NEW BRUNSWICK, NJ–While cyber attacks have been propagated in the past, never before has a wave of this magnitude washed over such a wide gamut of systems on a global level.
Federal agents investigated a string of Distributed Denial of Service (DDoS) attacks against Rutgers University in 2015, and a series of “spearphishing” attacks against Democratic Party campaigns in 2016, but the latest trend in cyberattacks is “ransomware.”
With authorities scrambling to remedy a historically large-scale ransomware attack that began Friday, May 12, the “Wannacry” virus spread to 150 countries over a single weekend.
“Should people be scared?” asked Arnie Tiangco, owner of local cyber security company CMIT Solutions. “I think people in New Brunswick should be vigilant.”
Tiangco says simply being careful where you click could help to avoid becoming a victim.
“Just like dealing with phone scams or an email that says, ‘You have an invoice attached,’ you have to always be careful what you click and what information you offer,” said Tiangco.
There’s other precautions companies and individual computer users can take, including making regular back-up copies of important data.
Vulnerability to the latest ransomware attack, Tiagnco added, stems largely from individual users and entire institutuions using antiquated software.
“This makes any organizationusing networked computers particularly vulnerable,” read a statement from CMIT Solutions regarding the attacks. “It also appears to be able to spread to other computers outside corporate networks.”
“[This] will be a wake up call to business to review back-up solutions…and quick,” Tiangco told New Brunswick Today.
The May 12 “Wannacry” attacks involved a virus that presents itself to users as an email or pop-up window – locking users out of their data threatening to destroy it unless a ransom is paid.
The attacks, which remain under investigation, affected roughly 200,000 Windows users in more than 150 countries including China, Japan, South Korea, Germany and Britain.
But Wannacry could just be the beginning of a cyber security nightmare, with researchers telling PC World magazine that they believe other attackers will start to exploit the same SMB flaw as the WannaCry ransomware.
“Microsoft released a patch for this vulnerability in March and, on the heels of the attack… even took the unusual step of releasing fixes for older versions of Windows that are no longer supported,” noted the PC World report.
Initial reports indicate that the perpetrators unleashed the attacks across an array of systems, wreaking havoc on various computer networks.
British public health services were inaccesable for most of May 12, and systems within Russia’s Interior Ministry were affected as well. Meanwhile, internal systems at universities in China were impacted and data was held for ransom in Australia, Turkey, India, Italy, Taiwan, the Philippines, and Mexico as well.
Costs associated with cyber-defense have risen in recent years, with hackers finding new ways to bypass protection protocols and infect the growing number of devices that have access to the internet.
Experts in the field have warned against simply setting up protective measures without following up, as new threats are popping up like whack-a-moles on a global scale.
In 2015, the FBI began a probe after a string of Distributed Denial of Service (DDoS) attacks against Rutgers University, which lasted for three days in March.
The 2015 DDoS attacks on Rutgers networks showed how large institutions can be crippled by relatively simple attacks. That attack bogged down major parts of the school’s network, and left many students and faculty unable to access online learning sites for several days.
Many students also reported that the on-campus WiFi networks were abnormally slow, if they even worked at all.
After the embarrassing debacle, Rutgers cited “$3 million worth of network upgrades” as one of the reasons it increased tuition during the summer of 2015.
But students were upset about the tuition increase and the univeristy still continued to experience network attacks that fall.
Cyber warfare made headlines yet again in the 2016 US presidential election, where a widespread spear-phising campaign led to numerous breaches of computer networks used by the Democratic National Committee, and the disclosure of Hillary Clinton’s campaign manager’s emails.
Spear-phising attacks typically begin with emails from what appears to be a well-known user. The emails then leads to a phony link designed to get the target to submit their username and password to the attacker.
In May, reports circulated that a small percentage of Google users received fraudulent emails attempting to gain access to private information.
In addition to being careful where they click, anyone afraid they may be at risk should make sure they are running the latest software, including antivirus software, and remember to back up their files.