Sunday, May 24, 2020

Historic Hacker Hi-jinks

Welcome back reader! This will be my final post for my CYBR 650 course work.  Hopefully, I'll be able to keep writing every now and then. Last time, I gave you some information on why hackers hack.  My professor graciously gave me an alternative definition; "technical adeptness and a delight in solving problems and overcoming limits."  This comes from a 1990 article by Eric Raymond, which can be found here, http://www.catb.org/~esr/faqs/hacker-howto.html.

tl:dr

Most of my posts have talked about increasing your personal cybersecurity or general tips on protecting yourself while connected to the Internet.  I've given you the "how," but I haven't focused on the "why" to do the things I've talked about.  This post will talk about the history of cyberattacks, looking at some of the worst attacks in history.

What is a Cyberattack?

A cyberattack is a computer, or network of computers, used to deny, degrade, disrupt, destroy, or manipulate services or data on a target computer or network of computers.  In the military cyber community, these methods are also referred to as D4M.  However, these types of effects equate to similar outcomes in the civilian world as well.  Cyberattacks can have specific targets or be indiscriminate.  They can be designed to steal information or cause physical destruction of systems.

Indiscriminate Attacks

WannaCry ransomware attack - Wikipedia
These attacks don't care who they infect, they infect every system they can get their grubby little hands on.  As time passes, these types of attacks have gotten worse.  One of the most recent attacks was the WannaCry ransomware attack.  WannaCry took advantage of a vulnerability in the Windows Server Message Block (SMB).  Once the SMB vulnerability was exploited, WannaCry encrypted files on the hard drive, making them inaccessible to users, and then demanded a ransom to be paid in BitCoin before decrypting the files.  This attack occurred about 2 years ago, you can read more about it here: https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html.

Targeted Attacks

These types of attacks tend to be a little more "newsworthy" because of the targets, which have included Target (2013), Home Depot (2014), and Sony's PlayStation Network (2011).  Most recently, the World Health Organization (WHO) was breached in March 2020, and WHO staff member credentials were leaked.  You can read more about any of these just by using our friend Google, but info on the WHO attack can be found here: https://www.bbc.com/news/technology-52381356.

Destructive Attacks

The first time I remember reading about a destructive attack was the 2007 cyberattack against Estonia.  This attack targeted government sites, news sites, major banks, Internet service providers, and small businesses.  It essentially shut the Internet in the country down with a distributed denial of service.  More information can be found here: https://www.wired.com/2007/08/ff-estonia/.
Shamoon - Wikipedia
One of the most destructive attacks was the Shamoon virus, in 2012.  The Shamoon virus was designed to wipe infected systems, overwriting the information with garbage data.  The target of the Shamoon virus was workstations within the Saudi Aramco infrastructure; 30-35,000 of them, and it worked.  In only a few hours, all of these workstations were either partially or completely destroyed.  

Think about that for one minute...30,000 computers, all wiped and their hard drives unusable, destroyed.  All of these computers needed replacement hard drives.  Even at $50 per hard drive, the cost is $1.5 million, PLUS the cost to pay people to reinstall all of the software.  What about the time investment?  This was an extremely expensive attack and you can read more about it here: https://money.cnn.com/2015/08/05/technology/aramco-hack/, and here: https://www.zdnet.com/article/shamoons-data-wiping-malware-believed-to-be-the-work-of-iranian-hackers/.

The Future?

Why am I telling you about the past?  Partially because we can learn from it and defend our networks better in the future.  The other reason is directly related to the situation we are in right now, a COVID-19 world.  In a May 14, 2020 article, Stephen McBride predicted the largest cyberattack in history will occur within the next 6 months.  I won't repeat everything he said, but here is the basic break down.  Organizations have had to adjust their infrastructure to allow their workforce to work from home.  These adjustments were done quickly and maybe not in the most secure manner.  Regardless of the quality of security, the attack surface of many organizations has increased exponentially.  You can Mr. McBrides article here: https://www.forbes.com/sites/stephenmcbride1/2020/05/14/why-the-largest-cyberattack-in-history-will-happen-within-six-months/#5aa7c2be577c

Finally, you need to secure your system to protect yourself.  If you work from home, you need to secure your system to protect your organization as well.  

Sunday, May 17, 2020

Hazerdous Hacker Hacking

Welcome back ready, this is another CYBR 650 post.  This post comes a few weeks after we talked about cloud capabilities.  The two prior posts talked about hackers using the COVID-19 pandemic as a subject for phishing attempts as well as attacking video teleconferencing software.  These posts got me thinking, do you know why hackers hack?

tl:dr

This blog has been all about protecting your computer system from hackers.  But why are we worried about hackers?  Why do hackers hack?

What is a hacker?

Most famous hackers in history - Panda Security Mediacenter
According to dictionary.com, a computer hacker is simply someone that uses computers to gain unauthorized access to data.  That data could be anything from business information or personal documents on your hard drive.  Hackers wear one of three different colored hats, black, white, or grey.  Regardless of the type of hacker, their motivations vary based on the goals of the hack are.

Hacker Types

Hackers wear one of three different colored hats defining the initial motives behind their actions; black, white, or grey.  A black hat hacker is the kind we generally think of when we think of hackers, the bad guys.  Black hat hackers break into networks to steal, manipulate, or destroy data.  Thankfully, a balance exists in white hat hackers.  These hackers are also known as "ethical hackers."  The goal of the white hat hacker is to discover security vulnerabilities to strengthen a network.  In between the black and white hats are grey hat hackers.  These hackers begin with good intentions like white hats, but perform their actions without permission.  Once a vulnerability is found, they report it to the system owner with a demand for compensation.  If they don't get what they ask for, a grey hat hacker may exploit the vulnerability or sell the exploit to black hat hackers.(https://www.appknox.com/blog/why-do-hackers-hack)

Why Hackers Hack

Office Space What Would You Say You Do Here GIFs | Tenor

Even within the different categories, motivations can differ greatly based on the type of hacker.  For the most part, we are going to assume that these motivations are connected to the black hat hacker.

Criminals

Criminals are motivated by financial gain, fame (or infamy), revenge, or increasing their professional portfolio.  The targets of these motivations are numerous and all depend on the goal at the time.  The methods used include theft or denial of service.

Hacktivists

Hacktivists are motivated by an ideology.  Hacktivists feel that they have something to prove in relation to a political or social issue.  The actions they take are designed to persuade the hearts and minds of whomever sees their message.  The methods for hacktivism must be seen to be effective, so they generally include defacement of websites. 

Nation States

Nation states can use hacking to enhance their state of national security or to gain information as a means of control.  Nation states target other nations or dissidents that oppose the official national policy.  Nation states use teams with a variety of abilities categorized in groups called advanced persistent threats, or APTs.  More information of known APTs can be found here: https://attack.mitre.org/groups/

Terrorists

Terrorists use hacking techniques to instill fear in their targets.  To increase their audience, they usually choose high visibility targets.  Similar to hactivists, terrorists can use defacement tactics or destruction of their targets.

Insider Threats

Insider threats have a variety of motivations ranging from monetary gain, revenge, ideology, or stroking their own ego.  The target is usually their employer, but could be an organization that does business with their employer.  Methods can include theft or destruction of data.

Now that you know the different types of hackers and what motivates them, you should have a greater understanding of the potential threat.  This information doesn't necessarily help you to defend against hackers, but it does put you in their minds.  The understanding does help you look at your network differently and hopefully change tactics for defense.