• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » How cyberattacks happen: A tale of three major cyber breaches

How cyberattacks happen: A tale of three major cyber breaches

by Chris Stokel-Walker
31 August 2020
in Security
0
Startooper on the mouse pad by computer
96
SHARES
Here’s what went wrong – and what to avoid.

Cyberattacks can strike seemingly from nowhere, but they all require some sort of way in. That can be a vulnerability in a pre-existing system that unsuspecting victims aren’t aware about, or it can be something more circumstantial – such as a single slip-up in opening a malicious link that leaves you open to being scammed.

We’re becoming more aware of the risk of falling victim to a cyberattack, but we’re not always sure how they happen. Here are three examples of real-life attacks and how they happened, so you can consider whether you’d fall foul of the same tricks – or if you’re now aware of what to look out for.

WannaCry attack

May 2017 was an inauspicious month for the world’s computers as WannaCry, a ransomware strain developed and unleashed on the world, wreaked havoc on critical systems across the globe. Among those affected by the ransomware was the UK’s National Health Service, which ground to a halt as computers connected to the network were rapidly encrypted and seized up.

Appointments and operations were canceled in their thousands, and it took weeks to return back to normal once a quick-thinking white-hat hacker stepped in to stop its spread.

There were plenty of lessons to be learned from the incident that brought the planet to a standstill, but two of the biggest ones were simple.

Firstly, it’s vitally important to update software and operating systems. The vulnerability had been built into Microsoft Windows, and Microsoft had identified and patched the hole a few weeks before WannaCry arrived. However, too few systems bothered to update their computers. 

And secondly, siphoning off certain vital areas of a network for business continuity is important – particularly in a world where we’re all operating with cloud synchronization by default.

Citrix password spraying breach

We’re all tempted to use easy to remember passwords, but the perils of doing so were never clearer than in March 2019, when Citrix, the remote networking system many big businesses rely on, went offline after hackers believed to be linked to the Iranian government gained entry to the network.

Citrix offices in Silicon Valley

The way they did so was through a method called password spraying, using the sheer might of brute force to guess passwords at an alarmingly large scale, and picking off the easiest passwords such as ‘password123’ and gaining access that way. 

It’s a simple lesson, but it’s one that – given the continued release of lists of the most popular passwords every year – we’re wary of learning:

  • Make sure that your password is secure, isn’t easy to guess – and most importantly, doesn’t exist on a list of already-breached passwords. 
  • Don’t reuse passwords for different services, and regularly update them if you think they may have been compromised.

REvil ransomware

When cities and towns across America started seeing their all-important demographic data starting to disappear and encrypted by criminals, they knew something had gone wrong. One cluster of incidents affecting 22 Texas towns in August 2019 showed just how quickly such problems can spread – and what kind of impact it can have.

The towns were all hit and were asked to pay up a collective $2.5 million to decrypt the files that had been locked.

They banded together as part of a remediation process that eventually saw the files restored. But how they fell victim was what was most instructive about the whole process. 

Each of the 22 towns had outsourced their IT maintenance to a single vendor who was tricked into opening the ransomware.

The key lesson to take away from the process? Even with the best will in the world, and all the best practices, it can be someone else’s slip-up that affects you.

Share96TweetShareShare

Related Posts

Nohow International leaks sensitive worker data

12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency

19 January 2021
Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Email icon on laptop screen

How phishing attacks are evolving and why you should care

14 January 2021
Ransom message on laptop screen

Why ransomware attacks will explode in 2021

12 January 2021
Next Post
miniature people Work on Computer Keyboard

Chaos engineering in an age of uncertainty

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    82912 shares
    Share 82901 Tweet 0
  • ProtonMail review: have we found the most secure email provider in 2021?

    61 shares
    Share 61 Tweet 0
  • Bitwarden Review

    0 shares
    Share 0 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Custom mechanical keyboards – 17 coolest ones we’ve ever seen

    442 shares
    Share 441 Tweet 0
Facebook says some users facing issues with Messenger, Instagram

Factbox: How Facebook, Twitter, and others are girding for inauguration threats

20 January 2021
Uploading on mobile screen and Data Protection on desktop screen

Privacy and data protection trends in 2021

20 January 2021
valve logo

EU hits game distributor Valve, five others with 7.8 million euro fine

20 January 2021
google logo

Trump pardons former Google self-driving car engineer Levandowski

20 January 2021
Malwarebytes hacked by state actors behind SolarWinds attack

Malwarebytes hacked by state actors behind SolarWinds attack

20 January 2021
Edvardas Šileris

Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached

20 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!