With over 159-million pieces of data being compromised since the year 2015, it’s easy to see why the cost of data security is on the rise. In fact, the US government has dedicated over one-hundred billion dollars of its budget to target, maintain and thwart off security breaches in the upcoming years from both foreign and domestic hackers. Beyond this, how are hackers impacting our day-to-day lives and how does it stack up, financially, with other threats located around the globe?

Website Attacks

The most frequent vector that an attacker will use to compromise a victim or a business is by exploiting vulnerabilities of a website. Hackers will often use web scraping services and techniques in malicious ways to scour various HTML and JavaScript code contained within a webpage’s infrastructure. By following this method, outsiders can use various software–like Python’s Beautiful Soup module–to extract and understand weak points within the design of certain web pages. Numerous websites have been compromised with this simple approach and lost thousands of dollars, and pertinent user data, in the process.

Social Engineering

One thing that humans all share, regardless of geographical location, is that we are social creatures. Attackers will often use a technique called social engineering to pry apart the fabric of these social interactions to manipulate, steal and influence individuals into performing tasks and revealing sensitive data. Many of the largest companies on the planet, such as AT&T and Amazon, have fallen victim to these types of strategies and unknowingly gave away sensitive data that put clients in a compromised position.

Although social engineering may almost seem like a light-hearted prank, experts believe that these breaches have cost business well over 3-million dollars on average. The most popular technique of social attacks, phishing, is the means of infiltrating a user’s email and ultimately into their system. Ask yourself this: Have you ever opened an email from someone posing as a friend only to find a weird attachment file located within the document? This, in a general sense, is a social engineering attack at work. When a user downloads that attachment, a virus is placed onto the system and propagated throughout the network.

Ransomware

Working in conjunction with social engineering, ransomware acts as a phishing attack on steroids. A recent iteration of this type of attack, and the biggest infection in history, is the WannaCry infestation. Wannacry is a ransomware encryption bug that gets into the user’s system through a phishing attack, as stated earlier. Once the virus is on the user’s machine, it encrypts all of their data and locks down the machine until a ransom is paid to the hacker in the form of BitCoin. This epidemic started on Friday, May 12th, 2017 as an extension of the NSA’s infamous ExternalBlue software. The exploit was found by the NSA and was a means of allowing hackers, from a remote location, to take control over a user’s Windows computer with relative ease. The exploit was then stolen from the NSA and tweaked by a hacker group known as the Shadow Brokers which lead to the inevitable spread of the WannaCry bug. Although speculation around the total cost of damage from the bug are still unclear, it is believed the group only received $55,000 equivalent in BitCoin from various victims.

With these statistics and pieces of information, it’s easy to see how software security and the integrity of our machines is of the utmost importance moving into the future. If you are running a large organization with multiple clients and sensitive data, or you’re the average user that wants to stay protected, these are the areas of interest you need to pay attention to. Failure to change your understanding of upcoming technologies and how to maintain their safety is a dangerous game. Never take your safety, or the integrity of your clients, for granted in the information age.

 

by: Vincent Stokes