Are Organizations Vulnerable to Cyberattacks? (Latest Case: HSE Ireland)
If 10 years ago someone would see how personal data was stolen, there would have been a lot of noise around it and serious consequences for both data keeper and cyber-criminals. However, cyber attacks, including ransomware, have a long history with multiple attempts and successful breaches in consequence.
Right now, cyber-attacks are on a daily basis and generally, these topics are covered by the media only for several days, unless the attack doesn’t target a significant number of people.
Latest major case: Cyber Attack on HSE Ireland - May 2021
One of the most recent attacks of such size was performed on Irish HSE. Note: HSE (Health Service Executive) is Ireland’s largest health organization with more than 100,000 employees. Following this attack, the criminals have stolen 700GB of data, concerning medical reports and patient data across the country.
Later, HSE officials denied, then confirmed that the attack took place, but the institution was not open to negotiations nor intending to pay the ransom, mentioning that it would open a “Pandora’s Box”, increasing the number of potential attacks on the system, and not only.
According to The Independent, the cybercriminals, Conti Gang, are operating from Russia or CIS, and have a “proven track record” with such types of attacks, previously targeting public schools, hospitals, and retailers, and are suspected of dozens of other ransomware attacks all over the world.
So, on the one hand, we have a vulnerable national health system in Ireland, and on the other hand a cybergang from Eastern Europe building its “reputation” with multiple successful attacks on national institutions & companies.
Yet, in Ireland, this is not the first big cyber attack on public institutions this year. In April 2021 for example The National College of Ireland and the Technological University Dublin Tallaght’s were hit by the same type of ransomware attack, exposing a vulnerability that may expand to nationwide institutions, companies, and other entities. It is indeed outstanding how one of Europe’s fastest-growing digital markets can have such inefficient cyber protection systems. Or, the reason may lie behind professionalism and attackers’ deep knowledge.
Most Common Types Cyber Attacks - A History of Vulnerabilities
Besides the Irish HSE case, there are plenty of others that stand out in the history of cybersecurity. However, each attack was attributed to one or another type of cybercrimes, and it’s important to know how they work, and who are most of all exposed to these dangers. According to CISCO, these are the most common types of cyberattacks.
#1 Malware
Malware is a term that compiles multiple types of malicious software, spyware, ransomware, viruses, and worms. And the Irish HSE attack was a malware subclass - ransomware, which is again one of the most common and recent cases in cybersecurity. Malware typically breaches a network through a vulnerability most of the time when users click on a link or email attachment, and ultimately automatically installs suspicious software. Malware is capable of a series of actions once installed:
-
Blocks access to key components of the network (ransomware)
-
Installs an additional harmful software
-
Obtains and transfers information from hardware (spyware)
-
Disrupts certain components and makes the system inoperable
#2 Phishing
Phishing is the practice to send fraudulent messages from a source that apparently looks veridic and authentic. Its main goal is to steal data from users, such as credit card numbers, login credentials, and messages. Phishing is an increasing threat to the entire digital ecosystem, and everybody is exposed to it.
If 5 years ago phishing came through emails only, the digital evolution offered more possibilities to this type of attack, and its activity range expanded to social media, and communication channels such as WhatsApp, Viber, Telegram, Signal, and even SMS.
The largest Phishing attack in history took place between 2013 -2015 and the targets were Google and Facebook. The attacker, a Lithuanian hacker, managed to impersonate an Asian company that victims used as a vendor and send fake invoices to the tech giants. The fraud was over $100 million.
#3 Man In The Middle
This type of cyber attack works when the attacker inserts a device between two parties who are performing a transaction. Once the attacker interrupts traffic, it can filter and steal data. There are two common entry points for MitM attack:
-
In the case of unsecured public wi-fi channels, where the attackers stay in the middle of the user’s device and public network. The user passes the entire information without knowing, especially when it performs a transaction or acquisition, and the attacker takes over the data and uses it for its own purposes.
-
The other way is when attackers pre-install malicious software into the victim’s device and steal all financial data on the first transaction.
#4 Distributed Denial of System (DDoS)
A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack
The biggest DDoS attack to date took place in September of 2017. The attack targeted Google services and reached a size of 2.54 Tbps. Google Cloud disclosed the attack in October 2020.
The attackers sent spoofed packets to 180,000 web servers, which in turn sent responses to Google. The attack was not an isolated incident: the attackers had directed multiple DDoS attacks at Google's infrastructure over the previous six months.
#5 SQL Injection
A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.
The Heartland Payment Systems was the target of possibly the largest SQL Injection attack, which lead to exposure of over 134 million credit cards.
At the time of the breach, Heartland was processing 100 million payment card transactions per month for 175,000 merchants — mostly small- to mid-sized retailers. The breach was discovered in January 2009 when Visa and MasterCard notified Heartland of suspicious transactions from accounts it had processed. The attackers exploited a known vulnerability to perform a SQL injection attack. Security analysts had warned retailers about the vulnerability for several years, and it made SQL injection the most common form of attack against websites at the time.
On these “pleasant” notes, we let you think again about your cybersecurity, and how it may impact your business, personal and financial lives. But, if you change your mind, and consider that a cybersecurity company can make you feel safer and better, we invite you to discover one of 227+ Cybersecurity companies on TechBehemoths.