As technology becomes increasingly interwoven with societies around the globe, the number of large-scale cyber attacks on companies, institutions, and governments is escalating. In the last few years, we have seen a number of cyber security disasters that have had broad, destructive implications for companies and consumers alike. Let’s take a look at some of the most colossal cyber security incidents:
Earlier this month, the cybersecurity world experienced the Equifax earthquake. Considered the worst data breach in US history to date, attackers stole half of the US population’s Social Security numbers. Several weeks after the Equifax fiasco we’re starting to see the full scope along with the peripheral damage that has occurred. Breaches appear to get bigger and bigger these days. Sources say roughly 143 million people were affected, nearly 44% of all Americans were impacted by this infiltration. Between lawsuits, stock price collapse, personnel changes, the ripple effect of this breach is absolutely off the charts. As security professional, particularly troubling is the evidence that the bad guys were lurking inside the Equifax ecosystem since March.
Shadow Broker's Leak NSA Tools
In April 2017, one of the largest national security cyber incidents took place when a group known as the “The Shadow Brokers” gained access to classified NSA data and tools, leaking them online. It was the first of what would be a number of leaks containing highly classified data and tools used to exploit and enter networks and systems. As the world prepared for a long Easter weekend, the group released nearly 300 megabytes of classified NSA data.
The data included a number of compiled binaries for exploits that targeted vulnerabilities in many systems, most notably Windows systems. The exploits had been used by the NSA for national security purposes. The leak of the materials, “the most powerful cache of exploits ever released” according to cyber security expert Matthew Hickey, put a handful of classified U.S. cyber weapons into the hands of anyone who could download them.
Following the leak, companies who had exploits included in the data raced to safeguard their systems and protect users. The NSA responded by investigating and arresting an employee who was found to have stolen 75 percent of the hacking tools belonging to the NSA’s Tailored Access Operations group, but so far The Shadow Brokers are still at large. The group remains a mystery, made up of an unknown number of skilled hackers.
One month after the NSA leaks came the WannaCry ransomware attack, using some of the data and tools from the leak. WannaCry is a ransomware cryptoworm that targets computers that run Microsoft Windows operating system. It worked by encrypting data on the system and demanding that users pay a ransom payment in BitCoin to release the files. The attack mostly targeted older Windows systems running Windows 7, Windows 8.1, and several versions of Windows Server.
The attack started on May 12, 2017, and would go on to infect more than 230,000 computers in more than 150 countries. Included in the list of affected systems were the United Kingdom’s National Health Service, FedEx, and Deutsche Bahn. At the UK’s NSA, affected systems included computers, MRI machines, blood-storage refrigerators and other equipment.
The WannaCry attack was absolutely unprecedented in scale. Calculating the total monetary impact of the attack is difficult, but some estimates have the total impact reaching up to USD $4 billion.
Target Credit Card Hack
While most cyber security scandals might not resonate with the general public, the Target credit card hack really hit home for consumers. In December 2013, Target announced that their system had been compromised, and that credit and debit card data from 40 million accounts had been stolen. To make matters worse, the company took heat for waiting three weeks to announce the hack, which took place on Black Friday. Some speculated that the hack had gone undetected for that time. The hack was an ongoing process, affecting customers that had shopped at the store between November 27 and December 15 in 2013.
Major banks and card issuers quickly responded by notifying customers and limiting the amount that customers could withdraw and spend. The attack had a strong effect on many consumers who could have had their finances and lives affected by a cyber security incident for the first time.
In a more recent example, a hacker or group of hackers that go by the name “Mr. Smith” were able to infiltrate HBO networks and steal data that included scripts, outlines, and internal documents. Also included in the hack were emails from Leslie Cohen, the network’s vice president for film programming.
The group held the data for ransom, requesting payment from the company to keep them from leaking the info and damaging the current season’s run of the popular TV series. When HBO did not comply with early requests, the group began to leak small portions of the hack online. According to sources within HBO, the group continually sent instigative videos regarding the leak to HBO Chief Executive Richard Plepler.
Why Security Incident Management is Critical
These represent some of the largest cyber security incidents in history, shocking the world as they unraveled. This is a huge wake-up call for folks who haven’t prioritized security incident management. There’s a clear “blind spot” in the entertainment industry where cyber security is not yet regarded as top priority, as we’ve seen by the recent Game of Thrones hack. As these cyber security incidents grow in size and consequence it is absolutely essential we do everything in our power to assess, manage and prevent these attacks as best we can.
The ability to correlate alerts in real time, with proper context, manage cases efficiently and respond effectively has never been more pressing than today. Once we get beyond the immediate patchwork of solutions and accept that these attacks will inevitably continue, we need to think about how to best bolster response. Security orchestration and automation are increasingly being looked to boost efficiency and effectiveness of security operations and incident response activities from initial alert through to remediation.