As the amount of personal data stored in cloud and other digital services has significantly increased, information theft has become the most expansive and prominent area of cyber crime. In addition to individuals, there are many other targets that criminals favour. Companies, government agencies, and infrastructure are also under constant threat.
Let's go over a few cases of recent years. We’ll look at how they affected the victims and the surrounding the society as well as what caused the vulnerabilities in the first place.
In September 2020, three employees of a Finnish psychotheraphy center, Vastaamo, got extortion messages from unknown attackers. During 2018 and 2019, the attackers were able to steal tens of thousands of patient records including mental health data and personal information such as social security numbers. The victims received emails in which they were told to pay a ransom of around $240 or their information would be revealed in the TOR network often referred to as the dark side of the Internet.
Cause: Inadequate security on a MySQL based patient record database. The database was not protected during the first attack in 2018, and remote control of the database was enabled.
Victims: Over 25 000 victims have reported offences to the Finnish police.
Outcome: At least 300 people's information was leaked through TOR, with the possibility of the whole database being leaked. The CEO has been fired and the board re-selected. The cooperation between Vastaamo and the Social Insurance Institution of Finland has been put on hold indefinitely. Vastaamo was previously one of the institute's official services providers.
In May 2019 Ben Shoval, a real estate software developer, accidentally found massive data exposure in the real estate company First American's website. By changing a single digit in the URL, he could access sensitive information from other clients. The exposure shows documents - showing documents such as driver licenses, social security numbers, bank details, and even internal documents from other businesses - dating back to 2013. At first, Americans ignored the warning from Shoval, which lead to over 885 million files being exposed and available with no authentication.
Cause: A design error (Insecure Direct Object Reference or IDOR) was behind the breach. The links were meant to be seen by only specific parties, but no verification methods were used so anyone with the link could view the contents of the file.
Victims: Individuals and businesses who used the agency's services. It's not clear how many victims' data has been maliciously accessed and used.
Outcome: A class-action lawsuit was filed against the company.
In May 2017 a ransomware called WannaCry, specifically targeting computers operating on the Windows XP operating system, surfaced. It was a standalone malware program, a worm, which replicated itself and distributed itself to other computers without a need for a host program (unlike a virus) or any input from the user. In half a month, it had contaminated over 200,000 computers. The software locked up the infected computer and demanded a ransom of around $300 in Bitcoin for file access. The worm was especially effective against organizations with outdated infrastructure.
Cause: A security breach in old Windows systems. It has been suspected that the US National Security Agency found the vulnerability and developed an exploit called EternalBlue. EternalBlue was allegedly leaked by a hacker group in April 2017, and WannaCry used this exploit later on. The NSA did not report the vulnerability.
Victims: The worm attacked many companies and government institutes, such as FedEx, the British national health services, and the Russian interior ministry. India's state police and two Indonesian hospitals also struggled against the attack.
Outcome: Microsoft published a security update to the Windows XP operating system due to the attack, even after the support had officially ended many years ago. WnnaCry's code included an unregistered domain - a kill switch. Once the domain was registered by a malware reverse engineer Marcus Hutchins, the attack stopped.
- CyberDegrees.org, Staff Writers
You should now have a general understanding on the kinds of attacks that have happened in the past as well as their targets. Next, we’ll take a look at some of the most important professions among cyber security.
Chief Information Security Officer:
The chief information security officer, or CISO, oversees and maintains the vision and strategy for an organization's security. They set goals for maintaining that the information and the organization's infrastructure are properly secured. This is a senior-level job.
Average salary: $162,037(target="_blank")
Penetration testers are ethical hackers, so-called white-hats, who try to seek out vulnerabilities in systems. They simulate multiple types of cyber attacks on the organization's systems to seek out vulnerabilities before the attacks happen by a malicious party. They develop tools to help with their job and analyze their findings; why could they get in? Where is the root problem? They may also carry out social engineering experiments.
Average salary: $84,690(target="_blank")
Security engineers install and maintain security systems inside an organization. This means firewalls and breach detection systems, for example. They work together with other cybersecurity specialists to tackle the challenges and threats that they may find. This is a hands-on job, and experienced security engineers may step up to be security managers or chief security officers.
Average salary: $90,923(target="_blank")
There are many more jobs relating to cybersecurity in various companies. Sometimes the role is with another role, for example, one person could be a cybersecurity analyst and engineer at the same time. You can take a look at CyberDergees.org(target="_blank") for more careers, and see what would be the best fit for you.
How does it sound? Could you be interested in a career in cyber security? Take the following knowledge test to try out your skills before moving on to a brief overlook on the history of malware.
Answer the following questions.