Security

Cyberattacks on U.S. Companies

people gathering on street during nighttime

Cybercrime can be classified using many different methods. The first method would be using three categories of targets, crimes against people, property, and government. Another way would be labeling cybercrime for the manner in which it is utilized, such as in cyber campaigns, cyber warfare, and cyberterrorism. As cybercrime is always growing and evolving, security and I.T. professionals need to adapt to the changes, continuously ensuring that the practice of defending against cyberattacks is just as sophisticated as the methods used by cybercriminals. As the term cyberattack can be defined by any procedure of attempting to damage or destroy a computer system or network, classifying each form of cyberattack can be challenging, yet allows security professionals to effectively identify and prevent the various types that exist.

There have been several cyberattacks on U.S. businesses as of late; in fact, as reported by Charlie Osborne from Zero Day, “76 percent of U.S. businesses have experienced a cyberattack in the past year” (2018) (Osborne, 2019). One of the most recent attacks involved the use of social engineering on employees at Twitter. “Hacked” accounts from many notable users, including Elon Musk, were targeted; in these attacks, the unauthorized individual would create posts asking for Bitcoin. Marriot, a well-known hotel chain, recently shared that 5.2 million hotel guests were fraudulently accessed in 2020; this information contained names, phone numbers, addresses, and other personal information.

A recent global campaign targeting defense, financial, energy, and nuclear companies have also been discovered. Dubbed ‘Operation Sharpshooter,’ a group of hackers targeted critical infrastructure using an advanced malware/social engineering attack. Per Ryan Sherstobitoff and Asheer Malhotra of McAfee, “This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation (Sherstobitoff, Malhotra, 2018.)”

Operation Sharpshooter implemented job recruiting activities to persuade targets to open malicious documents; these documents contained an implant called Rising Sun, which leverages the malicious source code tied to ‘The Lazarus Group,’ believed to be based out of North Korea. You might have heard of The Lazarus Group’s speculated involvement in the Sony Pictures breach.

While the tools used in Operation Sharpshooter and The Lazarus Group’s attacks share similarities, it is essential to note the potential of false flags, pushing the blame to a different group to cover up the actual perpetrators. The Rising Sun first opens a back door and gathers/encrypts data, then sends data such as I.P. addresses, system settings, and network configuration to a control server.

In recent years, attacks on critical infrastructure have been on the rise through former President Barack Obama’s term and now into President Trump’s time in office. Last year, President Trump signed an executive order to improve cybersecurity in the United States; while this order was created shortly after the news of Russian interference in the election, its potential benefits are far more than securing voting methods.

These attacks showcase how lacking our nation’s cyber defense really is, which further strengthens the case for the 4.1% ($583 million) increase of funds allocated for advancing the United States’ cybersecurity in 2019 (Whitehouse, 2018). Hopefully, these attacks illuminate the dark area that is our cyber defense capabilities, as these attacks will continue to increase in number and sophistication as the IoT (Internet of Things) and cloud computing’s popularity expand in 2021.

With the ongoing rise and sophistication of cybercrime, many in the field of securing businesses’ defenses are frantically trying to keep up with the times. Due to the era of COVID-19, many security individuals are wither working from home or have been downsized due to dwindling revenue. In these troubling times, all we can do is prepare for what the future holds for the state of I.T., and in many cases, we are both outnumbered and unmatched. Maybe once those on the defensive side of cybersecurity receive similar pay to those who play offensive (hackers), we will see progress in the ‘cyberwar’; however, as ransomware attacks, for example, are dramatically rising in terms of money earned, I fear we will be waiting for a long time.

References

Otero, A. R. (2019). Information Technology Environment and I.T. Audit. In Legislation Relevant to Information Technology (Fifth ed., pp. 31-58). Boca Raton, Florida: CRS Press.

Sherstobitoff, Ryan. Malhotra, Asheer. 2018, Dec 13. McAfee. Operation Sharpshooter. Retrieved December 7, 2020, from https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf.

NG, Alfred. 2017, May 11. CNET. Trump’s cybersecurity order: Out with ‘antiquated systems.’ Retrieved December 7, 2020, from  https://www.cnet.com/news/president-trump-signs-cybersecurity-executive-order/.

Whitehouse. 13 Dec 2018. F.Y. 2019. Retrieved December 7, 2020, from https://www.whitehouse.gov/wp-content/uploads/2018/02/ap_21_cyber_security-fy2019.pdf.

Osborne, C. (2019, October 08). 76 percent of U.S. businesses have experienced a cyberattack in the past year. Retrieved December 07, 2020, from https://www.zdnet.com/article/76-percent-of-us-businesses-have-experienced-a-cyberattack-in-the-past-year/

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s