One would think that over the last 30 years, that’s about how long it’s been since the PC made its way into our hearts, people would pay attention to the experts and make an effort to keep their computers secure. But it’s not just the average person. Companies with million dollar networks and security systems, like Equifax, just become worn out keeping up with all the virus threats out there.
That is when consumers and companies are at their most vulnerable. 2017 is a year that has something old and new for computer security experts to be on high alert for, some making their own international headlines. Here are 5 that have caught the most attention from cybersecurity teams.
Conficker is one of those viruses that is both old and new. Having first appeared on the scene 8 years ago, this virus takes aim at Microsoft Windows computers and exploits a system vulnerability that leaves open doors to steal personal information from networks, including medical records. The thing about Conficker is that Microsoft created a patch to prevent the virus from spreading 29 days before it started infecting machines. To date, it has found its way on to more than 11 million computers, costing computers users more than $2 billion. The virus can be changed easily, so minor changes create an entirely new problem. There has been no answer found to the virus, yet there no longer seems to be any criminal activity connected with its use. The current theory is that the virus is so well-known the hackers avoid taking advantage for fear of getting caught.
For many people, the first country that comes to mind when hearing about this virus is Iran. There is strong evidence that the United States government set this virus loose on Iran’s nuclear power program in 2008. But unlike your run-of-the-mill computer virus, this virus destroyed hardware as well. It was so nasty there is a book written about it, calling it the world’s first digital weapon. Stuxnet laid the foundation for virus attacks on industrial complexes, such as the recent attack in the Ukraine city of Kiev, which was traced back to the Soviet Union as the country of origin. Variations of Stuxnet have been created to bring down infrastructure systems, such as electrical grids and water filtration plants. Industroyer is the current variant but more can be expected if its creators are satisfied with its destructive force.
WannaCry continues to be in the news, as electronics manufacturer LG electronics was infected in August of this year. Technically, WannaCry is ransomware, but for the person or company that has the ransomware message appear on their screen terminology is not important. Their computers are infected and it will cost them time and money to repair the damage. What makes WannaCry such a frustrating virus is that the fix is available, but for whatever reason users do not want to update their systems. WannaCry makes this list because it shows what happens when users think a threat has come and gone, and let their guard down. Unlike the Equifax data breach, which was simply a matter of laziness, infected WannaCry victims choose to leave their systems unprotected because they are too lax about the ever changing threats to the cyber world.
When is a virus not a virus? Um, when the cybersecurity experts aren’t sure themselves. Actually, NotPetya is designed to imitate the Petya ransomware virus, essentially getting the experts to go down the wrong path. Now that the virus has been unmasked, there have been fixes created to prevent its spread. But the ransomware demanded a mere $300 in Bitcoin, bringing the experts to conclude that its intent has also been disguised. Its intent is not to extort money, but to destroy files. This makes it particularly horrible. What is even worse, as if things could get worse for the infected user, is that paying the ransom is useless because the creators of the virus cannot unlock your system. So once you are infected, your condition is terminal.
Eternal Blue in and of itself is not a huge problem since a fix has been provided by Microsoft. But the stolen National Security Agency (NSA) virus code has been used to create several other viruses, including the aforementioned WannaCry and NotPetya viruses. So we should give credit where credit is due. The agency that was supposed to be protecting U.S. citizens from computer viruses has made it possible for a new type of threat to be created. It is also an example of how people who develop bombs will eventually get their fingers blown off. The virus itself attacks Microsoft Windows systems, including Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. In other words, most Windows users. The fix is available from Microsoft, but its viral cousins are still on the loose.