And the Oscar goes to… Cybersecurity!

Imagine if the Oscars’ categories applied to cybersecurity.

1 oscar intro
Davidlohr Bueso (Creative Commons BY or BY-SA)

I want to thank cybersecurity

The Academy Awards “Oscars,” is one of the major film industry awards for excellence in cinematic achievements. In anticipation of the 2017 Oscar awards, cybersecurity company Deep Instinct created its own Oscar-style references highlighting major cybersecurity events that took place in the past year. Guy Caspi, CEO of Deep Instinct, is the director of this production.

2 ransomware
Sean McGrath (Creative Commons BY or BY-SA)

Best Picture: Ransomware

In our cybersecurity speak, our Lalaware would have to be ransomware – a type of malware used to extort money by denying access to an organization’s or individual’s data and holding it for ransom. Ransomware attacks have been one of the biggest cybersecurity threats in 2016.  The threat of ransomware continues to evolve into new strains that develop new capabilities – no longer just encrypting files but preventing the operating system from booting by overwriting the MBR (Master Boot Record), rendering all data on a hard drive unreadable, gathering and publishing information about a person/organization, for extortion/harassment/shaming, and exploiting IoT. There are precautionary actions you can take to minimize the risk of becoming a ransomware victim: back up your files and be diligent about the links you open.

3 vendor
Michael Casey (Creative Commons BY or BY-SA)

Best Supporting Role: Third-party vendor breaches

Third-party vendors have been the culprit in major data breaches at Target, Lowes, Goodwill, and AT&T. Thirty percent of data breaches reported to the U.S. Department of Health and Human Services can be attributed to third-party vendors. In many cases, while enterprises may have a security program implemented, their suppliers and service providers lack such security measures due to limited resources. Their proximity to the enterprise’s valuable data and their lax security measures expose them as prime targets for attacks. Until stronger regulations will come into place, companies should create a Vendor Management Plan that takes into consideration the third party’s ability to meet security expectations and their security controls and processes. It’s also recommended to include vendors in the enterprise’s own data breach response plan and verify whether the insurance plan covers incidents that are under a vendor's control, or purchase broader coverage if possible.

4 comedy
Thinkstock

Best Comedy: Koolova Ransomware

While ransomware has become a relatively quick and easy way to extort money from its victims, Koovla ransomware wants you to get some (comic) relief. This strain of ransomware promises to decrypt – for free – the files it holds for ransom, as long as you educate yourself about ransomware. A new ransomware dubbed koolova appeared with one single feature: The ransomware will decrypt the files as long as the ransom victim reads two blog posts about ransomware and how to avoid falling a victim. The two blog posts are: Stay safe while browsing, from Google’s security blog and Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom, from Bleeping Computer.

5 ukraine
Dmitri Tovstonog (Creative Commons BY or BY-SA)

Best Foreign Language Film: Ukranian blackout attack

A major DDoS attack against the Ukraine power grid enabled the attackers ‫ to cause a power outage in western Ukraine. The attackers used stolen user credentials to remotely access and manipulate the industrial control systems and shut down the power. They relied on deep reconnaissance over a six-month period after they first embedded themselves into the network of three regional energy distribution companies. The attacks went live within 30 minutes of each other. To prolong the outage, the attackers also evidently launched a telephone denial-of-service attack against the utility’s call center to prevent customers from reporting the outage.

6 hotel
Matthias Forster (Creative Commons BY or BY-SA)

Best Original Screenplay Writing: Holding a hotel hostage

If last year’s ransomware attacks were on work (e.g. hospitals and universities), this time, is was on play: Guests of a luxury hotel in the Alps were locked out of their rooms. The attackers hijacked the central key management system, making it impossible to use the key cards to enter rooms, program new key cards or use the reservation and cash desk systems. The hotel paid the 1,500 EUR ($1,605) ransom in Bitcoin, and although all systems were back up again, the hackers had left a backdoor to allow themselves into its systems again. As a result, the hotel replaced their existing systems and delinked several computers to avoid essential services from going down in case of a future attack. If you noticed a ransomware infection on your system before the ransom note appeared, you should shut down your device immediately and disconnect it from the network. 

7 artificial intelligence
Thinkstock

Best Actor: Artificial Intelligence

The combination of recent technological developments making Big Data more readily available and the increase in the processing power of Graphic Processing Units (GPUs) has enabled artificial intelligence (AI) to take a giant evolutionary leap. The accessibility of powerful algorithm-based software has further facilitated the application of machine learning artificial intelligence. As a response to increasingly threatening and volatile cyber-threats, we’re seeing more and more cybersecurity companies incorporate AI capabilities to their solutions.

Send your nominations over to our Facebook page.