Cyber security is keeping data and information safe in a connected world. I should probably start off with this disclaimer. My writing here is in no way meant to scare or to cause paranoia. The information provided here is simply to help people become more aware of cyber security, and some things they can do to protect themselves. Though there is no way to become 100% impenetrable to cyber attacks, there are some steps that can be taken to give the attacker a more difficult target. Practically everything we do online is stored and tracked. This can be a very large concern for security and privacy. Current news is full of articles about companies being hacked or being attacked by ransomware. The point of this post is to help provide a better understanding of cyber security, how to protect yourself, and why cyber crime is such an important thing to understand.
People and companies should care a lot about cyber security because it can be the difference between being successful, and closing your doors. Your personal and company information is at the most risk as it has ever been. The new ways that attackers are exploiting systems are extremely sophisticated, and in many cases driven by Artificial Intelligence (AI). AI gives malware and attacks some “brains” to evade detection and enough awareness to adapt and react to security systems. This makes it generally difficult to detect and completely eradicate once malware has infected a system or piece of software. “Anti-virus” software is no longer enough to protect systems in today’s connected world. Multiple levels of security systems need to be in place to even stand a chance of keeping bad actors out.
Black hat hackers:
These are the hackers you see in Hollywood movies. Cracking into government servers, stealing peoples credit card numbers, etc. Black hats are hackers who use software and systems in unethical ways and without permission of the system owners. They purposely break into systems to steal information or do damage, with no respect for laws or for those they might be harming. These are the “bad guys” you want to protect yourself from.
White hat hackers:
Believe it or not, there are “good guy” hackers too! White hats, are those who are trained in the art of hacking, but use their skills for good. They will test systems, with the permission of the owners, and try and break systems within a set of bounds set by the owners. They even use the same tools as the black hat hackers. The difference is they are doing what they do in order to provide information to people, and more often companies, so companies can better protect their systems. White hats will work with the company to work through penetration testing of their systems. They will sit down and define goals together on what is to be tested, and what the goal of the exercise is. The point of these exercises is to find vulnerabilities in systems and provide that information to the business, so they can remedy those security flaws. White hats are very necessary and help to identify vulnerabilities in many heavily used systems and software today.
Grey hat hackers:
Grey hat hackers are, in a way, in between black and white hats. Another name for them is hacktivists. These are people or communities that get together and are working for a common goal, normally political. For example, they might hack into an NRA website and post anti-gun materials to try and get a point across. They generally do not have nefarious intentions, but they definitely do not gain access to systems with the permission of the system owner. They are doing something they justify to themselves as right, even though it may be unethical.
Script kiddies:
Script kiddies are hackers that aren’t after any specific goal. They are people who are curious and maybe have some kind of goal to prove something to themselves. They will take things apart, or hack into systems unknowingly just to see if they can. They do not have malicious intent, and some times don’t even do it on purpose. They are generally harmless, but can sometimes turn out useful if they find a flaw in a system that no one else has, as this information can be handed to the software developer to remedy.
Malware
Sometimes commonly called viruses, this is now a misnomer. Malware is defined as a broad scope of software that is crafted with a malicious intent to destroy or steal systems and data. Viruses are actually one specific type of malware. Another type is called a Trojan. Trojans are malicious pieces of software hidden inside legitimate ones, or crafted to look like legitimate software. Once installed on a system the malicious payload is able to execute whatever routines the attacker programmed into it. Other types of malware include spyware, and keystroke loggers. Those pieces of malware, as their names suggest, steal information and log your keystrokes respectively. These are often used to steal private banking information or intellectual property. Malware is probably the most common cyber attack since it is a very broad category, and covers a lot of different types of attacks. It is also the most hands off for the attacker and is a “set it and forget it” type of attack. The attacker will craft their payload, then use various mechanisms to deliver it to target systems. Some of which being email, file sharing sites, or scripts running on poorly maintained websites. These aren’t the only ways, but some of the most common. Even some government agencies have not been immune to these attacks. For example, on August 16th, 2019, 23 government agencies in Texas were hit with a coordinated ransomware attack. Ransomware is a type of malware that encrypts data so that only the attacker can unscramble it. Generally there is a monetary ransom associated with the attack to purchase the decryption key and be able to recover the data. These are some of the most devastating types of attacks, especially if no backups are available. This can be crippling to a company, especially if they have private or sensitive data stored on their systems. Just recently an assisted living and long-term healthcare chain was hit with a ransomware attack. The ransom was $1,250,000, and for this small business, there was no way they could afford to pay. At this time they don’t know if they will be able to keep the doors open as all of their backups were encrypted as well, so they had no way to restore all the patient data stored on their systems. This data included health records, treatment plans, doctor notes, drug plans, and everything else related to the people they were in charge of caring for. Without that information there is no way they could continue business, and they can’t afford the fine. To make matters worse, even if they could pay the fine, there’s no guarantee the hacker(s) would actually give them the decryption key. Stories like this are very sobering and a testament to how important security is and having backups that can not be infected.
Botnets:
These deserve their own category do to the unique nature of the malware, and it’s ability to network together across multiple systems to perform attacks. Botnets are created when an attacker crafts a piece of malware that is designed to be installed on thousands or millions of systems, with the purpose of creating a command and control foothold. Basically what this means is the “bots” will install on a system, then phone home to a server to await further commands from the server. These can then be used to craft large scale DDoS (Distributed Denial of Service) attacks. Basically what a DDoS, or DoS, attack consists of is when a large number of systems start sending or requesting data to a single server or service with bogus connections. What this does is overwhelms the system under attack so that it is unable to service legitimate connections for users trying to connect to said service. For example, there have been DDoS attacks carried out on government services websites, and banking websites. These attacks prevented legitimate users from being able to access critical services for their everyday lives. One of the biggest problems with these type of attacks is that there isn’t much you can do to prevent or remedy them. They are carried out across the internet generally, and since companies don’t have a direct way to stop that traffic from hitting their systems, they have to generally enlist the help of their Internet Service Provider (ISP) to stop that traffic from being delivered to them somewhere further upstream on the internet. Another sure-fire way of dealing with the attack is to just “pull the plug” from the internet, or shut down the system. This will stop the system from being overwhelmed, but obviously will achieve the same goal as what the attacker wanted in the first place as the service will be unavailable for legitimate users as well. Though these attacks are relatively simple, they are very difficult to prevent, and remedy once they happen other than waiting for the attacker to give up and end the attack. Working with the ISP, they may be able to stop it as well, but that can sometimes take a long time depending on how many systems are involved in the attack, and if the ISP is setup with mitigation tools of their own.
Targeted network attacks
Most of the time what people think of as a cyber attack is a bad actor sitting in a dark closet, blasting through your firewall remotely and burning all your systems to the ground. While this isn’t impossible, most people don’t need to fear this happening to them as your personal home network likely doesn’t have anything of value to the attacker. Businesses on the other hand, are a huge target for these types of attacks as it can give an attacker remote access to your network to do whatever they want. This could be stealing data, deleting data, destroying systems, and many other things. The reason for this is that businesses generally have high value information or means to pay ransoms. This makes businesses a more attractive target over someone’s personal video collection. Targeted network attacks can range from a hacker actually getting on your network and stealing data, to a DDoS attack, and everything in between. An attacker doesn’t always have to be on the network physically or remotely to do damage.
Current software development cycles do not seem to place security first in their approach. Too many companies are so eager to bring new features to market, that many times security falls by the wayside as an afterthought. If more software development companies placed higher focus on a security first approach, the digital world would be a much safer place. Hackers will always find a way around security measures, but the more hoops they have to jump through the harder their job gets. The harder you can make things for them the less likely you are to become or remain a target. Security is always a balance between making things harder for the bad guys, and usability for clients. The more secure you make systems, the more difficult they become to use. Inversely, the easier a system is to use, the less secure it is (generally). This isn’t always the case, but as a generalization this is fairly common.
Always think security first, you have to think like the bad guys. Penetration testing is also a highly valuable tool to find holes in your systems in order to fix them. Penetration tests are performed by white hat hackers, using the same tools the black hat hackers would use, but within the confines of an agreed-upon scope. You outline what systems you would like them to test, and at the end a report is provided with findings. This way, hopefully you find the holes and vulnerabilities before the bad guys do.