GOLDEN VALLEY, Minn. - A new and widespread cyberattack is rippling across Europe, hitting Ukraine especially hard, crippling major companies and banks.
Victims of the cyber attack posted photos of their malfunctioning computers, as a message came across the screen asking for $300 in Bitcoin.
“They want to extort money, so they ask you to pay it in Bitcoins, which are very hard to track and you have no guarantee they can unfreeze your computer after that,” said Dr. Massoud Amin, at the University of Minnesota's Technological Leadership Institute.
As a world-renowned cyber security expert, Dr. Massoud Amin has briefed the Department of Defense and White House about similar threats.
He now directs the University of Minnesota’s Technological Leadership Institute and to understand the risk, shares an analogy he teaches his students.
“Imagine we are the elephant,” said Dr. Amin.
In his analogy, the elephant is the sunken investment for the aging cyberinfrastructure in the United States. Patches are routinely installed, often after vulnerabilities are exploited, to thicken the elephant's skin from mosquitos, or cyberattacks.
While necessary, he says, this is an insufficient strategy for modern and rapidly evolving malicious cyber threats and a layered defense is needed. In this analogy, that defense comes in the form of bats and lizards. The bats can fly around the elephant to intercept incoming mosquitos and proactively defend against harm.
Amin says if any mosquitos penetrate the layer of the bats' defenses, lizards on the surface of the elephant can then stop the mosquitos before they reach the elephant's skin. These layers can be installed as a proactive cyber barrier against attacks. However, implementation of the layered defense depends on the budget of an individual, organization, and/or government, and dynamic agile adaptation in response to emerging threats.
“We haven’t yet developed because we take security for granted when we receive an email we don’t even think about clicking on it,” he said. “The most important thing I think we can do is take a deep breath before we click on things in this rushed society, slow down and think, is this the kind of email I want to open?”
Dr. Amin says this is the new normal. He predicts cyberattacks will evolve to the point that human response will become impossible, but believes protection can begin when we change our own habits, and use caution with every click.
“It’s malicious, causing billions of dollars in losses per year to individuals, enterprises, companies, even more than that, to a national economy,” he said.
The world is still recovering from a previous outbreak of ransomware, called WannaCry or Wannacrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the Web.
Dr. Amin said this latest cyberattack concentrated in Ukraine mirrored the WannaCry virus attack last month, using the Microsoft vulnerability as an entry point.