It is fall season, and as the leaves change and darkness comes earlier, who doesn’t enjoy sitting back and watching a classic scary movie? It’s a national pastime.
Fortunately, with even the spookiest of movies, the fright ends with the film—even if we keep scaring ourselves as we turn the corner in our homes at night. Unfortunately, the same cannot be said for cyberattacks.
Capable of shutting down businesses, costing billions of dollars annually, and forcing organizational restructuring as companies prioritize security, the worst cyberattacks can stick to the national consciousness for years. After all, they can continue to harm businesses well after a breach has occurred. That is why it is essential to evaluate what could have been done differently to prevent similar risks from haunting your business.
These are three of the scariest cyberattacks in United States history and what can be learned from them to protect your business’s most critical asset—your data.
A Nightmare on Sony Street
In November 2014, a cybergang with reported ties to the North Korean government hacked Sony Pictures Entertainment via a coordinated email phishing campaign. The infiltrators released terabytes of sensitive data, including personal information of more than 4,000 current and former employees, deleted files from network computers, and posted valuable Sony intellectual property. Namely, five previously unreleased films.
What the attack is most remembered for, though, are the terrorist threats made against Americans considering going to see the upcoming Sony movie, The Interview, about the assassination of North Korean leader Kim Jong Un. Cryptic messages pointed to a “bitter fate” for those that dared to see the film. Fearing these threats, Sony chose to pull The Interview from theaters, sparking backlash around the country, including from President Obama, who rejected the thought of ceding to the demands of terrorists.
Sony’s network was shut down for multiple days, costing productivity and profit. Further, the studio lost hundreds of millions in revenue from the unsanctioned release of its films while also suffering severe reputational harm from its handling of the cyberattack.
While the brand damage Sony suffered was a public relations issue, the initial hack and subsequent multi-day system shutdown offer valuable material to inform better security practices for your business.
Train Employees to Recognize Phishing
To penetrate Sony’s network, the cyber gang utilized a series of phishing emails that appeared to come from the Facebook accounts of company employees. The emails contained attachments to destructive malware that led to the series of problems Sony faced.
Cybersecurity and, specifically, phishing awareness training is continuously necessary for employees. Bad actors constantly improve the authentic feel of phishing campaigns, and employee education needs to keep up.
Interestingly, the same emails Sony received were simultaneously sent to AMC Studios, but we do not associate AMC with the Sony hack. Why? Because the phishing attack failed at AMC. AMC had effective employee training, and subsequently, their precious data stayed protected, mitigating the risk of a similar PR nightmare.
The Haunting of the Colonial Pipeline
In May 2021, Colonial Pipeline, operator of the largest petroleum pipeline in the United States, suffered from the greatest ever cyberattack on American energy infrastructure. The ransomware attack forced the company to completely halt the oil-delivery system for several days leading to gas outages, panic-fueling, and spiked prices across the East Coast, where it supplies almost 50% of the gas.
Reports from Bloomberg indicate that the breach occurred due to a single leaked password found on the dark web. Attackers used this old account to login into a VPN that provided remote access to Colonial Pipeline servers. The hackers only required the username and password for the account because it did not have multi-factor authentication (MFA).
The criminal group that propagated the ransomware demanded payment of 75 bitcoin—equivalent to $4.4 million—to return network operations to Colonial Pipeline. In a similar decision to Sony, the company chose to adhere to the attackers’ demands and paid the ransom. However, the costs did not stop with the payment. According to CEO Joseph Blount, it cost Colonial Pipeline months of employee hours and tens of millions of dollars more to completely restore its systems.
The Importance of Penetration Testing
In testimony to the U.S. Senate Committee on Homeland Security and Governmental Affairs, Mr. Blount indicated that the VPN system exploited by the criminal group was no longer in use. However, though not technically in use, this part of the company’s network was still operational. Making matters worse, the lack of MFA meant the system was infiltrated with a simple password and username.
The company could have recognized this vulnerability in its security posture if it had conducted regular penetration testing of its network systems and applications. Designed as a simulated attack on your company conducted by cybersecurity experts, pen tests seek to identify exploitable security flaws and vulnerabilities before bad actors do.
For example, Initial Access Brokers (IABs) underpin a massive black-market industry by breaching networks and selling the access they gain to other would-be attackers. Penetration tests serve as an efficient means to beat hackers at their own game.
The best way to prime the security of your business for an attack is to find its security flaws before criminals realize them. That is why we recommend completing penetration testing on your network at least annually to stay up to date with the newest hacking capabilities.
The Silence of the Supplied Water
Most cyber-attacks seek to cause mass disruption or extort for money, but a new trend is seeing criminal groups utilize attacks with the intent of causing mass murder. Colloquially known as “killware,” these breaches are deadly in the most literal sense.
In early 2021, Floridian city Oldsmar experienced such an attack when a hacker gained access to the city’s water treatment plant through remote access software and attempted to poison the water. The software, called TeamViewer, had not been used by the water treatment plant for more than six months. Thankfully, a plant operator was present and noticed the bid to increase the level of sodium hydroxide in the water to over 100x the normal level.
Sometimes the scariest things never quite happen, which is thankfully the case with the Oldsmar water treatment hack. A spokesperson for the facility noted that had the plant operator not acted, an automated shutoff system was set to launch with the detection of any dangerous chemical levels in the water supply. Still, the hack is a wake-up call because the actual infiltration of the remote access system was not detected. Without the presence of a human, or the fail-safe system shut down, the residents of Oldsmar, Florida, could have easily been unwarily poisoned. While this threat was averted, research from Gartner suggests that within the next four years, bad actors will increasingly utilize killware to attempt to murder innocent people.
The Future is Zero Trust
While remote access systems are incredibly convenient, they are a significant point of vulnerability. The sudden explosion of work from home culture that became commonplace during the pandemic and required large-scale remote access systems has begun to pull back as people slowly return to their offices. While many employees will stay remote, others will return to their desks, potentially leaving behind significant risks.
Consider that many small to mid-size cities around the country operate their own water treatment facilities and lack the financial resources to implement the most robust security systems. This attack is unlikely to be an isolated incident then and serves as a valuable lesson for other industries. But what can be done to prevent something like this from occurring to your business?
Adopting a Zero Trust security model would have likely stopped the Oldsmar water hack in its tracks. This security framework requires continuous authentication, authorization, and validation for access to system applications and data. While the specific source of the hack of the treatment plant has not been identified, officials believe a single password secured access to control of chemical levels in the plant.
With a Zero Trust architecture, if a hacker gains access via a compromised password, they would have needed to be granted entry for each layer deeper they attempted to penetrate. Thus, in theory, control of chemical levels would be siloed deep within the network and access would require far more stringent authentication measures stopping the attempted poisoning in its tracks much earlier.
Prevent the Scariest Cyberattacks from Harming Your Business with Sidechain Security
If having a cybersecurity partner with more than two decades of industry expertise conducting security reviews and building reliable cyberinfrastructures sounds useful, look no further than Sidechain Security.
At Sidechain, we specialize in providing analysis unique to the safeguarding of your business. Whether your organization needs to conduct penetration testing to identify vulnerabilities in its security posture, or you require industry-leading employee security training, Sidechain is here to help.
To get started protecting your business from the scariest cyberattacks, sign up for our free security assessment today to gain valuable insight into the current state and effectiveness of your cyber defense.