Let us visit the hacks that changed the view of cyber security.
1) Locky the worst ransomware ever
Loss: Wipe the hard drive or pay ransom
Infected entity: End user who opens mail from unknown sources
Locky is the ransomware that is installed on victim’s computer once the user opens and runs the macro from the Word document. It renames the file and adds a .locky extension at the end. It sets the wallpaper which displays an image with a message warning that if the user wants to get the decryption key, then he should pay an amount from 0.5 to 1 BTC .
There are few removal tools mentioned on the site https://www.symantec.com/security_response/writeup.jsp?docid=2016-021706-1402-99&tabid=3
Never open mail from unknown sources, never execute/open an untrusted or unknown file on the system.
The next attack incident has a lesson for big giant enterprises which will help them how to handle a panic situation.
2) The great SONY hack
Financial loss: $171 million
Infected entity: SONY and its 77million users
On June 2011 Sony PlayStation was compromised, and attacker stole the database of users with their full name, credit card details, etc. Then the company tried to modify the network to get themselves out of the attack, but it failed. Ultimately, the only option left was a public disclosure of the attack. After the public disclosure, users tried to file a lawsuit against SONY for not maintaining data security appropriately.
Never panic under attack, public disclosure should be done immediately.
The next widespread malware attack warns the user to be alert and attentive when visiting websites, opening emails, executing unknown files, etc.
3) ILOVEYOU worm
Attacker: Reonel Ramones and Onel de Guzman
Financial loss: $8 billion and $15 billion to remove
Infected entity: Millions of Windows personal computers
ILOVEYOU has earned the title of the most virulent virus. In this infection, an attacker sends a vbs file as an attachment with the title ILOVEYOU also known as “love letter.” Once the victim opens the file, it makes a copy of itself with a random file type. It also propagates itself by sending a similar mail to all the people present in Windows Address Book of the victim. Almost 10% of the entire internet system got affected due to this worm.
Do not open attachments from unknown sources.
A great lesson for people who snap nudes, keep simple passwords, or trust cloud storage is ahead.
4) iCloud hacking
Financial loss: This time it was more of a kind of reputation loss for celebrities and Apple.
Infected entity: iCloud services
An attacker with the handle Tristan copied the top 100 celebrities nudes and videos from Apple’s iCloud service. Celebrities such as Jennifer Lawrence, Mary Elizabeth, etc. had nude photos posted on a forum called 4chan. The attacker claimed to have more explicit nudes of celebrities in exchange for some bitcoins.
This is not over yet; the attacker released some more nudes of celebrities such as Emma Watson and Amanda Seyfried on Reddit and 4chan. The attacker claims to have released just the tip of the iceberg, and many more such installments are to come online soon.
Apple rejected the claim of getting hacked.
Never share your password with anyone, never use a simple password. Never record nudes because hackers had some nudes which were deleted from phone memory.
Now you will be reading about the largest DDOS attack with the help of botnets.
5) Largest DDOS attack with Mirai
Attacker: Anonymous group Mirai Malware
Financial loss: Many websites were not accessible.
Infected entity: OVH hosting provider (France), 152,000 IOT devices (Botnets), DYN
OVH was reported to have the largest DDOS attack with the highest spike of 799Gbps. The DDOS was powered by a number of IOT devices such as camera, Smart TV, and other smart devices which were infected by Mirai malware. On 21st October 2016, a large part of the internet websites and services were not available to a large number of users in Europe and North America. This time Mirai was launched at DYN that is responsible for resolving domains and Ip address over the internet.
A VAC capable of withstanding DDoS attacks with peaks up to 5 Tbps without slowing down the network by OVH. DYN has implemented other protection mechanism.
Change default credentials, make sure you are secure and compliant before going online. Are you prepared for DDOS?
Being good or being bad is not important, it is important to be secure doing good or bad.
Ethical Hacking Training – Resources (InfoSec)
6) NSA Equation group tools leak
Attacker: The Shadow brokers
Financial loss: NA
Infected entity: Initially NSA, but actually lots of enterprises as the NSA used these tools to compromise their network. One million Windows systems were found to be affected.
NSA Equation group had a zero-day exploit for networking devices such as CISCO, Fortinet, Juniper, Netscreen which was released by The Shadow Brokers in 2016 can be seen on https://www.exploit-db.com/author/?a=8712. The also had exploits for Windows XP, Windows Server 2003, Windows 7 and 8, Windows 2012 and others which were released in 2017 can be seen on https://github.com/misterch0c/shadowbroker. The DoublePulsar backdoor was used by NSA to gain access to important servers and monitor the activity, by exploiting EternalBlue exploit, both of which is publically available for script kiddies. Snowden says that the event would be Russian’s responsibility https://twitter.com/snowden/status/765515087062982656?lang=en
The respective vendors patched all of the zero-day vulnerabilities used by NSA for exploitation. As exploits are available, vulnerable products can still be exploited.
Patch system frequently, always have a check for the backdoor, isolate sensitive data.
The ultimate hack that has occurred in history with perfect precision which also includes millions of dollars. Read ahead.
7) Swift bank hack Bangladesh
Attacker: Lazarus group
Financial loss: $951 million
Infected entity: Banks
Description: SWIFT helps in messaging the system to have currency transfer between global banks, it does not involve direct money transfer, but it addressed payment settlement between financial institutions. SWIFT is used by lots of financial institutions and banks. Unauthorized access and weak security control enabled the attacker’s malware to send malicious fraud messages to the system which stated that, an America bank need to settle money from Bank of Bangladesh to an account in The Philippines. The malware also hampered the response so that it is difficult to detect. Technical analysis is done by BEA system.
SWIFT has released the patch and will inspect banks for their compliance.
Always be compliant to the standards. Authorization checks are very critical.