to the SWIFT account showed that a critical system file was missing or altered, indicating a hack.
When BCB finally got the software and printer to work, multiple slips came out, which showed how the Federal Reserve Bank of New York had tried to contact them to ask about the transactions. But, they could not respond due to the malfunctioning software. Complete chaos followed as officials tried to determine the extent of the loss and ways to stop any further transactions. As they attempted to contact New York and SWIFT authorities, they understood just how well the entire heist was planned. Since it was a weekend in the United States, nobody responded from the other side as well. It was only on the following Monday that BCB discovered the transactions amounting to $101 million.
The BCB cancelled a $20 million transfer via Pan Asia Bank but lost the remaining $81 million sent to the Rizal Commercial Banking Corporation in the Philippines since it had already been credited in the intended accounts. The heist could have been much bigger if the hackers did not make a spelling error in one of their transactions. They misspelt “foundation” as “fandation” while transferring to the Shalika Foundation, alerting which alerted the New York bank officials.
Preventing Human and Organisational Errors
The real reason behind the lapse at BCB was a mystery, but there were many speculations regarding insider assistance and lax security protocols. Evidence showed that SWIFT systems installed by BCB did not follow official guidelines leading to severe vulnerabilities. The malware in the software and printer was possibly the result of a phishing campaign.
Human errors are at the heart of many cyberattack incidents Prevention is possible only by imparting enough knowledge to understand and detect the nature of crimes. Especially in the case of social engineering, employees must be follow guidelines and not click on links from unauthorised sources. Moreover, regular updation of securoty systems is necessary. If there is any loophole open for exploitation, then early corrective measures can be extremely helpful. For example, if BCB hadn’t solely relied on printouts of receipts, they might have been saved. Organisations should rigorously enforce even communication protocols and standards.