Sunday, May 24, 2020

Historic Hacker Hi-jinks

Welcome back reader! This will be my final post for my CYBR 650 course work.  Hopefully, I'll be able to keep writing every now and then. Last time, I gave you some information on why hackers hack.  My professor graciously gave me an alternative definition; "technical adeptness and a delight in solving problems and overcoming limits."  This comes from a 1990 article by Eric Raymond, which can be found here, http://www.catb.org/~esr/faqs/hacker-howto.html.

tl:dr

Most of my posts have talked about increasing your personal cybersecurity or general tips on protecting yourself while connected to the Internet.  I've given you the "how," but I haven't focused on the "why" to do the things I've talked about.  This post will talk about the history of cyberattacks, looking at some of the worst attacks in history.

What is a Cyberattack?

A cyberattack is a computer, or network of computers, used to deny, degrade, disrupt, destroy, or manipulate services or data on a target computer or network of computers.  In the military cyber community, these methods are also referred to as D4M.  However, these types of effects equate to similar outcomes in the civilian world as well.  Cyberattacks can have specific targets or be indiscriminate.  They can be designed to steal information or cause physical destruction of systems.

Indiscriminate Attacks

WannaCry ransomware attack - Wikipedia
These attacks don't care who they infect, they infect every system they can get their grubby little hands on.  As time passes, these types of attacks have gotten worse.  One of the most recent attacks was the WannaCry ransomware attack.  WannaCry took advantage of a vulnerability in the Windows Server Message Block (SMB).  Once the SMB vulnerability was exploited, WannaCry encrypted files on the hard drive, making them inaccessible to users, and then demanded a ransom to be paid in BitCoin before decrypting the files.  This attack occurred about 2 years ago, you can read more about it here: https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html.

Targeted Attacks

These types of attacks tend to be a little more "newsworthy" because of the targets, which have included Target (2013), Home Depot (2014), and Sony's PlayStation Network (2011).  Most recently, the World Health Organization (WHO) was breached in March 2020, and WHO staff member credentials were leaked.  You can read more about any of these just by using our friend Google, but info on the WHO attack can be found here: https://www.bbc.com/news/technology-52381356.

Destructive Attacks

The first time I remember reading about a destructive attack was the 2007 cyberattack against Estonia.  This attack targeted government sites, news sites, major banks, Internet service providers, and small businesses.  It essentially shut the Internet in the country down with a distributed denial of service.  More information can be found here: https://www.wired.com/2007/08/ff-estonia/.
Shamoon - Wikipedia
One of the most destructive attacks was the Shamoon virus, in 2012.  The Shamoon virus was designed to wipe infected systems, overwriting the information with garbage data.  The target of the Shamoon virus was workstations within the Saudi Aramco infrastructure; 30-35,000 of them, and it worked.  In only a few hours, all of these workstations were either partially or completely destroyed.  

Think about that for one minute...30,000 computers, all wiped and their hard drives unusable, destroyed.  All of these computers needed replacement hard drives.  Even at $50 per hard drive, the cost is $1.5 million, PLUS the cost to pay people to reinstall all of the software.  What about the time investment?  This was an extremely expensive attack and you can read more about it here: https://money.cnn.com/2015/08/05/technology/aramco-hack/, and here: https://www.zdnet.com/article/shamoons-data-wiping-malware-believed-to-be-the-work-of-iranian-hackers/.

The Future?

Why am I telling you about the past?  Partially because we can learn from it and defend our networks better in the future.  The other reason is directly related to the situation we are in right now, a COVID-19 world.  In a May 14, 2020 article, Stephen McBride predicted the largest cyberattack in history will occur within the next 6 months.  I won't repeat everything he said, but here is the basic break down.  Organizations have had to adjust their infrastructure to allow their workforce to work from home.  These adjustments were done quickly and maybe not in the most secure manner.  Regardless of the quality of security, the attack surface of many organizations has increased exponentially.  You can Mr. McBrides article here: https://www.forbes.com/sites/stephenmcbride1/2020/05/14/why-the-largest-cyberattack-in-history-will-happen-within-six-months/#5aa7c2be577c

Finally, you need to secure your system to protect yourself.  If you work from home, you need to secure your system to protect your organization as well.  

No comments:

Post a Comment