Ransomware

-

 Ransomware 

According to cybersecurity company Emsisoft, ransomware attacks affected at least 948 government agencies, educational establishments and healthcare providers in the United States in 2019, at a potential cost exceeding $7.5 billion. In the medical sector, the potential effects of these kinds of attacks include patients being redirected to other hospitals, medical records being made inaccessible (or permanently lost) and emergency dispatch centers relying on printed maps and paper logs to keep track of emergency responders in the field. In government, local 911 services can be disrupted. And according to Manhattan D.A. Cyrus Vance Jr., the effect of ransomware could be as devastating and costly as a natural disaster like Hurricane Sandy.

What you need to know: Ransomware is an attack where an infected host encrypts a victim’s data, holding it hostage until they pay the attacker a fee. Recent ransomware attacks have demonstrated that hackers have begun threatening to leak or sell the stolen data, increasing the potential damage of these kinds of attacks by orders of magnitude. There are countless types of ransomware, but certain groups are especially nefarious. One well-known gang, Blackmatter, has targeted a number of organizations critical to the U.S. economy and infrastructure, including the food and agriculture industry. Ryuk is another type of ransomware to watch out for. As of 2019, Ryuk had the highest ransom on record at $12.5 million.

Comments

Post a Comment

Popular posts from this blog

Compromised Credentials

-
 Compromised Credentials  In 2020, Marriott International suffered a massive data breach as a result of a compromised credentials attack. This breach compromised the accounts of 5.2 million Marriott customers, exposing their contact information, gender, date of birth and loyalty account information. The attacker used the login credentials of two Marriott employees, presumably obtained through a mix of phishing and credential stuffing, to collect Marriott customers’ information for an entire month before raising suspicion. What you need to know: Most people still use single-factor authentication to identify themselves (a pretty big no-no in the cybersecurity space). And while stricter password requirements are starting to be enforced (like character length, a combination of symbols and numbers, and renewal intervals), end users still repeat credentials across accounts, platforms and applications, failing to update them periodically. This type of approach makes it easier for adversaries
Read more

SQL Injection

-
 SQL Injection  Structured Query Language, or SQL (sometimes pronounced “sequel”), is the standard programming language used to communicate with relational databases — systems that support every data-driven website and application on the internet. An attacker can take advantage of this (very common) system by entering a specific SQL query into the form (injecting it into the database), at which point the hacker can access the database, network and servers. And SQL injection attacks continue to be a popular attack method. As recently as August of 2020, the Freepik Company disclosed a data breach impacting the logins of more than eight million users resulting from an SQL injection in a global database of customizable icons, which allowed the hackers to access and ultimately steal user login and personal information. What you need to know: SQL injection is a type of injection attack used to manipulate or destroy databases using malicious SQL statements. SQL statements control the database
Read more

Social Engineering Attack

-
 Social Engineering Attack  The 2002 film “Catch Me If You Can” tells the true story of (perhaps) one of the most accomplished practitioners of social engineering of all time. In the film, Leonardo DiCaprio portrayed a man named Frank W. Abagnale, Jr., who executed various high-profile cons, committed bank fraud and masqueraded in a variety of personas, including as a physician and pilot. Abagnale’s success depended on his ability to convince his victims that his forgeries, whether they were checks, diplomas or identities, were genuine. Abagnale was an active con man in the ‘60s and ‘70s, but the practice of social engineering has continued to develop and remains a powerful tool for hackers and fraudsters to gain access to closed systems around the world. What you need to know: Social engineering is the term used for a broad range of malicious activities accomplished through psychological manipulation to trick users into making security mistakes or giving away sensitive information. Wh
Read more