Tuesday, July 12, 2022

Principle of Information Security: Module 2 The Need for Information Security (Part 12)









Information extortion, also known as cyberextortion, is common in the theft of credit card numbers. For example, the Web-based retailer CD Universe was victimized by a theft of data files that contained customer credit card information. The culprit was a Russian hacker named Maxus who hacked the online vendor and stole several hundred thousand credit card numbers. When the company refused to pay the $100,000 blackmail, he posted the card numbers to a Web site, offering them to the criminal community. His Web site became so popular he had to restrict access.















Another incident of extortion occurred in 2008 when pharmacy benefits manager Express Scripts, Inc., fell victim to a hacker who demonstrated that he had access to 75 customer records and claimed to have access to millions more. The perpetrator demanded an undisclosed amount of money. The company notified the FBI and offered a $1 million reward for the arrest of the perpetrator. Express Scripts notified the affected customers, as required by various state laws. The company was obliged to pay undisclosed expenses for the notifications and was required to buy credit monitoring services for its customers in some states.


In 2010, Anthony Digati allegedly threatened to conduct a spam attack on the insurance company New York Life. He reportedly sent dozens of e-mails to company executives threatening to conduct a negative image campaign by sending more than six million e-mails to people throughout the country. He then demanded approximately $200,000 to stop the attack, and next threatened to increase the demand to more than $3 million if the company ignored him. His arrest thwarted the spam attack.


In 2012, a programmer from Walachi Innovation Technologies allegedly broke into the organization’s systems and changed the access passwords and codes, locking legitimate users out of the system. He then reportedly demanded $300,000 in exchange for the new codes. A court order eventually forced him to surrender the information to the organization. In Russia, a talented hacker created malware that installed inappropriate materials on an unsuspecting user’s system, along with a banner threatening to notify the authorities if a bribe was not paid. At 500 rubles (about $17), victims in Russia and other countries were more willing to pay the bribe than risk prosecution by less considerate law enforcement.


Figure 2-13

The latest type of attack in this category is known as ransomware. Ransomware is a malware attack on the host system that denies access to the user and then offers to provide a key to allow access back to the user’s system and data for a fee. There are two types of ransomware: lockscreen and encryption. Lockscreen ransomware denies access to the user’s system simply by disabling access to the desktop and preventing the user from bypassing the ransom screen that demands payment. Encryption ransomware is far worse, in that it encrypts some or all of a user’s hard drive and then demands payment. (See Figure 2-13.) Common phishing mechanisms to get a user to download ransomware include pop-ups indicating that illegal information or malware was detected on the user’s system, threatening to notify law enforcement, or offering to delete the offending material if the user clicks a link or button.


In 2013, a virus named CryptoLocker made the headlines as one of the first examples of this new type of malware. More than $100 million in losses were attributed to this ransomware before U.S. federal agents, working with law enforcement from other countries, identified the culprits and seized their systems. The hackers behind CryptoLocker also ran Gameover Zeus Botnet, a server farm that used other hackers to spread the malware. The leader of the hacker group was the Russian hacker Evgeniy Mikhailovich Bogachev, a.k.a. Slavik, who is still at large and still listed on the FBI’s Cyber Most Wanted.


In 2017, the ransomware WannaCry made the headlines as it swept through cyberspace, locking systems and demanding payments in Bitcoin. The ransomware attack was cut short when a researcher discovered a flaw in the attack that contained a kill switch, preventing the attack from spreading. Software companies like Microsoft quickly issued patches that further stopped the infection. Several governments asserted that the North Korean government was behind the attack.


In 2019, the FBI’s Internet Crime Complaint Center received more than 2,000 complaints identified as ransomware, with estimated losses of almost $9 million.


0 comments:

Post a Comment