We all know that computers have changed our lives in business and private activities. All our data is now transferred to memory areas resident in the various devices or in the cloud.In many cases, to keep our documents updated and make them accessible from the different devices in our possession, we use applications that allow you to store multimedia content on remote servers then shared by the various devices of the user: for example, the Apple iCloud system allows us to store and make our data available in synchronous mode between iPhone, iPad, iPod touch, Mac and Windows PC. therefore stored in the manner described above, effectively simplifying their management and reducing the physical load on workers. But there are not only the benefits, unfortunately the risks of data theft and damage to systems by hackers have also increased exponentially.
There are different types of hackers, which can also be classified by the different types of attacks and techniques they use.
Some types are listed below:
- White Hat hacker
The first category is that of professional hackers who work for governments and organizations with the task of testing the cybersecurity level of their respective systems: their hacking activity aims to identify weaknesses and correct them immediately to prevent possible external attacks.
These “ethical” hackers are tasked with preventing attacks and protecting and assisting governments, organizations and businesses.
- Black Hat hacker
Black hat hackers attack systems to gain unauthorized access for the purpose of stealing or destroying the system They engage in criminal activity and usually operate with the aim of profiting from stolen data to sell it to others or to obtain ransom from the company itself in order to unlock its use.
- Gray Hat Hacker
They are experienced hackers but they act for fun, experimenting with actions to crack the defenses of networks and systems. I am classified as a Gray Hat Hacker when they decide to take personal advantage.
- Script Kiddies
They are amateur hackers: they try to hack systems using other hackers' scripts to attract attention.
Their attacks are defined with the acronym DDoS (Distributed Denial of service) or DoS (Denial of service): they direct excessive traffic to a certain IP until it collapses. use.
- Green Hat Hackers
On the hacker scale they are the ones who are learning to become real hackers: they seek opportunities and experiment to grow in the world of hacking.
The list could get longer, but the above types are quite representative of the dangerous hacking phenomenon present in a world that increasingly relies on every activity, every political, economic, social and industrial interest on the networks and on the web, drawing undoubted benefits but exposing itself more and more to the risks of cyber attacks.
It is therefore no surprise that the US government offered a bounty of about $ 10 million for information on the hacker group known as the "dark side", which allegedly led a ransomware attack on a vital 5,500-mile pipeline in May. on the US east coast.
The cyber attack caused an interruption in the service of the Colonial Pipeline company causing a shortage of fuel for several days: it would seem that a ransom of about 4.4 million in Bitcoin was then paid to unblock the situation.
Ransomware-type attacks are becoming more and more frequent because they effectively block the activities of the attacked companies and the latter in most cases are forced to pay a ransom in order to resume their activities.
Small / medium-sized businesses often don't care much about cybersecurity and it is for this reason that they become the preferred target of hackers as their systems and networks are more easily attacked. Their companies are faced with a terrible choice: pay to get data back or lose it forever.
It is estimated that in the USA alone a turnover of a few billion dollars has been estimated for 2021 required for the restoration of data hacked with the phenomenon of computer extortion.
The category of "Black Hat Hacker" is growing faster and faster and these groups are becoming truly sophisticated and well-equipped organizations capable of bringing many strategic businesses around the world to their knees.
How does an attack happen?
There are many ways in which a ransomware attack can be made. Sometimes the ransomware is distributed through the security holes of the operating system of a certain type of device and then infects the entire company system without any careless user action. For example, older versions of Microsoft Windows are particularly vulnerable when they are no longer supported by update patches.
Other times a ransomware can be activated by clicking on a phishing email or by downloading an email attachment: once activated, the virus can take control of a computer or the entire network.
There are basically two types of attack:
Then there are DDoS (Distributed Denial of Service) attacks: in this case the hacker sends a powerful stream of Internet traffic with the aim of slowing down the attacked system and even blocking it. This type of attack is often used to temporarily compromise the effectiveness of firewalls and other security infrastructures in order to have time to install the ransomware.
How to defend yourself?
For some time now, organizations and large companies have taken every precaution to minimize the risk of cyber attacks and not to be caught unprepared.
It is above all small and, often, even medium-sized entrepreneurs who are the most vulnerable if they use networks and systems that are not adequately protected and, consequently, more easily attacked by hackers.
In any case, paying the ransom would already be a very serious damage, but renouncing the release of data could lead to substantial business losses and, in extreme cases, even the closure of the activities / services provided.
In addition to the mitigation of the risk that can be reached by taking out insurance policies, prevention is necessary and, therefore, planning all suitable activities to adequately protect the network and company systems and provide adequate training to users on the subject of behavioral methods for safety and protection from attacks. computer scientists.
The acceptance of risk without adequate investments in security and without its mitigation through insurance policies, can expose a company to strong and heavy consequences in the event of an attack.
In recent years, the percentage of underwriting insurance policies to cover cyber attacks and the awareness of companies to invest in the security of their networks and systems has grown exponentially.
Between 2020 and 2021, at the height of the COVID-19 era, there was a doubling of insurance policies to protect ransomware attacks in response to the huge increase in attacks of this type recorded in the observation period.
It should also be noted that insurance companies are now re-evaluating how much coverage they can afford to offer and how much they have to charge customers.
Before signing a policy, companies ask for detailed evidence on the IT security measures adopted by the company: for example, failure to use multi-factor authentication that requires the user to verify himself in multiple ways, could lead to a refusal to subscription of the policy by the company.
In closing, no company can do without the network and the internet to develop and promote its business and, therefore, must protect itself from attacks by blackhat hackers, a new and very dangerous category of thieves in this second millennium.
by Vito Coviello, AIDR Member and Head of the Digital Technologies Observatory in the Transport and Logistics sector