Let us consider the top two attacks in 2017, Equifax and  WannaCry, and explore how the attacks could have been avoided and the top takeaways a business needs to follow to mitigate  future risks. Both  of  these incidents  could have been prevented with good cyber-hygiene and  by following basic  IT security  standards.    

Equifax 

Impact: $439 Million cost  and 147.9  million  customers compromised.   

What Happened?  

Equifax is one of the top 3 credit reporting agencies, and because of the sensitive data they handle (i.e., social security numbers, credit cards, and other personal identifiable information), they are a  treasure  trove of personal financial data for cybercriminals. The hackers discovered a vulnerability in Equifax’s usage of an open-source framework called Apache Struts for its online web app and exploited it. Consequently, the attackers entered through this back door to gain entry to Equifax’s customer information.  

How the Incident could have been Avoided  

While the breach  occurred in May 2017 through a vulnerability, there were available sets of code that Apache fixed and by leaving  their system unpatched led to the  breach that otherwise could have been averted. However, it should be noted that this may be a case of delay in patching (a set of codes and changes that can be applied to a computer program to update or improve it) rather than outright negligence. Equifax confirmed the Apache Struts vulnerability, but they did not take countermeasures in an appropriate amount of time. This highlights the importance of a layered approach to managing vulnerability (identifies, classifies, remediate, and mitigate vulnerabilities) and patch management (a set of system managements that involves testing, and installing multiple patches). Equifax would have benefited from software distribution and patch management  simultaneously. In both cases, companies should research software to do vulnerability scans, risk prioritization, and auditable patch management.  

Top  Takeaways

1. Necessary precautions  need to be  taken  to ensure that not only has a company  formed a stronger business relationship with its partners, but they are working and  requiring  their partners to be  reputable and qualified. WhiteHawk provides products like the Vulnerability Manager Assessment by Flexera, which impowers IT security and Operations with intelligence to continuously track, identify, and remediate vulnerable applications—before exploitation leads to costly breaches. 

2. Patch systems regularly and exercise vigilance regarding easy access points. WhiteHawk offers products like SolarWinds, SCCM, Intune, or Airwatch to address software vulnerabilities and help getting a management system that can monitor patches.

3. Think about cyber-hygiene in terms of layers. Put in place enough security layers to adequately defend and deter cybercriminals from thinking a business is an easy target.   Read more about this issue and the top cybercrime trends and how to improve your Cyber Hygiene.

WannaCry  

Impact: $4 billion (estimate) and it affected more than 200,000 computers in 150 countries.   

What happened:  

WannaCry is a type of ransomware (a type of software that is designed to block the ability to access a computer system until money is paid to unlock the data) that occurred in 2017 and is classified as a  cryptoworm. Hackers (the US and the UK suggest North Korea backed the attack) used a computer exploit called  EnternalBlue, which was developed by the National Security Agency  (NSA) and subsequently  leaked  online by a hacker group known as  ShadowBrokers. After that, WannaCry hackers discovered a vulnerability in Microsoft Windows operating system and spread the virus. Data was then encrypted, and systems locked down until a ransom was paid in the form of bitcoin or some untraceable crypto-currency.   

How the Incident could have been  Avoided

The hackers were counting on organizations  not patching  their systems  or being  too  slow to apply security patches  in time. Many organizations, like the National Health System  (NHS) for  England, were using outdated Windows XP operating systems. The fact is,  no organization should have  suffered from the attack  if the necessary patches (software updates) that Microsoft released were installed  in the first place.  

Top  Takeaways   

Foundational IT security practices are the easiest way to prevent or mitigate the impacts of a cyber attack.  

1. All users need to exercise a healthy dose of skepticism when receiving emails from unknown users or unusual requests and especially those that contain suspicious links or attachments.  As pointed out in the article about Cybercrime Trends for 2018, a good practice to avoid opening malicious links is hovering over the link in an email before clicking it. Hovering over a link will display its true URL, and then the user can decide if it’s safe to visit or report it.  

2. Ensure computers are running the latest versions of a supported operating system and that updates are being done through a trusted site/operation. Users  should avoid just clicking the “remind me tomorrow” option  regarding updates.

3. Ensure that a data backup system is in place (removable hard drive or reputable cloud service) and  being tested for effectiveness. This will allow  data  to be  retrieved in the case of a ransomware attack  and the threat to pay  can be ignored.  Read the recommended article to understand how to Protect Your Business from the Next Ransomware Attack.

4. Lastly, have a database, network (i.e., Nessus, SAINT, OpenVAS), and web application security (i.e., Nikto, Qualys, Sucuri, Burp Suite) vulnerability scanning systems in place to identify risk reports and someone to review and report them to the appropriate parties in a company. A vulnerability scanning system is a software application that inspects the potential points of exploit on a computer or network to identify security holes. In the case of WannaCry, the hackers attacked a weakness in an operating system that was already recognized by Microsoft.