Cyber attacks have grown so big, so fast, and with so little preventive action in place that they’re being compared to a massive iceberg colliding with the Titanic.
“We see the threat coming [but] we haven’t taken adequate action to prevent harm, and every week the threat gets a little closer,” James Lewis, director of the technology and public policy program of the Center for Strategic and International Studies in Washington, was quoted in The Hill.
Last week saw the largest cyber attack in history. A DDoS (denial-of-service) attack at 300 gigabytes per second was aimed at Spamhaus, a European nonprofit organization that works to block spam from the Internet. A mere 50 gigabytes per second can derail a large bank.
Internet Highway Gridlock
DDoS attacks are like a giant traffic jam, where all the cars are trying to enter through a single gate, and everyone must show an ID card to get through. In the case of Spamhaus, CyberBunker, a web hosting service angry over being blacklisted, targeted them with an unprecedented amount of traffic in an attempt to make the service unusable.
As traffic clogged the Internet, other exchanges were affected and Internet slowed for mostly European users.
CloudFare, hired by Spamhaus to deflect the attacks, helped keep the site online. CloudFare’s co-founder and CEO, Matthew Prince, said, “I do expect that this record for the largest attack won’t be held long. [A larger attack] could dwarf this in size. And that may, literally, break the Internet.”
Further damage occurred last week when three scuba divers tried to cut one of the main underwater cables that connects Europe off the coast of Egypt. Disrupting Internet service in Egypt and slowing down Internet connections as far away as India and Pakistan, the congested data was forced to flow the long way around the globe.
USA Launches Cybersecurity Order
In an effort to quell cyberespionage, Obama signed an executive order in February. The recent upsurge in Chinese hackers waging a cyber-spying campaign on U.S. businesses raised new security issues and new measures, including a ban on government agencies from buying China-made computers.
Not only are businesses and government agencies at risk, the people who are infiltrating our critical infrastructure are capable of wiping out “our power grid, our financial institutions, and our air traffic control systems,” Obama said.
So what can you do?
“Clicking the Link” Strategies from the Department of Homeland Security
The Department of Homeland Security offers strategies for helping to prevent cyberattacks, focusing on email attachments. Being educated on the “clicking the link” pitfalls is a critical first step in staying safe. Security tips won’t prevent all serious threats from crashing websites, but they will give you a road map to avoid common traps, including chain letters, email hoaxes, and urban legends.
Check Out These Kitties!
The growing threat has led some employers to adopt a program designed to educate employees with a simulated cyberattack. By sending emails with links enticing people to click to see more adorable kitties, companies are training workers through “ethical hackers” to learn the techniques of true hackers.
DHS checklist for personal cybersecurity:
- Never click on links in emails. Even if you think it’s a legitimate email, go to the site and log on directly.
- Never open the attachments. Retailers will generally not send out emails with attachments. Only open attachments from known contacts and after checking the sender’s email address.
- Do not give out personal information. When on the phone or in an email, either ask for a number to call them back, or contact the agency directly to verify the request.
- Set secure passwords and don’t share them with anyone. Avoid using common words, phrases, or personal information and update regularly.
- Keep your operating system up to date. This includes your browser, anti-virus, and other critical software.
- Pay close attention to website URLs. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
- Turn off email option to automatically download attachments.
- Be suspicious of unknown links or requests sent through text message as well as email. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
Have you been caught unaware through an email or other cyberattack method? What is your experience of cybercrime?