In the early hours of 12 May 2017, a massive cyberattack with a virus called WannaCry hit multiple organizations across the world, including Britain’s National Health Service (NHS). The attack was wide-reaching and very damaging. According to Europol, WannaCry infected about 200,000 computers in 150 countries in a very short time. The NHS reported that up to 70,000 devices had been impacted, including computers and MRI scanners, with some hospitals having to send ambulances away as a result of the attack.
While it was five years ago, WannaCry is still a warning to businesses that cyberattacks can have dangerous consequences in the physical world. It is not the only one. The Stuxnet virus, possibly created by the US and/or Israel, was discovered after it attacked an Iranian nuclear facility in 2010. And in 2021, one of America’s largest fuel pipelines, between Texas and New York, had to shut down after being hit by ransomware.
Today, there are fears that similar cyberattacks could take place following Russia’s invasion of Ukraine. In fact, as the West implemented sanctions, US President Joe Biden explicitly warned companies and organizations to be alert to the danger of Russian hackers.
Cyberattacks aren’t new, but the stakes are higher today because of what’s called the IT/OT convergence — more and more devices (operational technology) in the physical world are connected to the internet and become potential targets. What are the biggest risks today? Who has the best cyber-capabilities? And how can businesses and individuals protect themselves?
Who’s who in cyberwarfare?
Cybersecurity is complex. Various players have different methods and aims, such as spreading disinformation, slowing or shutting down systems through so-called distributed denial of service (DDoS) attacks, stealing business or government secrets (cyberespionage), or cutting off access to systems and demanding payment for unlocking them (ransomware).
For businesses, adversaries include “hacktivists”, such as the infamous Anonymous group, cybercriminals and even state-sponsored actors. The most serious state-sponsored threats to Western businesses are thought to come from China, Russia, Iran and North Korea (CRINK).
One state-sponsored actor is known as Fancy Bear, a group with links to Russian military intelligence, who are accused of trying to influence the 2016 US presidential election. Another group is the China-linked APT41, known for cyberespionage.
“Their main aim is to obtain sensitive information on other state actors and use this to benefit their national security and political goals,” says Monika Rihma, director of Audere International, commercial intelligence and investigations specialists based in London. “They are equally interested in obtaining commercially sensitive information,” she adds. It is not unusual to see this data sold on the underground criminal internet known as the Dark Web.
“State-sponsored adversaries are usually aligned with the policy aims of their governments,” says Ian Thornton-Trump, chief information security officer at Cyjax, a British threat-intelligence company. “Aims can include disinformation or espionage targeting the military-industrial complex, regional and federal governments and any organization critical of the regime.”
Historically, state-backed groups have focused on stealing information, hacktivists on disrupting services and cybercriminals on monetary gain, says Etay Maor, senior director of security strategy at Cato Networks, specialists in security solutions. “But recently, the picture has been much more complicated. Today, you can find government groups engaging in money theft, hacktivists stealing data and cybercriminals being hired for just about any cause.”
Why cyberattacks are everybody’s business
Successful cyberattacks can be extremely damaging, and preventing them is a high priority for all businesses and governments. Along with the US, Germany is among the most targeted countries. According to the German Mechanical Engineering Industry Association (VDMA), 46 per cent of the companies surveyed in Germany were victims of a cyberattack at least once in 2021.
The current geopolitical climate with the war in Ukraine has increased the risks further for some industries. For example, says Thornton-Trump, some organizations are at risk through outsourced functions, offices or supply-chain partners in Russia or Belarus.
Private individuals aren’t safe either. Anyone can have their Facebook account hacked, and personal data is often found for sale on Dark Web forums. Facebook accounts have frequently been used to trick friends and relatives into sending money. And hacks can be much more damaging if people use the same password for different accounts.
In many households, lots of devices are connected to the Wi-Fi network — including smart TVs, security cameras and voice assistants like Amazon’s Alexa. Many of these devices don’t have the best security and use default passwords that aren’t safe. And as 5G mobile networks expand, the number of connected devices is growing fast. All of them need security to reduce the risk of a cyberattack.
Keeping the hackers out
While the threat is growing, businesses and individuals are showing more awareness of the need to protect themselves. In any organization, the people themselves are usually the weakest security link. This means training is essential to avoid such things as email phishing, in which attackers use extremely realistic-looking emails to trick employees into clicking on links or opening attachments.
“Identity-based attacks have become a favourite tactic, which makes protecting your identity more important than ever,” says Morgan Wright, chief security adviser at SentinelOne cybersecurity platform. “Always use strong passwords, using a password manager to create complex and secure credentials for every site.” Wright advises using a combination of tactics to increase the cost to the attacker — especially multifactor authentication, which creates an extra layer of protection in addition to a password.
Applying security updates when they’re available is important, as is understanding that older technology is often a security risk. “Some hardware and software reach a point when they’re no longer supported by the manufacturer or developer,” says Wright. Although replacing it involves cost, an upgrade can prevent more expensive problems in the future, he says.
At the same time, businesses should keep up to date with relevant threats and make sure they have a plan in place to be prepared for a cyberattack.
“Ultimately, proactive security awareness plans that are reviewed and tested regularly — as well as clear communications on why those plans are needed — provide the best response when calamity threatens,” Thornton-Trump says.
The same best practices should be followed at home, too. “Don’t ignore those update notifications,” says Maor. “Change your default password and always use multifactor authentication for login if possible.”
Looking to the future, we know that, sooner or later, hackers will find ways to use AI. That is a sobering thought, but AI can also be used to defend networks. Ultimately, cybersecurity is a never-ending game of cat and mouse. The hackers are constantly looking for new vulnerabilities, while the security experts try to identify weaknesses before attackers can take advantage of them.
Cybersecurity tips...
- Focus on passwords: Use unique passwords for each account and enable multifactor authentication.
- Don’t forget to update: Update apps and operating systems when available. This protects you from known weaknesses.
- Stay security aware: Look at every email critically, especially emails that ask you to open or click on something. Also, think carefully about data you share on social media.
- Keep up to date: Know what threats may be relevant to your organization. Have a plan ready, including backups to help if ransomware hits.
- Monitor connected devices: Consider every connected device in your business or home and be sure to change default passwords and keep security up to date.
- If you think you’ve been hacked: Disconnect your LAN cable or Wi-Fi. If you’re at work, inform IT and wait for instructions.