Cybercrime wake-up call - Albuquerque Journal

Cybercrime wake-up call

Cybersecurity experts say the massive breach of credit-reporting company Equifax Inc.’s data systems may be a needed wake-up call to galvanize business and government into much more aggressive action to protect online data in today’s hyperconnected cyber world.

Fallout from the breach, which could impact about 143 million U.S. consumers, is mounting, as federal and state-level agencies assess the full extent of the damage. Larger data breaches have occurred in recent years, but the Equifax breach exposed sensitive personal data – names, Social Security numbers, birth dates, and addresses for fully half of the U.S. population.

Equifax faces congressional investigations, class-action lawsuits, inquiries by the Federal Trade Commission and the Consumer Financial Protection Bureau, and action by attorneys general from around the country.

That includes New Mexico Attorney General Hector Balderas.

“Equifax needs to make right by our families,” Balderas said in a public statement last week. “We launched an immediate investigation into Equifax, the circumstances surrounding the breach, and the delay in disclosure to New Mexicans. Our office is working to hold Equifax accountable.”

Equifax is under fire for its actions before and after the data breach, particularly its decision to wait six weeks to publicly disclose the attack after discovering it on July 29.

Details are still scarce, but apparently hackers broke into Equifax through a flaw in the Apache Struts software package that runs one of its online web portals. That generated even more intense criticism, because that software vulnerability had already been publicly known since March, with a software patch available to fix it, but Equifax didn’t apply it until after its website was breached.

That apparently lax security, plus the immense damage cybercriminals could now inflict on consumers and businesses, may convert Equifax into a watershed event that pushes government and industry into much more aggressive efforts to fight cybercrime, according to industry experts.

“Awareness unfortunately comes from attacks like these,” said John Yun, marketing director for California-based cybersecurity firm ZingBox. “They almost need to happen to wake up to the possibilities of hacking. It brings a lot more awareness to the industry and security vendors themselves, as well as consumers.”

An epidemic

Cybercrime had already reached epidemic proportions. Nearly 1.1 billion identities were stolen worldwide through data breaches last year, almost double the 2015 tally, according to the latest annual Internet Security Threat Report released last spring by global cybersecurity firm Symantec Corp.

In the last eight years, such breaches have exposed more than 7.1 billion identities worldwide.

Attacks are radically escalating on all fronts, including massive heists with billions of dollars stolen, and chronic blackmail of businesses and consumers through ransomware that, in the U.S., is forcing victims to pay an average of $1,077 each time to retrieve control of their systems, according to Symantec. The number of ransomware attacks grew 36 percent worldwide last year, and Symantec estimates one in every 131 emails today contain a malicious link or attachment.

Apart from cybercrime, sabotage potentially linked to cyberwarfare by nation states is growing exponentially in frequency and reach, such as the alleged Russian hacking of U.S. elections last year.

And hackers may be gaining control over critical infrastructure. Just days before the Equifax breach, Symantec warned that a group called Dragonfly 2.0 targeted dozens of energy companies last spring and summer. They gained access to utility networks, and in a handful of cases in the U.S. and elsewhere, the intruders had potential control over grid operations, enabling them to cause blackouts if they had actually flipped the power switches.

Also, last Thursday, the U.S. Securities and Exchange Commission revealed that its Electronic Data Gathering, Analysis and Retrieval system was hacked last year. EDGAR processes more than 1.7 million electronic filings annually, including sensitive financial disclosures that can cause enormous movements in the market, sending billions of dollars in motion on stock exchanges in fractions of a second.

A hyperconnected world

Industry experts say the cybercrime tidal wave is less a reflection of hackers becoming more sophisticated than of the explosion of Internet connections and data sharing in today’s hyperconnected world.

RiskSense CEO Srinivas Mukkamala says consolidation of big data leaves companies vulnerable to attackers who need minimal skills to break in. (Dean Hanson/Albuquerque Journal)

“Growing hacker sophistication is a factor, but it’s the evolution in online data sharing that’s creating havoc,” said Srinivas Mukkamala, co-founder and CEO of Albuquerque-based cybersecurity firm RiskSense. “There’s more and more computing and consolidation of big data all in one location, and attackers need minimal skills to break in, while companies need real sophistication to protect themselves.”

In recent years, local data management has given way to national and international management, with data continuously shared across the globe, Mukkamala said. And many of the companies managing or handling that data are startups without the resources and technology to protect against hackers.

The evolution toward an Internet of Things, which refers to thousands of online devices connecting everything from appliances and security cameras to heating and cooling systems in homes and businesses, is creating a whole new cyber world ripe for hacking. In some cases, such as devices in hospitals, that can give criminals control over life and death, said Yun of ZingBox, which is developing new tools to monitor those connections.

At this year’s Def Con hacker convention last July in Nevada, one ZingBox expert demonstrated ability to hack into a widely used brand of IV infusion pump, allowing him to alter medicine flow to a patient.

“There are just so many more devices and services now available online, and they weren’t designed to fend off hackers,” Yun said.

RiskSense employees at work in Albuquerque. The cybersecurity company markets a software-as-a-service platform that constantly monitors and analyzes networks for customers. (Dean Hanson/Albuquerque Journal)

As a result, cybersecurity’s traditional focus on teaching employees what to do and not to do to protect systems is inadequate, said Jack Miller, chief information security officer for cybersecurity firm SlashNext, which created hardware to monitor all traffic on a company’s network.

“We’ve relied too much on training employees, when what we need is better technology to protect systems,” Miller said. “We need tools that rely on artificial intelligence to track and fix things.”

That includes the new technologies being developed by firms like ZingBox and SlashNext. It’s also the foundation on which RiskSense built its business, creating a software-as-a-service platform that constantly monitors and analyzes networks for customers.

It’s the interface between artificial intelligence and humans, plus the sharing of lessons learned among everybody, that will allow industry and government to get ahead of cybercrime, Mukkamala said.

“We have to look at the entire ecosystem,” he said. “Maybe you as an entity are not vulnerable, but who are you connected to and what are you sharing? We don’t operate in silos, but in an ecosystem that creates seamless data sharing and, as a result, seamless data breaches.”

Federal regulation is also critical, Miller said.

“The public needs to push the government and industry leaders to have policy conversations,” Miller said. “We need real transparency with regulations that are prescriptive enough to follow through and implement them. We need much clearer, detailed guidelines on what needs to be done.”

Home » News » Albuquerque News » Cybercrime wake-up call

Insert Question Legislature form in Legis only stories

Albuquerque Journal and its reporters are committed to telling the stories of our community.

• Do you have a question you want someone to try to answer for you? Do you have a bright spot you want to share?
   We want to hear from you. Please email

taboola desktop

ABQjournal can get you answers in all pages


Questions about the Legislature?
Albuquerque Journal can get you answers
Email addresses are used solely for verification and to speed the verification process for repeat questioners.
APS Superintendent Scott Elder to step down at the ...
ABQnews Seeker
The Albuquerque Public Schools board is ... The Albuquerque Public Schools board is parting ways with Superintendent Scott Elder. He was officially given the full position just over two years ago. ...
Details emerge in Albuquerque triple homicide: Police say shooters ...
ABQnews Seeker
Late Wednesday, police detailed what they ... Late Wednesday, police detailed what they believe happened at the Northeast Albuquerque home just before midnight Saturday.
'Money talks': BCSO employees are now the highest paid ...
ABQnews Seeker
Officials hope move will help Bernalillo ... Officials hope move will help Bernalillo County Sheriff's Office recruit and retain
Homicide suspect killed himself, police say
ABQnews Seeker
Police say a man who allegedly ... Police say a man who allegedly killed his ex-girlfriend shot himself on Tuesday in Northwest Albuquerque.
Albuquerque Public Schools poised to deny enrollment based on ...
ABQnews Seeker
The proposal would add language to ... The proposal would add language to the district's existing suspension and expulsion procedures that would prevent APS from enrolling any student who'd been expelled ...
Jury convicts man in shootings of two teenage girls
ABQnews Seeker
Jurors convicted 20-year-old Nathan Peco of ... Jurors convicted 20-year-old Nathan Peco of shooting and injuring two teenage girls but acquitted him of murder in the 2020 incident.
Albuquerque police, DEA seize guns, drugs in operation
ABQnews Seeker
Authorities seized large quantities of fentanyl, ... Authorities seized large quantities of fentanyl, methamphetamine and guns on Tuesday after busting an Albuquerque-based drug ring with alleged ties to a Mexican cartel.
Albuquerque police looking for car involved in Downtown homicide
ABQnews Seeker
The Albuquerque Police Department is asking ... The Albuquerque Police Department is asking the public's help in finding a car believed to have been involved in a homicide in Downtown late ...
Nine in New Mexico and Texas accused of operating ...
ABQnews Seeker
Members of the ring allegedly picked ... Members of the ring allegedly picked up undocumented immigrants in Doña Ana County and El Paso County, Texas, and drove them north, often to ...