Cybersecurity Fundamentals Chapter 5: Recent Cyberattacks and Their Impact

Questions and Answers

What is the compound annual growth rate (CAGR) expected for the insurance business in the next 5–7 years due to cyberattacks?

Between 10-20%

Over 40% (correct)

Exactly 50%

Less than 5%

Which cyberattack devastated Equifax with an estimated loss of over US$150 million?

GitHub DDoS Attack 2018

Power Grid Hacking

VPNFilter Cyberattack

WannaCry Ransom Attack (correct)

How many consumers' data were stolen in the Equifax Data Theft attack?

200 million

Less than 50 million

Over 500 million

143 million (correct)

Which of the following is not mentioned as one of the top cyberattacks in recent years?

Under Armor Account Hacking

What type of critical information was stolen in the Equifax Data Theft attack?

Consumer names and credit card numbers

Which type of cyberattack involves encrypting data and demanding payment for decryption?

Ransomware Attack

What does Professor Gene Spafford imply by stating 'There is nothing like absolute security'?

No system can be 100% secure.

What is the estimated global losses due to cyberattacks in 2017?

$400 billion

Why have higher volumes of losses due to cyberattacks led to an increase in the cyber insurance business?

To compensate for losses incurred.

What is the main reason for the exponential growth of cyber insurance premiums according to Allianz Insurance Corporation?

Rising losses from cyberattacks

What impact do cyberattacks have on companies, businesses, governments, and other organizations?

They cause significant financial losses.

How does the text suggest organizations view security measures and their effectiveness?

As comfort levels with limitations

How is ransomware typically introduced into a system?

Through a malicious email link

What is one way ransomware can spread to other devices?

Through connected networks

Which of the following is listed as a top ransomware vulnerability?

RDP or Virtual Desktop endpoints without MFA

What is an essential part of preventing ransomware attacks according to the text?

Weapons-Grade Religious Data Backups

When did the WannaCry ransom attack take place?

May 2017

Who is believed to have initiated the WannaCry ransom attack according to many countries and investigating agencies?

North Korean authorities or agencies working for the North Korean government

Study Notes

Cybersecurity Fundamentals

• The concept of absolute security is a myth, and security efforts are focused on building comfort levels, which are a manifestation of efforts and their effectiveness and limitations.

Global Cybercrime Damage Costs

• The estimated global losses due to cyberattacks were about $400 billion per annum in 2017, according to the UK Center for Strategic and International Studies.
• The cyber insurance premiums are expected to cross the $20 billion mark by 2025, growing at over 40% compound annual growth rate (CAGR) in the next 5-7 years.

Recent Cyberattacks

• Equifax Data Theft: a cyberattack that devastated the reputation and business of the company with an estimated loss of over $150 million.
• Other notable cyberattacks include VPNFilter, WannaCry Ransom Attack, Peta/Petya, US Election Manipulation, Power Grid Hacking, Shadow Network Attack, GitHub DDoS Attack 2018, and Under Armor Account Hacking.

Equifax Data Theft

• Equifax is a consumer credit rating agency based in Atlanta, USA, handling over 820 million consumers and over 91 million companies worldwide.
• The company has a database of over 7,100 employees and 143 million consumers' data, including sensitive information like names, salaries, personal information, and credit card numbers.

Ransomware

• Ransomware is often spread through malicious email links, infecting systems and spreading through connected networks.
• Top Ransomware Vulnerabilities include:
• RDP or Virtual Desktop endpoints without MFA
• Citrix ADC systems affected by CVE-2019-19781
• Pulse Secure VPN systems affected by CVE-2019-11510
• Microsoft SharePoint servers affected by CVE-2019-0604
• Microsoft Exchange servers affected by CVE-2020-0688
• Zoho ManageEngine systems affected by CVE-2020-10189

Ransomware Controls

• Weapons-Grade
• Religious Data Backups
• Patch Management
• Plan to Fail Well (Incident Response Plan)
• Know who to call!
• Training
• Don't and Testing Your People
• Open that Email Link/Attachment

WannaCry Ransom Attack

• Launched in May 2017, affecting computers from over 150 countries.
• A type of ransomware attack that was initiated to extort money in the form of Bitcoin.
• Many countries and investigating agencies believe that the WannaCry attack was started by the North Korean authorities or the agencies working for the North Korean government.

Description

Test your knowledge of recent cyberattacks, their impact, and cybersecurity fundamentals with this quiz based on Chapter 5. Explore the complexities and challenges of securing systems in the digital age.