Are you sure about your security online?

Ever since my mother was scammed on WhatsApp through a social engineering hack, I have an increased interest in everything around cyber security and how it is impacting the daily life of normal people not working in technology. Here is a fascinating story behind the ransomware attacks lately published on the WashingtonPost (paywall alert).

Although the article is focussing on companies, my expectations are these attacks will move into the consumer space once companies have beefed up their security and it becomes easier to hack a large number of consumers than one or two companies. Millions of small payments are equivalent to one large payment, where the opportunity to infect many consumers might be easier given the lack of protection.

How well protected are you against ransomware? What data is at stake? Family memories in pictures and video, or all your financial information and tax returns? Would you pay for an encryption key? Can you buy personal cyber insurance like companies do?

With more and more connected devices, the likelihood you fall victim to an attack increases. Before you know it, by clicking on a link you open your home network to an attack, and your new connected fridge starts to mine bitcoin or is part of a zombie network.

In the past, I had my WordPress blog hacked. Which was annoying, but could be fixed with a simple re-install and re-upload of all content which I had a backup for. It was a valuable lesson what could happen to my personal files and information, which triggered a system for regular backups, on multiple harddrives and clouds. Also passwords have been in an ongoing refresh cycle to prevent being compromised, but I’m dying for a more scalable solution, since I’m running out of combinations which I can easily remember. Since I don’t want to store passwords in a browser, nor want to write them down, what can I do?

Ransomware & Increased Threads in the Corporate World

There is proof in the growth in the cyber security industry through the increased funding in companies which tackle a small piece of the puzzle. There is a constant race against nation states, hacker consortiums or cyberpunks on the wrong side of the law. Just today, two announcements for new funding rounds in AttackIQ ($44m Series C), which provides a breach and attack simulation system to help businesses validate their cyber defenses (source), and in Arctic Wolf ($150m Series F), which provides security experts to act as an extension of a company’s internal cybersecurity team (source).

Only halfway through the year, 2021 already has surpassed the record-breaking $7.8 billion raised by security companies last year.

According to Crunchbase data, $9 billion has flooded into the sector in 309 deals in the first six months of the year — more than double the $4.4 billion the industry realized in the first half of 2020. The second quarter alone saw $5.2 billion — compared to less than $2 billion for the same quarter last year.

Source

Meanwhile, as a consumer, should you adopt the zero-trust concept in how you navigate online? Not trusting any email attachment or link sent through an instant message from one of your contacts?

Zero-trust was first coined in 2010, but applications are still being discovered and large businesses are being built around the idea. Zero-trust, for those getting up to speed, is the assumption that anyone accessing your system, devices, etc., is a bad actor.

Source

What should you keep in mind or pay attention to as a consumer? I’m starting this research journey myself now, trying to understand the upstream systems which might become an access point to my data, systems or home network. The Solarwind hack was eye opening for my understanding that the weak point might be somewhere else, you do not always have full control over.

Meanwhile, should you rely on the efforts of law enforcement, local governments, or bilateral agreements between nations to take down attack groups (source & i.e. 1, 2, 3, more). Or can you start building up your own defenses?

A couple of articles I’ve collected over just the last couple of months since I started this research journey.

A collection of articles on the Solarwinds hack:

• U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia – Source: Treasury’s hackers used a flaw in a SolarWinds product; SolarWinds, which touts 300K+ customers, says the flaw was the result of a “supply chain attack”
• U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack – SolarWinds: under 18,000 customers were compromised between March and June via an update to its Orion software, leading to DHS, Treasury, Commerce Dept. hacks
• Russia’s Hacking Frenzy Is a Reckoning – Experts say the SolarWinds hack shows that the US still has no good answers to combat “supply chain” attacks, which are “ridiculously difficult” to detect
• A moment of reckoning: the need for a strong and global cybersecurity response – Microsoft identified 40+ customers targeted in the SolarWinds hack, 80% in the US, says the attack is “ongoing” and calls for a global cybersecurity response
• Hackers last year conducted a ‘dry run’ of SolarWinds breach – Sources: hackers conducted a test run of the SolarWinds breach in October 2019, with a version of the malware that didn’t have a backdoor embedded in it
• Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers – Microsoft details the Solorigate DLL file that was used to install a backdoor in SolarWinds Orion and reveals it discovered additional malware affecting Orion
• SolarWinds Hack Victims: From Tech Companies to a Hospital and University
• Attacks on SolarWinds Servers Also Linked To Chinese Threat Actor – Secureworks: a second threat actor targeting SolarWinds flaws, by adding backdoors via Orion bugs, has characteristics that suggest the group is based in China
• Mind the Gap: How the NSA might use SolarWinds campaign to do warrantless spying – Officials say SolarWinds hackers succeeded in part because NSA is barred from monitoring domestic networks, leading to calls for new spying powers for the NSA
• In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage – President Biden’s decision to punish Russia for the SolarWinds hack broke with years of US foreign policy that tolerated cyber espionage
• Top White House cyber official says action taken so far not enough to deter further Russia cyberattacks – Sources familiar with the investigation of SolarWinds breach say hackers from Russia’s SVR intelligence agency likely still maintain access to US networks

Other interesting articles which I would have missed if it wasn’t for my priority in researching this space

• The Worst Hacks of 2020, a Surreal Pandemic Year
• How to Get Rich Sabotaging Nuclear Weapons Facilities
• How the United States Lost to Hackers
• ‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town
• The Most Serious Security Risk Facing the United States
• Thousands of Tor exit nodes attacked cryptocurrency users over the past year
• Here’s what we know about DarkSide ransomware
• WiFi devices going back to 1997 vulnerable to new Frag Attacks
• Pipeline Attack Yields Urgent Lessons About U.S. Cybersecurity
• FBI: JBS ransomware attack was carried out by Revil
• Live streams go down across Cox radio & TV stations in apparent ransomware attack
• REvil ransomware hits 1,000+ companies in MSP supply-chain attack
• Supermarket chain Coop closes 800 stores following Kaseya ransomware attack
• Biden orders probe of latest ransomware attack
• The Pentagon Tried to Take Down These Hackers. They’re Back
• Trickbot Activity Increases; new VNC Module On the Radar

I know it takes a lot of time to keep yourself up to date on all the threads out there. However, if you work online on a daily basis, you’ll need to keep up what it happening.