Cyber threats have escalated over the years to the point where we have now hit what I call Digital Defcon 1.
One of the main weapons that hackers use against us is the threat known as ransomware. This kind of attack could come to your office via email, appearing to be a bank/shipping or other communication, and when a weaponized attachment is opened, the threat is unleashed on your computer. It then infests every other computer in your office connected to it.
At that point, digital files are frozen, and you are asked to pay a ransom to the hackers.
If paid, they will provide you with the encryption keys to unfreeze your computer. If you ignore it and try and restore files from backups, the hackers might threaten you again to expose data that they may or may not have stolen when the threat was first unleashed.
In short order, you are dealing with digital theft, extortion, and what our leaders want to now call an act of terrorism.
Hackers have always targeted businesses as well as city and county governments, anywhere they think they can monetize from an attack. The response landscape shifted for our leaders when hackers started going after critical infrastructure.
We started seeing these attacks not just impact the economy but disrupt lives as well.
One such attack that clearly demonstrates this happened at OneBlood a few days ago.
OneBlood is a blood bank servicing 350 hospitals across four states, including Florida. It is an Orlando-based nonprofit whose mission is to help save lives.
Blood cannot be created in a laboratory; it can only be obtained from donors, which means there are not many entities in this supply chain. On July 29, OneBlood was hit with a ransomware attack, disrupting operations.
An attack on a group like this leaves me searching for the right adjective to describe these criminals.
Let's go with "evil."
If you have ever needed blood or had a family member involved in a serious accident you know how crucial this service is and how vile attacking them is.
Any cyber-attack carried out by criminals is brutal.
The Colonial Pipeline attack a couple of years ago shook the nation as our fuel supply was interrupted; this one is about human lives — and should be a loud wake-up call for our leaders.
The latest actions at the federal level consist of Senate Intelligence Committee Chair Mark Varner, sponsoring a bill to categorize ransomware attacks as terrorism. If put into law, it would be the first of its kind and would put the full weight of the U.S. Government in action against digital terrorists/hackers and that could maybe shift the tide in the cyber war we are all in.
In many cases, digital terrorists work in conjunction with a nation-state supporting them. North Korea would be a good example, they are constantly waging cyber war with the U.S. and our allies.
If you wish to take a deeper dive into the history of how we got to this point, it is a brutal timeline.
Between the Sony hack in 2014 to the present is a timeline of the battles waged and how it has escalated to 100% cyber war. Hackers who were allegedly backed by North Korea put Hollywood in a fight with the media for shining a light on damaging information that was released.
Fast forward to the Democratic National Committee attack during the highly charged climate of 2016, then the Colonial Pipeline attack, combined with the tens of thousands of other non-high-profile attacks in between, and you can see the big picture of the harm these hackers are doing to society.
Am I suggesting it is coordinated and on purpose? Yes, in many ways, no in others, some hacks are from individuals but don't forget they not only work in cahoots with nation states, hackers also work together and in some cases. Our own citizens are working with them, against us, in some cases. Remember when Vegas got hacked last year? That appeared to be a group hack with U.S. and foreign hackers working together, they call themselves The Com.
You might be thinking, how does that happen? Take a look on the dark web. Hackers actually post jobs. They offer great pay, aggressive benefits, and work-from-home options.
Cybercriminals are attacking us on every side, the flank of all flanks, and information warfare on speed and steroids concurrently. We are on the other side playing the role of Napoleon and we are sitting in Waterloo and starting to realize it sure is cold out. If you have not considered cyber-attacks as a large-scale war, it is just that and we are not winning. Every week there is another incident. It is estimated that 800,000 people experience ransomware events each year and that over 88 million people are victims of some type of cybercrime annually. If you do that math that means that, according to experts, there's a victim of a hack every 39 seconds.
There are many protections available from security companies to help fight hackers. Some of the best are Threatlocker, Field Effect, Huntress, Trend Micro, Sonicwall and Knowb4. They all have great offerings that do a really good job protecting businesses; I have worked with all of them.
But there is no silver bullet or magic shield (our company Aegis is Greek for "shield") that stops everything. Until that time, don't click emails that you are not expecting, do not respond to texts that sound strange, do not browse websites in areas (adult, coupon, gambling, etc.) that are known to be loaded with malware, do not give your bank info away over the phone, do not accept friend requests on social sites from people you are already friends with, do not mail checks and make sure your password is complex/unique (and don't share it) for every place you go online.
That is how we do our part to be the volunteer militia in this war. We will see how law enforcement, now working with the military and the federal government, will soon respond.
For hackers, they are just getting started. The Fall election will bring a tsunami of hacking that will include fake emails, bogus calls, faux posts, and fraudulent texts, the likes of which humanity has never seen.
We are indeed at war, and just by sitting down at your computer to read this, you are now on the front lines.
No comments:
Post a Comment