Vulnerability Impacts - SY0-601 CompTIA Security+ : 1.6

00:06:24
https://www.youtube.com/watch?v=z4JAAjn9d4o

Summary

TLDRThe video outlines the financial and operational impacts of cyber vulnerabilities, referencing a 2018 report that estimated the cost of malicious cyber activity to the US economy at $57 to $109 billion in 2016. It discusses various incidents, including the Meow attack, where unsecured databases were deleted, and the Equifax breach, which exposed sensitive data of millions. The video highlights the importance of securing systems to prevent data loss, identity theft, and financial repercussions, as well as the reputational damage organizations face after breaches. Additionally, it addresses the downtime caused by ransomware attacks, exemplified by the attack on Banco Estado in Chile.

Takeaways

  • 💰 Cyber activity costs the US economy $57-$109 billion in 2016.
  • 🔒 The Meow attack deleted unsecured databases, replacing data with 'meow'.
  • 📉 Equifax lost data of 147.9 million Americans due to a vulnerability.
  • 💸 Equifax paid over $500 million in fines for their breach.
  • 🏦 The Bank of Bangladesh lost $81 million due to a SWIFT vulnerability.
  • 🚨 Uber faced $148 million in fines for concealing a data breach.
  • ⏳ Ransomware can cause significant downtime and outages.
  • 🏦 Banco Estado in Chile was rendered inoperable due to a ransomware attack.

Timeline

  • 00:00:00 - 00:06:24

    In February 2018, the United States Council of Economic Advisors reported that malicious cyber activity cost the US economy between $57 and $109 billion in 2016. This highlights the financial implications of cybersecurity vulnerabilities, which extend beyond monetary losses to include data loss and reputational damage. A notable example is the 'meow attack' in July 2020, where unsecured databases were deleted without warning, emphasizing the importance of securing databases and maintaining backups. Additionally, the Equifax data breach in 2017 exposed sensitive information of millions, leading to identity theft and significant financial penalties for the company. Another case involved the Bank of Bangladesh in 2016, where vulnerabilities in the SWIFT system resulted in an $81 million loss due to fraudulent transactions. Cyberattacks can also harm an organization's reputation, as seen in Uber's breach in 2016, which led to a delayed disclosure and substantial fines. Furthermore, ransomware attacks can disrupt operations, exemplified by the ransomware attack on Banco Estado in September 2021, which rendered the bank's internal systems inoperable for an extended period.

Mind Map

Video Q&A

  • What was the cost of malicious cyber activity to the US economy in 2016?

    The cost was estimated to be between $57 and $109 billion.

  • What was the Meow attack?

    The Meow attack involved the deletion of databases that had no password or used default passwords, replacing their contents with the word 'meow'.

  • What happened during the Equifax data breach?

    Attackers accessed sensitive information of over 147.9 million Americans due to a vulnerability in Apache Struts.

  • How much did Equifax pay in fines for their breach?

    Equifax paid over half a billion dollars in fines.

  • What was the financial loss at the Bank of Bangladesh due to a cyber attack?

    The bank lost $81 million due to a vulnerability in the SWIFT system.

  • What impact did the Uber breach have on the company?

    Uber faced a $148 million fine and reputational damage after failing to disclose a breach affecting 25.6 million customers.

  • What are the consequences of ransomware attacks?

    Ransomware attacks can cause outages and downtime, making systems unavailable.

  • What happened to Banco Estado in Chile?

    Banco Estado was attacked with ransomware, causing their internal systems to go down.

View more video summaries

Get instant access to free YouTube video summaries powered by AI!
Subtitles
en
Auto Scroll:
  • 00:00:02
    In February of 2018, the United States Council
  • 00:00:05
    of Economic Advisors produced a report
  • 00:00:07
    called The Cost of Malicious Cyber Activity
  • 00:00:10
    to the US economy.
  • 00:00:12
    And they found that the costs were between $57 and $109
  • 00:00:17
    billion in the year of 2016.
  • 00:00:20
    This is a significant financial issue, and one
  • 00:00:23
    that we need to be concerned with regardless
  • 00:00:26
    of our organization.
  • 00:00:27
    Of course, the impacts of vulnerabilities
  • 00:00:30
    are not just associated with finances,
  • 00:00:32
    there are many other concerns that we'll talk about
  • 00:00:35
    in this video as well.
  • 00:00:36
    It is these costs and effects of vulnerabilities
  • 00:00:40
    that drive us in security to make sure our systems are
  • 00:00:43
    as safe as possible.
  • 00:00:45
    One result of vulnerabilities may be the loss of data,
  • 00:00:49
    and in some cases losing the data
  • 00:00:51
    may be more damaging than losing money.
  • 00:00:54
    For example, a database that has no password
  • 00:00:57
    or is using default passwords can be at risk
  • 00:01:00
    for losing the data within that database.
  • 00:01:03
    An example of this data loss started in July 2020
  • 00:01:06
    with what the internet is calling the meow attack.
  • 00:01:09
    This is databases that had no password
  • 00:01:12
    or were using the default password,
  • 00:01:14
    and all of the information in this database
  • 00:01:16
    was being deleted without any type of warning.
  • 00:01:19
    Researchers who were tracking this attack,
  • 00:01:22
    say that thousands of databases has been deleted
  • 00:01:25
    and instead of the data being in the database,
  • 00:01:28
    all of that information has been replaced with the word, meow.
  • 00:01:32
    This is an extreme example of what
  • 00:01:33
    can happen if databases are not properly secured,
  • 00:01:37
    and another reason why it's very important to always have
  • 00:01:39
    a backup.
  • 00:01:41
    Some attackers don't delete the data,
  • 00:01:43
    but instead prefer to steal the data
  • 00:01:46
    and then use that data for their own purposes.
  • 00:01:49
    A good example of this is the identity theft
  • 00:01:51
    that occurred between May and July of 2017 at Equifax.
  • 00:01:56
    Equifax stored information of over 147.9 million Americans,
  • 00:02:02
    over 15 million British citizens,
  • 00:02:05
    and over 19,000 Canadian citizens.
  • 00:02:07
    The attackers were able to gain access
  • 00:02:09
    to names, social security numbers, birth dates, address
  • 00:02:12
    information, and more.
  • 00:02:14
    With all of this information, they're
  • 00:02:16
    then able to steal people's identities,
  • 00:02:19
    open up new lines of credit, and create problems
  • 00:02:22
    for all of the people affected by this theft.
  • 00:02:25
    The vulnerability that allowed this particular identity theft,
  • 00:02:28
    was a vulnerability in Apache Struts that
  • 00:02:31
    was announced on March the 7th.
  • 00:02:33
    Attackers took advantage of a system that was not patched,
  • 00:02:36
    on March the 12th got into the Equifax network,
  • 00:02:40
    and were able to remove all of this data from their systems.
  • 00:02:44
    This was such an extreme attack with such a large amount
  • 00:02:47
    of data, that both the CIO and CIS were
  • 00:02:50
    asked to leave the organization and ultimately Equifax
  • 00:02:54
    paid over half a billion dollars in fines
  • 00:02:57
    for this particular breach.
  • 00:02:59
    And of course, these vulnerabilities
  • 00:03:01
    can cause financial loss as well.
  • 00:03:04
    This particular example is in March of 2016
  • 00:03:07
    at the Bank of Bangladesh, and this is around a vulnerability
  • 00:03:10
    that took advantage of the Society
  • 00:03:12
    for Worldwide Interbank Financial Telecommunications,
  • 00:03:16
    or what the industry refers to as SWIFT.
  • 00:03:19
    Attackers sent messages over the SWIFT network
  • 00:03:22
    to transfer nearly $1 billion from accounts
  • 00:03:27
    at the Bank of Bangladesh to accounts
  • 00:03:29
    that are in the Philippines and Sri Lanka.
  • 00:03:32
    Fortunately, for the Bank of Bangladesh,
  • 00:03:34
    most of these requests were rejected
  • 00:03:37
    because they were not formatted properly when they were sent.
  • 00:03:40
    However 35 of the requests were processed
  • 00:03:44
    and the bank lost $81 million that
  • 00:03:47
    got laundered through the Filipino Casino industry.
  • 00:03:50
    This is not the first time that this particular type
  • 00:03:53
    of vulnerability resulted in financial loss.
  • 00:03:56
    A similar swift vulnerability has taken $12 million
  • 00:03:59
    from Wells Fargo, and $60 million
  • 00:04:01
    from the Taiwanese Far Eastern International Bank.
  • 00:04:06
    Of course, getting hacked is not very good for public relations,
  • 00:04:09
    and it can make your organization have
  • 00:04:12
    an impact to its reputation.
  • 00:04:14
    In many countries there's laws that
  • 00:04:16
    require an organization to disclose the results of a hack.
  • 00:04:20
    And in some cases, especially with public companies,
  • 00:04:22
    that can have an effect on the company's value,
  • 00:04:25
    especially in the stock market.
  • 00:04:27
    An example of one of these reputation impacts
  • 00:04:30
    occurred in October of 2016 with the company Uber.
  • 00:04:33
    This particular breach allowed attackers
  • 00:04:36
    to gain access to 25.6 million customer
  • 00:04:39
    names, email addresses, and mobile phone numbers.
  • 00:04:42
    Instead of disclosing this breach,
  • 00:04:44
    Uber instead decided to have the hacker sign
  • 00:04:47
    a non-disclosure agreement and gave them $100,000
  • 00:04:52
    to not say anything.
  • 00:04:53
    Ultimately, the pressure regarding this breach
  • 00:04:56
    required Uber to announce the hack in November of 2017,
  • 00:05:01
    and in 2018 they paid $148 million in fines.
  • 00:05:06
    The hackers associated with this breach
  • 00:05:08
    pleaded guilty in October of 2019.
  • 00:05:10
    And to continue the reputation impact to Uber,
  • 00:05:14
    Uber's former Chief Security Officer
  • 00:05:16
    was charged with obstruction of justice,
  • 00:05:19
    and misprision of a felony.
  • 00:05:22
    If you don't lose any data and you don't lose any money,
  • 00:05:25
    you could still lose uptime and availability.
  • 00:05:28
    Someone taking advantage of a vulnerability
  • 00:05:30
    could cause outages, downtime, and cause a system
  • 00:05:33
    to become unavailable.
  • 00:05:35
    A good example of this are the outbreaks of ransomware
  • 00:05:38
    that we're seeing that are bringing down
  • 00:05:39
    some of the world's largest networks.
  • 00:05:42
    For example, in September of 2021 of Chile's largest banks
  • 00:05:45
    Banco Estado was attacked with ransomware that took out
  • 00:05:49
    all of their internal systems.
  • 00:05:51
    The bank was effectively out of business internally,
  • 00:05:54
    and were not able to process anything
  • 00:05:56
    on their internal network.
  • 00:05:58
    Fortunately, their network was segmented
  • 00:06:00
    and the public facing services were still up and running.
  • 00:06:04
    The bank had to delete everything
  • 00:06:06
    that was on these internal systems,
  • 00:06:07
    restore from known good backups, and that process
  • 00:06:10
    caused the bank to be out of business
  • 00:06:12
    for an extended period.
Tags
  • cybersecurity
  • data breach
  • financial loss
  • identity theft
  • ransomware
  • Equifax
  • Meow attack
  • Bank of Bangladesh
  • Uber
  • vulnerabilities