We are about to enter the last quarter of 2019, and the year has experienced major data breaches, supply chain manipulations, and state-backed hacking campaigns. The security experts believe that the worst security breach of 2019 is yet to come. The ransomware threats are an ever-growing threat and geopolitical tensions been in the news. Before we analyze what is scariest expected, let us recap the major cybersecurity incidents that the year has already witnessed.
Ransomware Attacks – LockerGoga
The ransomware criminals are continuing to target healthcare, businesses, financial institutions, etc. swindling victims of billions of dollars. In 2019, ransomware did not just target healthcare so far, but a recent destructive strain called ‘LockerGoga’ has been forcing production plants to switch from automation to manual control. The ransomware has been specifically targeting industrial and manufacturing firms and damaging the systems that control physical equipment. The ransomware was dropped and executed by a renamed PsExec tool. Trend Micro’s solutions such as Trend Micro Security, Smart Protection Suites and, WorryFree Business Security has actively detected and blocked LockerGoga.
The ransomware, once installed, will modify the user accounts in the victims’ system by changing their passwords. It then forcibly logs-off the system and relocate into a temp folder and rename itself using the command line (cmd). The command-line does not contain the file paths of the files targeted for encryption. The incident responders believe that the ransomware is only used the criminals motivated to grab ransom.
Supply Chain Attacks –Barium
A legitimate software vendor issues a trustworthy software update to the users, and it turned out to be a cyberattack. In a report received from Kaspersky, there is a description of an incident that Asus, computer and smartphone manufacturer, had compromised the Live Update tool of the company and has spread the malware to nearly one million users. The tainted software was signed by the attackers with a real Asus certificate, and that is how many victims accepted the update. The attackers seem to be targeting 600 computers specifically, and they achieved it their second stage of the attack.
‘ShadowPad’ or ‘Barium’ were named for the groups behind the Asus supply chain attack. Barium appeared to have been existing since 2017 when it attacked then most popular computer cleanup tool, CCleaner. By the end of April 2019, Kaspersky discovered that Barium used supply chain attack and compromised Microsoft’s development tool Visual Studio. This spread to another three different video game companies that used Visual Studio in their coding. The game thus passed to many devices targeting thousands of users.
Customs and Border Protection Contractor Perceptics
The U.S. Customs and Border Protection surveillance contractor was a victim of a breach where the attackers compromised nearly 100,000 travelers’ photos and license plates. Another contractor, a longtime CBP affiliate from Tennessee, called Perceptics, had also compromised its surveillance hardware and the process of CBP implementation at multiple US ports of entry.
According to CBP, the breach was the result of a federal contractor copying agency data on its corporate network. Perceptions were never officially connected to the breach, except that being a prominent vendor of license plate recognition, it was under suspicion. The suspicion became stronger when the agency released a public statement on the issue with the file name, “CBP Perceptics Public Statement.”
All data security incidents are not breaches. When the data is exposed publicly and not stolen, it is not considered as a breach, but the compromise of data. The First American, real estate, and the insurance company is the best example of a victim of crucial data exposure in 2019. Brian Kerbs, a security journalist, discovered the incident that exposed 885 million sensitive data customer financial records dated back since 2003. The data was exposed on the First American website and still not confirmed whether someone has stolen from there as it was easy to grab. Among the data exposed was social security number, driver’s license, bank account details, mortgage and tax documents, transaction receipts of millions of Americans.
Being an insurance provider and real estate agents, First American represents both the lenders and the buyers. Identity theft of information from their website would be a huge source of data to the attacker.
American Medical Collection Agency
The corporate massive breach of 2019 so far is that of American Medical Collection Agency which is a massive healthcare-related debt collector. The US Securities and Exchange Commission has confirmed that the breach on AMCA systems lasted between August 2018 to March 2019. The AMCA client, LabCorp blamed in July that there is a breach of over 7.7 million patients records, whereas, Quest Diagnostics had nearly 12 million patients records exposed. According to AMCA, the compromised information includes the first and last names, phone numbers, date of birth, addresses, details of medical history, health care providers, etc. It did not have insurance ID numbers or Social Security numbers. As AMCA is in contract with other companies, there is a possibility that the data of other organizations’ patients were compromised as well. Between LabCorp and Quest, there is almost 20 million patients’ data was badly exploited. In June, Retrieval Masters Creditors Bureau Inc. filed for Chapter 11 bankruptcy protection for the costs associated with the breach.
Cyberwarfare – Iran
Due to the withdrawal of the U.S. from 2015 Iranian nuclear agreement in 2018, cybersecurity experts are of the opinion that this move of President Donald Trump could escalate tensions between the two countries, particularly in cyberspace. There has been a constant rise in the tension among the two countries with rampant clashes in the physical world. On June 13, when two fuel tankers were attacked in the Gulf of Oman, U.S. blamed Iran of attempting to shoot down a U.S. drone. In contrary to that, Iran shot down an unmanned surveillance drone claiming that it had entered Iranian airspace. Though Trump aborted a military strike, as a response to the provocation, U.S. launched a damaging cyberattack against Iran’s rocket and missile launch-control systems. Meanwhile, Iran is also digitally clapping back at the U.S. Both the countries seem to have been preparing for cyberattacks for weeks or months together. The significant thing is whether these countries will continue to counterattack each other in the cyberspace or whether the cyberattacks are the modes to escalate real-world combat.
Cyberattacks will continue to grow, and every time they give thunderbolt sensation to the businesses, trade, government, and military forces. The cybersecurity industry is in a critical need of skilled workforce. The certifications are the most-preferred credentials by the security leaders as they ensure skill-ready man-force who can immediately take the job role. EC-Council offers various certifications in cybersecurity that are completely online and are popular among employers. Certified Ethical Hacker (C|EH), Certified Hacking and Forensic Investigator (C|HFI), EC-Council Certified Incident Handler (E|CIH), EC-Council Computer Security Analyst (ECSA), etc. are few of the flagship program of EC-Council which are recognized by the industry leaders.