How cyberattacks happen: A tale of three major cyber breaches

Here’s what went wrong – and what to avoid.

Cyberattacks can strike seemingly from nowhere, but they all require some sort of way in. That can be a vulnerability in a pre-existing system that unsuspecting victims aren’t aware about, or it can be something more circumstantial – such as a single slip-up in opening a malicious link that leaves you open to being scammed.

We’re becoming more aware of the risk of falling victim to a cyberattack, but we’re not always sure how they happen. Here are three examples of real-life attacks and how they happened, so you can consider whether you’d fall foul of the same tricks – or if you’re now aware of what to look out for.

WannaCry attack

May 2017 was an inauspicious month for the world’s computers as WannaCry, a ransomware strain developed and unleashed on the world, wreaked havoc on critical systems across the globe. Among those affected by the ransomware was the UK’s National Health Service, which ground to a halt as computers connected to the network were rapidly encrypted and seized up.

Appointments and operations were canceled in their thousands, and it took weeks to return back to normal once a quick-thinking white-hat hacker stepped in to stop its spread.

There were plenty of lessons to be learned from the incident that brought the planet to a standstill, but two of the biggest ones were simple.

Firstly, it’s vitally important to update software and operating systems. The vulnerability had been built into Microsoft Windows, and Microsoft had identified and patched the hole a few weeks before WannaCry arrived. However, too few systems bothered to update their computers. 

And secondly, siphoning off certain vital areas of a network for business continuity is important – particularly in a world where we’re all operating with cloud synchronization by default.

Citrix password spraying breach

We’re all tempted to use easy to remember passwords, but the perils of doing so were never clearer than in March 2019, when Citrix, the remote networking system many big businesses rely on, went offline after hackers believed to be linked to the Iranian government gained entry to the network.

The way they did so was through a method called password spraying, using the sheer might of brute force to guess passwords at an alarmingly large scale, and picking off the easiest passwords such as ‘password123’ and gaining access that way. 

It’s a simple lesson, but it’s one that – given the continued release of lists of the most popular passwords every year – we’re wary of learning:

• Make sure that your password is secure, isn’t easy to guess – and most importantly, doesn’t exist on a list of already-breached passwords. 
• Don’t reuse passwords for different services, and regularly update them if you think they may have been compromised.

REvil ransomware

When cities and towns across America started seeing their all-important demographic data starting to disappear and encrypted by criminals, they knew something had gone wrong. One cluster of incidents affecting 22 Texas towns in August 2019 showed just how quickly such problems can spread – and what kind of impact it can have.

The towns were all hit and were asked to pay up a collective $2.5 million to decrypt the files that had been locked.

They banded together as part of a remediation process that eventually saw the files restored. But how they fell victim was what was most instructive about the whole process. 

Each of the 22 towns had outsourced their IT maintenance to a single vendor who was tricked into opening the ransomware.

The key lesson to take away from the process? Even with the best will in the world, and all the best practices, it can be someone else’s slip-up that affects you.