DDOS, Phishing, and Ransomware: What they are, and how to keep your peace of mind
Are you getting tired of all these new cyber attack warnings that have been going around this year? Us too. It feels like every week now, we pass on a report of new ransomware, phishing attacks, or viruses taking down major networks. And it’s not just us who notices it; Kaspersky Labs says that ransomware attacks have gone up by 250% in the first quarter alone. In February there was Cloudbleed, WannaCry in May, and now, the latest attack, known as NotPetya for its superficial resemblance to the Petya ransomware, struck on June 27th.
What is a cyber attack?
At its simplest, a cyber attack is when a hacker exploits a weakness in a computer or computer system’s security. The reasons why a hacker would attack a website or internet company can range from political motivations to personal gain, and although ransomware has been getting a lot attention lately, it is only one of many different kinds of cyber attacks. For example, last October I wrote about the Dyn DDOS attack that took down many high profile websites like Netflix and Amazon.
DDOS attacks occur when a site is overwhelmed by the amount of connection requests being made per second, typically from a botnet. A botnet is a network comprising multiple compromised computer systems which are then forced to perform operations they normally wouldn’t. The intent of a DDOS attack is to shut down a system so that it can no longer operate. Though they are mostly used as a way to express dissatisfaction or cripple a company’s competitor, they can also be used as distractions for more sinister attacks that result in malware embedded in a legitimate website, or for password theft.
Malware infections are one of the most common forms of cyber attacks, if only because they include things like Trojans, viruses, and worms. You see, malware is simply defined as any form of code with malicious intent that either steals or destroys data on a computer. Malware resides in things like pop-up ads, links in unknown emails, and software downloads. Luckily, malware is fairly easy to protect against, but it never hurts to be reminded not to click on strange links.
Hackerman, from the youtube movie Kung Fury, is the epitome of what it takes to be a cool 80s hacker.
Speaking of strange links, do you remember phishing? Phishing has been around since the 1990s, when hackers, more commonly known as phreaks at the time, would pose as AOL employees and use instant messenger and emails to try to get credit card and account information from an individual. Although the preferred target has changed to websites like Google, Netflix, and PayPal, the overall technique has not really changed in the past 20 years. Even better, being caught in a phishing trap is fairly easy to avoid as long as you are cautious with your links.
But even before phishing, hackers used brute force to obtain password and financial information. Brute force attacks are pretty much what their name implies; a hacker uses a computer program that cycles through potential passwords until it gets to the right one. Some of these programs cycle through keystrokes while others, known as dictionary attacks, go through the entire dictionary to try and catch weak passwords. Many websites already protect against brute force attacks by limiting the amount of failed logins you can make, and through the use of Captchas. And you know how we like to nag you about changing your passwords? These are the kind of attacks we’re trying to protect you from.
Ransomware and Why You Will Pay The Price
As you can see, most of these attacks are aimed at getting money from you, and ransomware is no different. Instead of trying to trick you into volunteering information, however, it locks your computer or keyboard to prevent you from accessing your data until you pay a ransom. Many hackers prefer to get their funds through Bitcoins these days, but you can bet they were asking for credit card information in the past.
The worst part is that ransomware doesn’t just affect computers; in 2015, an app called Porn-Droid (yes, it was pretending to be a porn app) would lock the screens and change the pin of Android phones until owners paid the $500 ransom. According to a Symantec study from 2012, these kinds of cyberattacks are extremely lucrative, often netting hackers somewhere around $34,000 a day.
This infographic from trendmicro.com demonstrates the best way to protect your computer from a ransomware attack. Click through to see more.
But why do people negotiate with the cyberterrorists and pay these fees? Often times, hackers set the price of the ransom around $200, which means that paying up is cheaper than replacing the equipment or getting it repaired. Many early ransomware programs were also often distributed through “adult” sites, and the shame of someone finding out just what you were looking at on your computer is often enough that it’s just less embarrassing to pay up.
The Source and the Fallout
Unfortunately, even the most chaste and upstanding people’s systems are at risk, as was witnessed by the recent NotPetya attacks. A Ukrainian software company called MeDoc has been identified as one of the initial targets of the NotPetya attack and their central update servers were running outdated FTP (File Transfer Protocol) software with an outstanding vulnerability, making them extremely open to attack. It is believed that once the ransomware was slipped into their servers, it was then spread through a poisoned software update. As a result, Ukrainian authorities intend to hit the company with criminal charges for their gross neglect of their security systems.
Although the Ukraine is considered Ground Zero for the attack, they weren’t the only ones affected. Companies such as FedEx, the British advertising company WPP, and even Mondelez, the company that owns Oreos reported computer outages across the board. However, despite the extent of the attack, Kaspersky reports that only 24 people actually paid the $300 ransom, making it a less than profitable venture for the scale of the attack.
Now that security experts have had a chance to take apart the NotPetya ransomware, some are beginning to suspect that financial gain was not the attacker’s true goal. Inside the ransomware programming, they found lines of destructive code, similar to those found in malware.
When the Dyn-DDOS attack occurred in November, experts suggested that it may not have been a financially motivated attack either. It was believed that someone out there was testing their capabilities, flexing their hacking muscles to see just how much they could get away with. If the goal of NotPetya really was to obstruct and destroy and not to make a profit like Kaspersky suspects, could this simply be another volley from the same attacker?
Is there someone out there, or perhaps a group, gearing up for an even bigger attack? Is there a plot to take down and disable the internet for the entire world as a part of some global domination plot? Perhaps it’s Russia, running a few little tests before they shut down the USA for good and assert their dominance as the One True Communist Party.
Since no guilty parties have been identified yet, it’s hard to say. Either way, keep on avoiding suspicious links from Nigerian princes, make sure your operating system is up to date, run your virus protection software often, and, oh yeah…
Change your password.