There is no question that technology plays a crucial role in our lives today. Everything from banking to e-commerce to government depends on the internet in one way or another. While all these areas work hard to maintain security, there is always the potential for threats to arise from within.
What exactly is a cyberattack?
A cyberattack is a malicious act that takes place within the cybersecurity perimeter – in other words, during the time when a computer or network is accessible to hackers. So, while the attack itself might be perpetrated from outside the network, the damage is done from within. This sort of attack is typically carried out by hackers for the purpose of stealing confidential information, disrupting services, or causing economic damage.
That being said, these attacks aren’t necessarily limited to harming computer hardware and files. There are many ways that ransomware attacks cripple businesses and leave a lasting impact on individuals.
The Rise In Ransomware Attacks
The cost of a ransomware attack can be measured not only in monetary terms, but also in the time it takes to restore one’s data. The latter is especially relevant if one is reliant on productivity apps like Microsoft Office or Adobe Acrobat, as many businesses and organizations are. A successful ransomware attack can thus be considered a business and productivity loss scenario par excellence.
According to the Norton cybersecurity report, titled ‘State of Cybersecurity in 2022’, 47% of respondents reported that they had experienced a ransomware attack in the past year. This figure rose to 62% among businesses and organizations in the Asia-Pacific region.
Although the number of incidents is reportedly on the rise, Google security advisor Tim Wu wrote in a blog post that ransomware is no longer solely a ‘biter’s bane’ and can be used for innovative and pragmatic purposes.
“Ransomware started out as a way for hackers to make money. Now that they’ve developed a tool that can be used for legitimate purposes, they’re finding ways to put that tool to practical use,” Wu wrote. “For example, cybercriminals might use ransomware to temporarily disrupt the functioning of a website or an organization’s IT infrastructure, in order to make a point or to extort money from the organization.”
How Do Ransomware Attacks Work?
To put it simply, ransomware attacks work on the basis of tricking users into paying a ransom in order to regain access to their data. Once this is accomplished, the hackers have access to the computer or network – and can then move about at will, stealing files and inserting malware at will. In the meantime, the business or individual has lost a potential source of income as well as the ability to function productively during the course of the attack.
The bad news is that this tactic is highly effective. According to a report by Envisional, 92% of respondents would pay a ransom to retrieve their data if they experienced a ransomware attack.
This number rose to 96% in the case of a WannaCry attack and 98% in the case of an attack by the NotPetya ransomware.
The Impact On Normal Users
While businesses and organizations have been the primary targets of ransomware attacks, normal users have also been affected. In fact, 48% of respondents in the Norton survey reported that they’d sustained some damage as a result of a ransomware attack.
This is mainly due to the fact that many ransomware attacks are now cryptojacking-based, meaning that they depend on users downloading and installing legitimate-looking cryptojacker malware. Once this is accomplished, the user’s device is free to mine cryptocurrencies for the hacker.
Where Do These Attacks Come From?
The primary source of ransomware attacks is now considered to be Eastern Europe and Asia. In fact, the Russian Federation is known to be a hotbed of cyber activity, so it’s no wonder that a third of all ransomware attacks are linked to Russia.
Further complicating the issue, the United States recently accused Russia of interfering in the 2020 U.S. presidential election, and unveiled a series of sanctions against the country. Most recently, the U.S. government charged a Russian national with attempting to sell malware that could infiltrate American democracy and influence elections.
What’s more, the spread of mobile devices – and the continuous increase in the number of people using them – has made it easier for hackers to target individuals. As we’ve already established, mobile devices can be more vulnerable to cyberattacks than larger computers, meaning that hackers can access and damage them with relative ease.
Red Flags To Look Out For
While there are many reasons why someone would want to steal your personal data, it’s always best to be on the lookout for something that doesn’t seem right. This way, you can be sure that your data is safe and that the people trying to steal it aren’t going to do any harm.
Here are some of the most common red flags that should raise suspicion and cause you to take action:
- Vague or strange emails.
- Anomalous network activity.
- Inconsistent or misleading behavior on the part of the person you’re dealing with.
- A sudden increase in communication with unknown parties.
- Too much data being transferred for no apparent reason.
How Can One Safeguard Himself/herself From Getting Caught In A Ransomware Attack?
The first step in safeguarding oneself from getting caught in a ransomware attack is to ensure that all software is up-to-date. It is also advisable to change one’s passwords frequently and to use different passwords for different accounts. Another important step is to ensure that all security devices and software are functioning correctly. Lastly, it’s essential to be vigilant and aware of one’s surroundings – especially whilst using public Wi-Fi. When connected to such networks, one becomes vulnerable to cyberattacks because one’s personal data is readily accessible to everyone around them.
The takeaway from all this is that technology constantly evolves and changes, meaning that even those in the know can become vulnerable to cyberattacks if they aren’t careful enough. With this in mind, it’s important to be mindful of one’s own security and to take the necessary precautions. As for the future of cyberattacks, it’s hard to say with certainty yet. What we can do, however, is prepare for and mitigate against these threats – which is exactly what businesses and organizations must do if they want to keep their data secure.
Although most cyber attacks are perpetrated by malicious individuals, sometimes the threat is more far-reaching and comes from a nation-state. This is why it is considered a national security issue in many countries.
Here are the seven stages of a cyber attack as defined by the National Institute of Standards and Technology (NIST):
Initial Cyber Attack
The initial cyber attack stage begins when a cyber criminal (cracker) accesses a website or an email account and attempts to gain access to sensitive information. This stage can last for several days or weeks before the victim notices any suspicious activity.
During this stage, the cyber criminal is gathering information, mainly email addresses, which they will use in later stages of the cyber attack. This is the easiest stage to detect because it is the earliest stage of the attack and there will be no sophisticated hide-and-seek tactics used to avoid detection.
The Lying In Wait Stage
The second stage is called the lying in wait stage and it begins when the cyber criminal decides to attack. At this point, the cyber criminal will be planning and preparing the attack, possibly for several weeks. They will be doing this in secret, using a variety of tactics, including social engineering, to avoid being detected.
During this stage, the cyber criminal will start spreading false information about the victim, hoping to trick them into giving away sensitive information. For example, the cyber criminal may start a rumor that a certain company’s server has been infected with a virus. If the victim follows the trail of this rumor to investigate, they will discover that the server has in fact been compromised but by this stage of the attack, the damage may already have been done.
The Weaponization Stage
The weaponization stage starts when the cyber criminal takes action and begins installing malware, or malicious software, on the targeted computer. This software can perform various tasks, from stealing passwords to tracking the movement of the target and storing this information in a database.
During this stage, the cyber criminal may use several different methods to gain access to the computer. One way is to exploit a known vulnerability in the computer’s operating system. They may also use social engineering to trick the user into installing the malware. Once installed, the malware will begin operating in the background, carrying out its assigned tasks without the user’s knowledge or consent.
The Delivery And Installation Of Malware
The delivery and installation of malware stage begins when the cyber criminal hands over the weaponized computer to the target. They will do this in person or through an intermediary, such as a digital marketing agency or a public relations firm. Alternatively, the cyber criminal may use a delivery service to ‘outsource’ the delivery and installation process.
The target will then begin downloading and installing the malware onto their computer, which could take several hours to complete. Once installed, the malware will begin operating in the background, doing its dirty work.
The Monitoring And Harvesting Of Data
The monitoring and harvesting of data stage begins when the malware starts recording and storing information about the victim’s activities, including their keystrokes, emails, browsing histories, and phone calls. These are all details that the cyber criminal can use to access the victim’s personal information if needed.
This information can then be used to develop a profile of the victim and build a database of all the details they can get their hands on. This information can then be used for identity theft or financial gain through the commission of illegal activities, such as credit card fraud. Alternatively, the cyber criminal may sell this information to other criminals or hackers for a profit.
The Final Stages
The final two stages of a cyber attack are called the resolution stage and the post-resolution stage. In the resolution stage, the cyber criminal will be analyzing the data they have gathered and either deleting or renaming the recorded files, removing any backdoors, and patching any security faults. Finally, the cyber criminal will destroy all evidence of the criminal act.
In the post-resolution stage, the cyber criminal will be continuing to monitor the targeted computer or mobile device and ensure that no traces of the illegal activity remain. This is why the post-resolution stage is often called ‘cleaning up’ or ‘scrubbing’ the system.
This seven-stage framework is a generalized guide to follow in order to properly deal with a cyber attack. However, in the beginning, you should always assume that your computer or mobile device is infected with malware until you get proof otherwise. And whenever possible, always avoid clicking on suspicious links or opening suspicious files because they may all be part of the attack. As a general rule, it is always best to be on the safe side and avoid installing software applications from sources that you do not trust.
This article is meant to help you make the right decision when it comes to your personal safety and security. Remember, safety and security on the internet should not come at the expense of convenience. If you want to stay safe, you must sometimes make the choice between convenience and security. But the truth is, as long as you are not a target of a cyber attack, you will never be truly at risk.