The breach at US credit reporting company Equifax is one of the biggest to date.
Sometime in late July, cyber criminals infiltrated their supposedly secure system to steal the personal details of 143 million Americans, roughly half of the population.
They secured names, social security numbers, birth dates and driving licence numbers, all of which will be offered for sale on the dark web to the highest bidder.
Equifax is a credit reporting company that tracks the financial history of American consumers, making its servers a prime target for criminals trading in a rapidly expanding multi-billion euro industry.
Those responsible for the Equifax hack had hit the cyber equivalent of the Euromillions, providing both further evidence that cyber criminals are getting better at what they do, and a timely warning that Ireland needs to be better prepared to face the challenges ahead.
Around the same time as the Equifax attack, there was an attempt to infiltrate our national power grid in County Donegal. Someone, somewhere had sent an official looking email to an ESB engineer with an infected link in what’s known as a “spear-phishing” attack.
Thankfully, there was no breach of the computer system which controls the flow of electricity to our homes and offices, but it served as a timely reminder that international criminals – or even a foreign State – have our country in their sights.
By now, every Irish worker will have returned to their computer, their summer holidays a distant memory.
This return to productivity in the Irish workforce has been matched by a ramp up in the number of cyber-attacks, which have increased significantly in the past few days after a period of relative calm.
Cyber-criminals, too it seems, take holidays.
So far, nothing has emerged that would match the devastating power of ransomware like WannaCry or Petya, but it’s only a matter of time before another critical security lapse is identified and sold to the highest bidder on the dark web.
In 2016 alone, there was a 937% increase in the number of stolen financial records when compared with the previous year. Three years ago, cybercrime was estimated to have been a $100 billion dollar (€830 million) industry. By 2019, it will grow to approximately $2 trillion (€1.66 trillion).
It is now easier than ever for people with little or no hacking skills to go onto the dark web and purchase specially designed hacking tools to target victims.
There are no police to stop them, no checkpoints to catch them in the act – only a criminal free-for-all that is the 21st century equivalent of the Wild West. Online extortion, identity theft, company bankruptcy, digital vandalism and cyber-terrorism have been identified as the key areas for growth in this underground empire, where like-minded criminals and even nation states are collaborating to maximise both damage and profit.
The recent WannaCry and Petya attacks showed how vulnerable computer networks can be.
Danish shipping giant Maersk had 1,500 key applications shut down for five days at a cost of nearly €248 million.
Reckitt Benckiser, the company behind Dettol, Neurofen and Durex, suffered a similar attack that cost them an estimated €109 million in lost revenue.
Computers at both companies were subject to hacks originally designed by the US National Security Agency as cyber weapons, but which ended up being sold on the darknet to the highest bidder.
All industries are at risk, but none more so than healthcare.
There is a high demand for medical records on the black market as they are more valuable than financial records. Your electronic health records can sell for as much as €40, compared to just €1 for your credit card.
The medical records are more valuable because their theft is harder to detect and more difficult to resolve.
You can cancel your credit card, but you cannot cancel your medical history.
Healthcare institutions have limited budgets for cyber-security and a general lack of security awareness, which is the perfect recipe for criminals looking to attack a vulnerable target.
Hence why the NHS was so readily targeted by WannaCry, and the HSE had to take significant action to prevent its spread here.
So how is Ireland vulnerable?
On a State level, the recent White Paper on the future of the Irish Defence Forces recognised how a shortfall in capital spending had impacted on our ability to deal with international cyber-terrorism.
However, the immediate threat is to the individual.
A recent study found that 60% of Irish people still open emails from people they don’t know. This presents the dream scenario to hackers who usually leverage social engineering or email as a primary attack vector, relying on users to download and execute a malicious payload.
Once the software is unwittingly installed on a victim’s computer, the hackers can launch an attack that locks all files it can find within a network.
Public awareness of “phishing” has grown significantly in recent years, but it has been outstripped by increased sophistication on the part of the hackers. Companies need to ensure that their employees are as aware of the risks behind phishing emails and social engineering as they are of leaving the front door wide open when leaving work each evening.
Equally, they need to ensure their systems are fully up to date and patched against the vulnerabilities that cyber-criminals exploit to remotely lock entire networks.
Recently, we have seen numerous organisations falling victim to what is known as “remote-code execution”. There are a variety of custom-built kits now available for sale on the dark web that allow hackers to easily infiltrate what its owners thought were secure systems, cause havoc and demand a ransom.
Ireland is less likely to be directly targeted by a specific cyber-attack than the US, but is extremely vulnerable to something designed to cause a global impact. There are many layers of cyber criminal – from the lone operator in his basement, to nation states seeking to disrupt and damage their enemies.
Some of your personal details may already be available for sale on the dark web awaiting a purchaser. The only certainty is that the next attack is coming – the only question is when.