2019: Cybersecurity Is In Crisis

Just over half of 2019 has gone and there have certainly been six months worth of data breaches, supply chain manipulations, state-backed hacking campaigns, and omens of cyber-war. Now 2019, feels as though the worst is yet to come. Ransomware is increasing, corporate and US government security is still a mess, and geopolitical tensions are rising worldwide.

In a recent review Wired magazine identified several major cyber-security incidents so far this year, incuding:-

Ransomware
Ransomware attacks are truly nothing new at this point, but 2019 is looking like a banner year for them. Criminal groups continue to target businesses, healthcare providers, and local government with malware which is specially designed to encrypt a system's data and demand a ransom to decrypt it, swindling billions of dollars per year in the process. 

A destructive strain called LockerGoga has specifically been attacking manufacturing companies, often forcing production plants to switch to manual control or exacting long-term damage on systems that control physical equipment. 

It's easy to imagine, though, how this type of attack could be used by state-sponsored critical infrastructure hackers, especially given how both North Korea's WannaCry and Russia's NotPetya were ransomware-like worms crafted with each country's geopolitical agenda in mind.

Supply Chain Breach and Attacks
A legitimate software vendor pushes out what looks like a trustworthy software update to users, but it's really a destructive instrument of cyberwar. That is the evil genius of the supply chain attack. The most famous example is likely 2017's NotPetya attack, when Russian hackers spread destructive malware in part by compromising the update mechanism for a Ukrainian accounting software. And this type of malicious hacking has been a particular signature of 2019 so far.

In March, following a research report from the threat intelligence firm Kaspersky, computer maker Asus disclosed a supply chain attack sometime in the second half of 2018 that had compromised the company's Live Update tool to push malware to almost 1 million customers. 

Victim devices accepted the tainted software because the attackers signed it with a real Asus certificate (used to verify the legitimacy of new code). Though the hackers infected a huge number of machines through the attack, they seem to have been specifically targeting 600 computers, which they then hit with a second-stage attack.

Researchers call the group behind the Asus supply chain compromise Barium or ShadowPad. Little is known about the affiliation of the group, but it is thought to be Chinese-speaking. Barium was also connected to another famous supply chain hacking 2017 of the popular computer cleanup tool CCleaner. 

US Medical Agency Attack
One of the most concerning corporate data breaches so far this year is that of the American Medical Collection Agency, a massive healthcare-related debt collector. The company discovered that it had been breached in March, and filings with the US Securities and Exchange Commission indicate that the intrusion on AMCA's systems lasted from August 2018 through March 2019. 

The incident was first publicly reported at the beginning of June after the medical testing firm LabCorp said that 7.7 million of its customers had data exposed because of AMCA, and Quest Diagnostics said it had had records from 12 million patients exposed. 

AMCA said that the compromised information included first and last names, dates of birth, phone numbers, addresses, dates of medical services, healthcare providers, and data on balances due. The stolen information did not include insurance ID numbers or Social Security numbers.

First American
Not all data security incidents are breaches. Sometimes data is improperly stored and publicly accessible, it may not have been stolen, but it was still exposed. First American, the massive real estate and title insurance firm, offers a crucial cautionary tale of how dangerous data exposures can be. Discovered in May by security journalist Brian Krebs, the incident exposed 885 million sensitive customer financial records going back to 2003. 

They were accessible to anyone on First American's website. It isn't known whether anyone actually found and stole the information before the company locked it down, but it was extremely easy to grab. Social Security numbers, driver's license images, bank account numbers and statements, mortgage and tax documents, and wire transaction receipts from millions of Americans were all included in the trove. 

Iran
Ever since the United States withdrew from the 2015 Iranian nuclear agreement last year, international relations and cyber-security experts have been warning that the move could escalate tensions between the two countries. Iranian hackers have ramped up campaigns around the world, and particularly against US targets, as the two countries clash more openly in the physical world.

June, in particular, saw tensions continue to rise with a series of incidents in the Middle East. On June 13, two fuel tankers were attacked in the Gulf of Oman. The US blamed Iran, and also accused Iranians of attempting to shoot down a US drone. 
One week later, Iran succeeded in shooting down an unmanned surveillance drone, which it claimed had entered Iranian airspace. Trump considered then ultimately aborted a kinetic strike in response to the provocation, but US Cyber Command was approved to launch a damaging cyberattack against Iran's rocket and missile launch control systems.  The hack reportedly took weeks or months for Cyber Command to design and orchestrate.

Meanwhile, Iran has been hacking back at the US. The question now is whether cyber strikes can really be used as an alternative to kinetic conflict, as some war scholars have proposed, or whether they only serve to escalate real-world combat.

Wired

You Might Also Read: 

US Cyber Strike On Iran Is A Step Change:

A New Age of Warfare:

 

 

 

« BA Faces £183m Data Breach Fine
Cyber Essentials For Board Directors »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Cyber News Live (CNL)

Cyber News Live (CNL)

Cyber News Live provide vital information and raise awareness about all things 'cyber' to ensure you stay protected in the digital world.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.