Ryuk Ransomware by way of phishing was the culprit behind the Durham, NC cyberattack that ultimately caused the city to shut down its network and disabled the first responders’ systems. Although this ransomware is made up of complicated code, the severity of the attack ultimately came down to the fault of a click. Durham is just another example of people having bad digital safety habits, or lack of education. Even the most sophisticated software cannot help your system if someone welcomes a hacker through the front door.
It should be noted that the successful ransomware attack on the City of Durham is not a consequence of technical issue or negligence but, almost a classic problem with the weakest element in the cybersecurity chain – humans. It is not a misconfigured firewall or broken intrusion detection system that led to the disaster, but a lack of awareness and understanding of modern cybersecurity risks by personnel.
Phishing or, so-called spear-phishing email attacks are quite mature these days. If the attack is conducted by a professional, the phishing email can travel unnoticed through the IT perimeter protection systems and successfully land in a victim’s mailbox. Those emails are carefully written, so not only include the familiar elements of corporate identity, but could also mimic the “writing style” of a manager. Such email can lure the victim into conducting some immediate action, in this case, opening the malicious attachment and, obviously, warn about the severe consequences of not following orders. Who would dare to oppose?
Even more serious are attacks on critical national infrastructure. Those could lead not only to running ransomware in the corporate segment of the network, but also implanting much more dangerous exploits. Those could be aiming specifically at industrial systems, similar to Shamoon, Dragonfly or Triton (almost forgot to mention Stuxnet). The consequences of this type of attacks could be literally lethal, as they could not only disrupt energy or water distribution, for example, and stop thousands of businesses from running. The cost could also be human life.
Attackers are clever and opportunistic and, by trial and error, they are continuously searching for methods which statistically give them the highest probability of success with the lowest effort. Here we have good evidence that old methods still work well. The lesson for the future is that organizations should balance their efforts between investing in the newest technological security solutions and education of their personnel.
No matter how hard you try to protect your network, sooner or later someone clicks on the wrong link – such things just happen. So have a contingency plan and never forget making regular backups. It is difficult to predict the future but it is always a good practice to put a strong emphasis on preventive activities. Have them conducted at the right place and the right time – before it’s too late.