Cyber-attacks are not just in movies as copious of individuals think, they are the veracity of our world. They are simply defined as motivated attacks carried out primarily through the internet subjected to target the general public, cooperate and national organizations. According to presumptions from information technology departments across the globe, the cost of cyber-attracts is estimated at $ 200 billion to about $ two trillion annually. The lump sum has repeatedly incurred due to the increased numbers of computers in the last few years. As most of the transactions and important information are in computers, cybersecurity is now the biggest necessity since our lives revolve around computers (2015).
Young people are unsurprisingly connected by social media platforms posting information about their lives and furthermore, business online transactions by companies has increased the percentages of cyber-attacks. The increasing sophistication of cybersecurity attacks in the world including beleaguered data theft, phishing scams, and other online vulnerabilities demand that people should always remain more of vigilant about securing their systems and information. This for no doubt sets the question of what extent will and has the government developed their cybersecurity departments and should the governments be concerned about all issues on cyber-security.
JP and Morgan chase & Co target of the giant hacking conglomerate
For the last few years, five of the worst cases of cyber-crime in the world have been reported to the justice team and expectedly led to massive losses to the affected groups. One of the cases was back in 2015, it was the JP and Morgan chase & Co target of the giant hacking conglomerate incident, the crime involved three intellectual men who hacked millions of people’s data selling it to some networking companies and receiving millions of US dollars in an unlawful way simplifying it to gaining false profits. According to the federal government of criminal investigation in America. The three men were no longer hacking simply for a quick pay-out, but hacking to support a diversified criminal conglomerate that for no doubt was a serious threat to the Country. According to the executives governing JPMorgan, Operating abroad the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders. It was done by making use of a computer server based in Egypt (2014).
Furthermore, the JP Morgan spokesman implied that the hacking enterprise began in 2007 and allegedly believed that the insertion of pumping up of stock prices, online casinos, illegal money laundering, and illegal bitcoin exchange was the basic procedure’s that led to the hacking procedure. He also suggests that the hacking did not only target their enterprise but even other financial institutions like the Dow Jones & Co. The sad truth about such state of affairs is that such circumstances go unsolved or evidences delayed for years meaning that finally, these cybercriminals are unprosecuted. Nevertheless, the authorities supposed that the criminals associated to the JPMorgan case used about two hundred fake identity documents including over thirty fake passports that are supposedly issued by the United States and other seventeen countries like Israel to aid their criminal scheme.
France elections
The second common and well-known cyber-crime was in France during the 2017 elections when hackers hit Emmanuel Macron with huge email leak ahead of the French polls (nine gigabytes of data). The massive data dumb during the elections had the negative intention of sabotaging a center-left candidate. The leak of dispatches during the France elections run-offs for no doubt appeared far more slap-dash than the Russian hacks and leaks that incapacitated and plagued Hillary Clinton’s campaign last year. In this case, there were assumptions that the French government was fully prepared on the hacking issue while the U.S government was fully convinced that Russia was involved in the pony-trekking process although no traces were found. According to Macron’s report, the hackers had compromised his political party and he was a victim of a massive coordinated hacking but surprisingly he never named Russia or any other culprit behind the attack as expected (2017).
According to political analysts, a month before the hacking a security firm by the name Trend Micro had noted in a report that the Macron campaign appeared to be the focal target of the Russian government-linked hacker group by the name Fancy Bear and also known as Pawn Storm or the APT 28. After the Scholars conducting a comprehensive research on the issue, they unsurprisingly found a phishing domain that had been created by the hacker group in March 2017 designed to target the campaign by impersonating the site that EN March used for cloud data storage. Nevertheless, Macron’s campaigning team had the same opinion as Macron’s where their arguments stated that the hacking attempts had terribly failed. While the 4chain forum statements “Macron’s tax evasion” were allegations fixed to reveal a bad and negative reputation of the able leader.
The bank of Virginia cyber-attack
Cyber-attacks on banks especially in America target‘s mainly the big and well-performing banks like the PNC bank. The attacks are known as the denial of services where a person bombards a bank’s or a company’s website with more traffic that it will ultimately not handle. This makes the aptitude of accessing the site much slower and in some situations, accessing the site becomes possible. Moreover, even the smaller banks in the States face the risks of hacking, giving an example with the bank of Virginia; in a period of eight months, it is said that it lost approximately $2.4 million from cyber-attacks last year.
The first heist took place on 16th of May last year after an employee at the National Bank of Blacksburg accidentally fell victim to a targeted phishing email. The phishing email allowed the intruders to install a corrupt malware on the victim’s Personal computer and to compromise the second computer in the bank, which had the star network that the bank used to handle all debit card transactions for customers. The second poisoned computer unsurprisingly had the ability to manage National Bank customer accounts and their use of the Automated teller machines and bank cards. According to the bank, the hackers were able to disable and change the anti-theft protection with ease and that made it easy for personal identification numbers revelation making the theft much easier for the invaders. During the first breach, the National bank quoted that the bank of Virginia had apparently lost $570,000 during the incident. After the National bank hiring a cyber-security forensic firm by the name Foregenix to conduct some investigations on the hacking, the company determined and pointed out the hacking tools and activities appeared to come from a Russian internet address. On June the same year, the bank had to come up with well-defined resolutions to help cater to such a problem later, so the National Bank implemented additional security protocols known as the velocity rules. The rules were to aid the bank flag specific types of repeated transaction patterns that would happen within a very short period of time. Though even in the presence of programmed measures, the intruders were able to access the financial institution system which took expertly eight months later after the 1st breach (2018).
During the second breach, the intruders were able to regain the access to the banks Star network and more so they were able to compromise a workstation that had a direct access to the Navigator which is a software that is used by the national bank to manage credits and debits to customer accounts’. Prior to the well calculated second heist, the hackers used the bank Navigator system to fraudulently credit more than two million US dollars to various National bank accounts. As the first attack, the intruders conducted their attack on a weekend where they modified and removed all critical security controls and unsurprisingly withdrew the fraudulent credits using hundreds of Automated teller machines. All the while, the invaders used the bank systems in monitoring all customer accounts which the funds were being withdrawn. During the end of the second heist, the intruders were professional, so they had no leave no traces in the process, so they deleted evidence of fraudulent debits from customer accounts. $1833984 is the lost amount that was reported by the bank from the well-calculated breach.
After the second attack, Verizon was hired to conduct an investigation on the attack and according to their results after the analysis’s, the Russian team connected to the 1st heist was the suspect due to alike traces drawn from the first attack. Therefore, Verizon voiced the bank that the malware the attackers used to gain the bank’s information was embedded in a booby-trapped Microsoft word document making it very unpredictable. By the lawsuit filed by the National bank, its insurance policy with Everest National Insurance Company was made-up to cover for two types of coverages. The first one is the computer and electronic crime while the second one is the debit card rider. Conferring to the lawsuit, in June 2017, Everest insurance determined that the two breaches were covered exclusively by the debit card rider. Hence the company advised the bank that it would have zero chances of recovering the lost funds under the C&E rider because of two exclusions in the rider.
The Equifax attack
Other than the bank of Virginia cyber breach, other companies and organization in America have faced similar encounters subjecting them to huge losses. Equifax Agency is an example of the organization’s that have reported hacking cases. The Equifax hacking incident took a systematic process, on March 8, 2017, the United States Department of homeland security computer emergency division. Sent Equifax and several of other companies a notice of the need to patch a vulnerability sported on certain versions of software used by other businesses. Equifax used a software by the name Apache Struts in its online disputes portal, a website where consumers can dispute items on their credit report. On 9th of March the same year, Equifax disseminated the notification internally by email requesting that applicable personnel responsible for the software installation, upgrade their software improving its security platform from intruders (Schleicher).
Furthermore, on March 15, Equifax’s information security department conducted and ran some scans that should have identified any system that faced the risk and were vulnerable to the Apache Struts vulnerability. Equifax’s efforts undertaken on that month surprisingly did not identify any versions of Apache Struts that were subjected to the vulnerability concept. Unfortunately enough, the exposure remained in an Equifax web application much longer than expected, making it Equifax’s fault for the unpatched vulnerability that allowed hackers access personal identifying information. Via detailed and well-compelled investigations, it appears that the first date the attackers accessed the private and sensitive information was on 13th May 2017. From this date to 30th July the same year, there were confirmations that suggested that the attackers continued to access sensitive information exploiting the same Apache Struts vulnerability. This was far much way easy because the Equifax’s security tools did not at least delete the illegal access. On July 29, the Equifax security division observed suspicious network traffic associated with the consumer dispute website where users could investigate and contest issues with the credit report. In response to this, the security department in charge investigated and immediately blocked the suspicious traffic identified. More so, the department never gave up on monitoring the network traffic where they luckily noted additional suspicious activities on July 30, 2017. In response, they took the web application completely offline that day, the unlawful hack was over, but the hard work to figure out the nature, scope, and impact of it was just beginning. On the second of August 2017, consistent with its security incident response procedures, the company retained the cybersecurity groups with an affirmative intention in guiding the investigation while as providing legal and regulatory advice.
Additionally, well ahead after the attack, Mandiant and Equifax’s security department analyzed into details the accessible forensic data with the aim of identifying and understanding any unauthorized activity that popped up on the network. This task was to figure out what actually happened, what parts of the Equifax network were affected, how many consumers were affected, and what types of data was accessed or potentially acquired by the hackers. This effort also included pinpointing and analyzing available forensic data to assess the intruder’s activity, determining the scope of the intrusion, and lastly assessing whether the intrusion was ongoing when the portal was offline (on 30th July). The Madiant group also aided in examining whether the data accessed contained any private classifying information, discovering what data was exfiltrated from the company and in conclusion tracing the data back to unique consumer information. On September 7, 2017, Equifax publically swallowed its pride and announced the breach through a state press release. The press indicated that the breach impacted personal information relating to birth dates, social security numbers, addresses, and some instances, driver license numbers.
North Korean ‘hacker’ charged over cyber-attacks on National Health Service
A years ago, a North Korean citizen by the name Park Jin Hyok was charged by the American government for his efforts in guiding the cyber-attack on the National Health Service. (The attack saw operations canceled and ambulances diverted). The attack also steered to the varnishing of patient records as computers of over two hundred countries were infected with a malware from the intruder (Manila Bulletin). Other than the national health service hack, Park Hyok was also involved in an attack against Sony Corporation four years ago and an eighty million US dollars theft from the bank of Bangladesh in 2016. Astoundingly, it was not instantly clear if Park was working for the North Korean government during the Wanna cry cyber-attack making him available to US law enforcement authorities. But after vibrant and well-conducted investigations, it was not also true as from presumptions that Park operated from China other than North Korea.
The 2017 cyber-attack was the largest to have ever in history hit the health service in America. At least sixty-nine hundred NHS appointments were canceled and up to about nineteen thousand affected in total after the staff was forced to resort to using pen and paper when they were locked out of the computerized system. A detailed and subsequent government report found that the National Health Service trust had been left susceptible because elementary cybersecurity recommendations were not followed. None of the ninety out of three hundred trusts assessed by the NHS digital little before the attack were found to have satisfied the necessary cybersecurity standards.
According to assumptions and presumption from a few sources, it had been reported that nearly all National Health Service trusts were actually using an obsolete version of Windows from which Microsoft had stopped providing security updates 3 years previously. It was also suggested that ninety percent of trusts were using Windows XP, then a fifteen-year-old system making it very risky from external attacks. According to Amber rude, in the immediate aftermath of the hack, it was not possible to confirm whether the patient’s data had previously been backed up. Besides, workers working for the NHS had opinions on the attack, they said that the computers were affected after email attachments were opened, with the computers going down shortly after. On the users with the infected computers, the malware demanded ransoms of $300 in Bitcoin although there was no evidence any NHS organization paid, according to NAO.
Russia interference on America’s 2016 elections
According to political analysts in America, the elementary reason for the Russian government interfering with the 2016 US presidential elections was in to increase the political stability in the States and damage Clinton’s presidential campaigns’ by bolstering the candidacies’ of Donald Trump and his vice president. After an assessment by the office of the director of national intelligence, it is clear that the Russian government sided and favored Trump over Clinton. Vladimir Putin the current president of Russia ordered an influence campaign to harm Clinton’s chances of the presidency and undermine the public faith in the American democratic process. On the seventh of October 2016, the ODNI and the Department of Homeland security stated that Russia was responsible for the hacking of emails with the purpose of interfering with the United States process of conducting its fair elections. Furthermore, according to a report from the Homeland security department on 6th January 2017, the Russian military intelligence service hacked google email accounts of Hillary Clinton’s campaign chairman John Podesta and also hacked Democratic National Committee servers. Though the Russian officials denied any DNC breach and claimed that it was some fake news promoted by the social media platform with an objective of blackmailing the American citizens. Later, in the same year the American president by then, Ballack Obama called the Russian president by phone issuing strict consequences if he would not withdraw his hacking intentions. But, the opposition party led by Donald Trump mentioned the hacking news as allegations and said that the Democratic Party were on a losing position and were using the allegations as a scapegoat. This made the United State Department of the Treasury implement new sanctions on some Russian entities and officials in connection to the cyber-attacks. Moreover, it is surprising that several countries under the European Union have also pursued a sanction regime against Russia by accusing the country of supporting terrorism and interfering in their elections (Newman). Investigations about the Russian influence on the election include counterintelligence investigation by the Federal Bureau of the investigation, hearings by the Senate intelligence committee, and inquiries about possible links between Kremlin and Trump associates targeting a few individuals like Roger Stone.
Conclusion
Government’s face a progressively complex security landscape due to an increased rate of adopting new technology that has to be protected from cyber-attacks. But how serious are the risks posed to the public sector by data breaches and other cyber-attacks? According to estimates from various information technology department’s across the globe, cyber-attacks cost the global economy $440 billion each year. The public sector is always a primary target, but how can the public sector, organizations both large and small manage digital risks?
First and foremost the government should always undertake a risk assessment; this means that the government should conduct a risk management to determine areas of ultimate vulnerability and possible consequences of an attack. Second, the government should precisely understand the worst and most likely scenarios to engineer defense. Lastly, it should probably ensure dialogue between security experts and stakeholders. Agencies and the Administration included should always take an intelligence-led, analytics-based approach; what does this actually mean? It means that effective cybersecurity can no longer rely on the commonly used gates of guards approach (Lobato & Luísa). Thus, advanced analytics can help with cyber threat identification and the intelligence processes. Most of the organizations and political parties do not at any chance invest in the cybersecurity talent. This makes them short on the right skills and competencies to stave off any kind of digital threats that pop in in the computerized systems. Moreover, these organizations should generally ensure that the public service leaders must allocate resources to attacks and build stable and strong cybersecurity teams.
By increasing stakeholders collaboration, the government should ensure that all employees need to understand the risks, outcomes and the security protocol when using mobile devices or operating in the cloud. It should also educate employees about cybersecurity so that everyone can play their part in keeping data safe and by this, for no doubt, the hacking cases can be reduced in a significant figure. Also working with peer organizations, private and academic sector with the motive of minimizing risks. Banks, political parties and other large and small organization should always spearhead the idea of devising a cybersecurity strategy. This means that a crisis response plan is not enough, a well and defined proactive data security strategy should always appear as a necessity.
REFERENCES
“Six Billion Records Hacked So Far This Year: Researchers.” Manila Bulletin, 26 July 2017.
Cyber Security: Hearing before the Committee on Energy and Natural Resources, United States Senate, One Hundred Twelfth Congress, First Session, to Receive Testimony on a Joint Staff Discussion Draft Pertaining to Cyber Security of the Bulk-Power System and Electric Infrastructure and for Other Purposes, May 5, 2011. U.S. G.P.O., 2015
Cyber Security: Hearing before the Committee on Homeland Security and Governmental Affairs, United States Senate, One Hundred Thirteenth Congress, Second Session. U.S. Government Publishing Office, 2016.
Cyber Security: Protecting Americas New Frontier: Hearing before the Subcommittee on Crime, Terrorism, and Homeland Security of the Committee on the Judiciary, House of Representatives, One Hundred Twelfth Congress, First Session, November 15, 2011. U.S. G.P.O., 2012.
Cyber Security: Recovery and Reconstitution of Critical Networks: Hearing before the Federal Financial Management, Government Information, and International Security Subcommittee of the Committee on Homeland Security and Governmental Affairs, United States Senate, One Hundred Ninth Congress, Second Session, July 28, 2014. U.S. G.P.O., 2018.
Lennarz, Hendrik. “Growth Hacking vs. Growth Management.” Growth Hacking Mit Strategie, 2017, pp. 1–17.
Lobato, Luísa Cruz. “Unraveling The Cyber Security Market: The Struggles among Cyber Security Companies and the Production of Cyber (In) Security.” doi:10.17771/pucrio.acad.27784.
Newman, Scott. “Cyber Security Are You Prepared? It Is a Hot I.T. Career with a Big ‘Coolness Factor,” but Training Such as That Offered by Osu-Okmulgee Is Needed to Produce the Highly Skilled Professionals Needed in the Field of Cyber Security.” Techniques, 1 Apr. 2013.
Schleicher, Bob. “Emergence of Cyber Anti-Forensics Impacting Cyber Security.” Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead.