Cybercrime threatens us all, including Google
Late last year, Google experienced a serious malware infection dubbed ‘Gooligan’ that continued to affect over a million Android users worldwide for a number of months. The attack was part of a bigger scheme called Ghost Push, which installed malevolent software in apps from the Google Play store. Google has had previous problems with their multimedia library, but Gooligan represents the biggest Android breach on record, causing issues for Drive, Docs, Photos and Gmail. Google has since removed the malicious apps, but it wasn’t a quick fix. An estimated 13,000 devices were impacted per day, costing the company around $320,000 over the course of a month. At around the same time the German parent company of T-Mobile, Deutsche Telekom, also fell foul of a plan to infect home routers with malware. Even though the attack failed, it led to crashes and malfunctions. It’s nothing short of worrying that even major firms can suffer from these breaches. In a world run by data, which safeguards can be set up against the modern epidemic of cyberattacks? Will we ever be able to solve cybercrime?
New hacking strategies
The use of malware is part of a new strategy for hackers that targets everyday users and facilities as well as businesses. This month, London hospital Barts Health NHS Trust was forced to shut down its entire online pathology system in response to a malware attack. Although patient data remained secure, the system was offline for days. Imagine if an electricity or water utility was infected with malware that didn’t just cause a one off panic, but continued to disrupt operations for weeks or even months. In short, it would create total chaos. As powerful as existing cybersecurity software may be, hackers are constantly finding new ways to infiltrate digital spaces. The latest development in cyberattacks is non-malware, which can control computers without requiring any file downloads at all. This, of course, makes them incredibly difficult to detect. Traditional antivirus software, even when powered by machine learning, is useless against this form of attack because it only detects threats when a file is written to a disk. If there’s no file, there can be no detection. In 2016, non-malware issues caused problems for 97 per cent of U.S. security company Carbon Black’s customers.
The silver lining. . . Malware (and non-malware) breaches definitely aren’t something to celebrate. However, as well as negatively impacting Google’s image, Gooligan could be the catalyst in finding the answer to cybercrime. Cyberattacks and malicious software is becoming more and more common now that property and wealth is tied up in the digital sphere. Even small companies are likely to experience some kind of online breach, especially as they do not expect to be targeted and neglect to invest in security measures. Despite this unavoidable reality, there are a number of things that businesses can do to lessen their risk of attack, or at least make it difficult for cybercriminals to get a foot in the door. The first and most obvious precaution is to update antivirus software. In response to the relatively new threat of non-malware attacks, organisations can install streaming prevention. Streaming prevention doesn’t just flag up single events, it monitors all interactions between networks, files and browsers. The most important change that businesses need to make is to accept the reality of cyber threats. High-profile attacks like Gooligan will be instrumental in encouraging this.
Malware breaches are incredibly damaging and worrying for victims, but the Gooligan attack might be the motivation that Silicon Valley needs to find a long-lasting, effective response to this type of cyberattack. Perhaps cybercriminals have signalled their own end by taking on tech giants with the resources to fight back. Major players like Google and Amazon have a lot to lose from breaches, and their solution (whatever it may be) could benefit other companies from big utility companies to minor SMEs. For now, businesses should explore innovative new security measures like streaming prevention, as well as backing up any data that exists in cloud-based locations. The killer question, though, is if Google can’t fix it. . . who can?
Has your company experienced a malware breach or non-malware attack? How else might businesses protect themselves against similar attacks? Could tech giants collaborate to find an answer to new hacking strategies? Share your comments below.