5. Most Hackers Target Small Businesses
Cyber attacks are always in the news, but usually only when they hit large companies or organizations. Yet, how many people know that hackers prefer to target small businesses? According to a recent report from Hiscox, “Forty‑seven percent of small businesses suffered at least one cyber attack in the past 12 months. Of those, 44 percent experienced two, three, or four attacks in the past year, and eight percent had five or more attacks.” Hiscox estimates that the average cost for a hack on a small business amounts to $34,604. ..and this is only the direct cost. It does not include the cost of damage to a business’ reputation and the subsequent loss of customers and clients because of the breach. It does not include the cost of time and materials used to recover from the hack.
But why would hackers target small businesses? First of all, they are easier to hack. This makes them vulnerable to novice hackers. Secondly, small businesses are more likely to pay to recover information lost from a ransomware attack; the most common attack on small businesses. And, finally, though not least in importance, small businesses are often connected to larger firms and offer a gateway into them. Remember that Target was hacked through a small company that worked on its heating systems.
4. Individual Hackers Earn between $30,000 and $2 Million a Year
Obviously, it’s hard to get good data on how much money hackers are making. Most data on this topic comes from surveys of ethical (White Hat) hackers. However, it is not uncommon for some ethical hackers to venture into unethical hacking from time to time (Gray Hat). Hacking is a profitable business. It is also a crime. However, it is the most profitable crime, averaging around 10-15% more income than traditional crimes. Some might think that earning $30,000 a year is nothing to brag about. However, if you live in a third world or developing country, this amount of money would make you enviably rich.
Pure White Hat Hackers earn money by finding bugs that companies pay bug bounties for. Some of these hackers are recruited by companies to hack them so that they can identify weaknesses in their cyber defenses. But, at other times, hackers may, uninvited, hack into a company network and then ask for money to reveal how they did it. In any event, one survey found that dedicated hackers of whatever hat color could earn hundreds of thousands of dollars a year. Keep in mind that unethical hacking income is untaxed.
You may think that hacking is a risky business. Yes, high profile hackers do get caught; yet, most do not. The odds here are in the hackers’ favor, assuming they use simple measures to hide their identity and don’t ask for or steal too much money. The bad news is that, even when a hacker is identified, they are often residents of foreign countries and, as such, are free from prosecution. It should be noted that professional hacker groups or government sponsored groups can make far more money because they can afford to use more sophisticated techniques.
3. US Weapon Systems are Completely Vulnerable to Simple Cyber Attacks
A GAO report in October, 2018, found that most U.S. weapons were vulnerable to potential cyber attacks. “Nearly all major acquisition programs that were operationally tested between 2012 and 2017 had mission-critical cyber vulnerabilities that adversaries could compromise.” And it gets worse. “Cybersecurity test reports that we reviewed showed that test teams were able to gain unauthorized access and take full or partial control of these weapon systems in a short amount of time using relatively simple tools and techniques.”
Modern weapons, such as tanks and fighter planes, have multiple software attack interfaces which can be exploited by hackers in numerous ways. The report states how some of these were compromised.
“In one case, the test team took control of the operators’ terminals. They could see, in real-time, what the operators were seeing on their screens and could manipulate the system. They were able to disrupt the system and observe how the operators responded. Another test team reported that they caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating. Multiple test teams reported that they were able to copy, change, or delete system data including one team that downloaded 100 gigabytes, approximately 142 compact discs, of data.”
Oddly, one of the barriers to good military cyber security is security itself. Cyber attack information may be given a top secret classification. Because of this, a cyber attack in one part of a network cannot be reported to people in another part of the network unless they have top secret clearance. These restrictions on sharing classified information often lead to the consequence that those who most need this information to protect the network cannot access it.
2. US Intelligence Put Backdoors in Huawei Products
Recently, the U.S. government and its allies have been putting a lot of pressure on Chinese telecommunication firm, Huawei. They claim that the company may be installing backdoors on its products to turn them into spying devices for the Chinese government. Although no proof has been presented to substantiate this claim, the U.S. government seems quite sure of its accusations. And there’s a good reason for this.
Back as far as 2009, U.S. intelligence agencies targeted Huawei. They infiltrated its network and even obtained the software code. They, apparently, wanted to follow the products and the communications of those who used them in Iran, Afghanistan, Pakistan, Kenya, and Cuba. They also wanted to see how connected the company was with the People’s Liberation Army (PLA), which would show how closely they were working with the Chinese government. In other words, the NSA had installed backdoors in these products. Here is a section of a secret document that was released by Edward Snowden.
It is possible, even likely, that Chinese investigators eventually found the backdoor and retooled it for their own purposes. So, why is the U.S, government so sure that Huawei products have backdoors? I’ll let you answer that one.
1. A Devastating Backdoor Trojan has been found in Over 90% of Servers
I put this in the number one spot because it has only recently been disclosed and because of its potential to do devastating damage.
According to one source, “Linux powers the servers that run 96.5 percent of the top one million domains in the world”…but that’s not the surprising news. The surprising news is that a new backdoor has been found targeting these servers and, potentially, setting up a compromised network that could launch a devastating worldwide attack. This trojan, named, SpeakUp, by its discoverers at Check Point, has already compromised 70,000 servers with the numbers skyrocketing daily.
It also targets cloud servers, such as Amazon Web Services, and MacOs devices.
At the time of this writing, SpeakUp is being used to install cryptomining software, however, few researchers believe this is its ultimate goal, as it has the sophisticated architecture to launch a far more devastating worldwide attack. Check Point believes the backdoor exploit has been designed by a Russian hacker. It may be that the attack was developed to sell on to others who have a variety of nefarious goals. It is perfectly designed to launch crippling infrastructure attacks.
These are just five of many surprising cyber security facts. I chose these particular facts because few people are aware of them and being aware of them is important. In addition, I believe they give a good idea of just how risky the cyber world is becoming.