Let us visit the hacks that changed the view of cyber security.

1) Locky the worst ransomware ever

Attacker: Unknown

Loss: Wipe the hard drive or pay ransom

Infected entity: End user who opens mail from unknown sources

Year: 2014-2016

Description:

Locky is the ransomware that is installed on victim’s computer once the user opens and runs the macro from the Word document. It renames the file and adds a .locky extension at the end. It sets the wallpaper which displays an image with a message warning that if the user wants to get the decryption key, then he should pay an amount from 0.5 to 1 BTC .

Solution:

There are few removal tools mentioned on the site https://www.symantec.com/security_response/writeup.jsp?docid=2016-021706-1402-99&tabid=3

Lesson learned:

Never open mail from unknown sources, never execute/open an untrusted or unknown file on the system.

References:

https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/

https://www.symantec.com/connect/blogs/locky-ransomware-aggressive-hunt-victims

The next attack incident has a lesson for big giant enterprises which will help them how to handle a panic situation.

2) The great SONY hack

Attacker: Anonymous

Financial loss: $171 million

Infected entity: SONY and its 77million users

Year: 2011

Description:

On June 2011 Sony PlayStation was compromised, and attacker stole the database of users with their full name, credit card details, etc. Then the company tried to modify the network to get themselves out of the attack, but it failed. Ultimately, the only option left was a public disclosure of the attack. After the public disclosure, users tried to file a lawsuit against SONY for not maintaining data security appropriately.

Lesson learned:

Never panic under attack, public disclosure should be done immediately.

References:

https://www.theatlantic.com/technology/archive/2011/06/44-days-cost-sony-171-million/351363/

https://hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html

The next widespread malware attack warns the user to be alert and attentive when visiting websites, opening emails, executing unknown files, etc.

3) ILOVEYOU worm

Attacker: Reonel Ramones and Onel de Guzman

Financial loss: $8 billion and $15 billion to remove

Infected entity: Millions of Windows personal computers

Year: 2000-2002

Description:

ILOVEYOU has earned the title of the most virulent virus. In this infection, an attacker sends a vbs file as an attachment with the title ILOVEYOU also known as “love letter.” Once the victim opens the file, it makes a copy of itself with a random file type. It also propagates itself by sending a similar mail to all the people present in Windows Address Book of the victim. Almost 10% of the entire internet system got affected due to this worm.

Lesson learned:

Do not open attachments from unknown sources.

References:

https://en.wikipedia.org/wiki/ILOVEYOU

http://searchsecurity.techtarget.com/definition/ILOVEYOU-virus

A great lesson for people who snap nudes, keep simple passwords, or trust cloud storage is ahead.

4) iCloud hacking

Attacker: Tristan

Financial loss: This time it was more of a kind of reputation loss for celebrities and Apple.

Infected entity: iCloud services

Year: 2014-2016

Description:

An attacker with the handle Tristan copied the top 100 celebrities nudes and videos from Apple’s iCloud service. Celebrities such as Jennifer Lawrence, Mary Elizabeth, etc. had nude photos posted on a forum called 4chan. The attacker claimed to have more explicit nudes of celebrities in exchange for some bitcoins.

This is not over yet; the attacker released some more nudes of celebrities such as Emma Watson and Amanda Seyfried on Reddit and 4chan. The attacker claims to have released just the tip of the iceberg, and many more such installments are to come online soon.

Solution:

Apple rejected the claim of getting hacked.

Lesson learned:

Never share your password with anyone, never use a simple password. Never record nudes because hackers had some nudes which were deleted from phone memory.

References:

http://thehackernews.com/2017/03/fappening-emma-watson.html

http://thehackernews.com/2014/09/reported-apple-icloud-hack-leaked_1.html#search

Now you will be reading about the largest DDOS attack with the help of botnets.

5) Largest DDOS attack with Mirai

Attacker: Anonymous group Mirai Malware

Financial loss: Many websites were not accessible.

Infected entity: OVH hosting provider (France), 152,000 IOT devices (Botnets), DYN

Year: 2016

Description:

OVH was reported to have the largest DDOS attack with the highest spike of 799Gbps. The DDOS was powered by a number of IOT devices such as camera, Smart TV, and other smart devices which were infected by Mirai malware. On 21st October 2016, a large part of the internet websites and services were not available to a large number of users in Europe and North America. This time Mirai was launched at DYN that is responsible for resolving domains and Ip address over the internet.

Solution:

A VAC capable of withstanding DDoS attacks with peaks up to 5 Tbps without slowing down the network by OVH. DYN has implemented other protection mechanism.

Lesson learned:

Change default credentials, make sure you are secure and compliant before going online. Are you prepared for DDOS?

References:

OVH official statement https://www.ovh.com/us/news/articles/a2367.the-ddos-that-didnt-break-the-camels-vac

http://securityaffairs.co/wordpress/51726/cyber-crime/ovh-hit-botnet-iot.html

Being good or being bad is not important, it is important to be secure doing good or bad.

Ethical Hacking Training – Resources (InfoSec)

6) NSA Equation group tools leak

Attacker: The Shadow brokers

Financial loss: NA

Infected entity: Initially NSA, but actually lots of enterprises as the NSA used these tools to compromise their network. One million Windows systems were found to be affected.

Year: 2016-2017

Description:

NSA Equation group had a zero-day exploit for networking devices such as CISCO, Fortinet, Juniper, Netscreen which was released by The Shadow Brokers in 2016 can be seen on https://www.exploit-db.com/author/?a=8712. The also had exploits for Windows XP, Windows Server 2003, Windows 7 and 8, Windows 2012 and others which were released in 2017 can be seen on https://github.com/misterch0c/shadowbroker. The DoublePulsar backdoor was used by NSA to gain access to important servers and monitor the activity, by exploiting EternalBlue exploit, both of which is publically available for script kiddies. Snowden says that the event would be Russian’s responsibility https://twitter.com/snowden/status/765515087062982656?lang=en

Solution:

The respective vendors patched all of the zero-day vulnerabilities used by NSA for exploitation. As exploits are available, vulnerable products can still be exploited.

Lesson learned:

Patch system frequently, always have a check for the backdoor, isolate sensitive data.

References:

https://en.wikipedia.org/wiki/Equation_Group

https://www.theguardian.com/technology/2016/aug/16/shadow-brokers-hack-auction-nsa-malware-equation-group

The ultimate hack that has occurred in history with perfect precision which also includes millions of dollars. Read ahead.

7) Swift bank hack Bangladesh

Attacker: Lazarus group

Financial loss: $951 million

Infected entity: Banks

Year: 2015-2016

Description: SWIFT helps in messaging the system to have currency transfer between global banks, it does not involve direct money transfer, but it addressed payment settlement between financial institutions. SWIFT is used by lots of financial institutions and banks. Unauthorized access and weak security control enabled the attacker’s malware to send malicious fraud messages to the system which stated that, an America bank need to settle money from Bank of Bangladesh to an account in The Philippines. The malware also hampered the response so that it is difficult to detect. Technical analysis is done by BEA system.

Solution:

SWIFT has released the patch and will inspect banks for their compliance.

Lesson learned:

Always be compliant to the standards. Authorization checks are very critical.

References:

https://en.wikipedia.org/wiki/2015%E2%80%932016_SWIFT_banking_hack

http://baesystemsai.blogspot.in/2016/04/two-bytes-to-951m.html