A collection of musical masterpieces that may have very well been inspired by the best (or the worst, it depends how you look at it) hacks recorded in the second half of 2016.
1. Cybersecurity Awesome Mix Vol. II
Not that long ago, Bob Gourley, the publisher of CTOvision.com, posted on Twitter quite the unusual question:
This was happening right about the time we started thinking of how to do our semi-annual cyber-attack review.
Mr. Gourley’s tweet got us thinking – if cybersecurity had a rhythm, it would have to be one of Hans Zimmer’s
epic soundtracks, right? Sure, but why not take things even further?
Hence, the Cybersecurity Awesome Mix Vol. II was born, a collection of musical masterpieces that may have very
well been inspired by the best (or the worst, it depends how you look at it) hacks recorded in the second half
of 2016.
JULY: Patchwork, the APT outsider
The term ‘Advanced Persistent Threat’ or ‘APT’ was definitely one the most frequently encountered buzz words
in the cybersecurity related media coverage this year. Tech journalists especially like to use it to help define an
unknown threat that works in new and sophisticated ways. Whereas this is the case most of the time, last July,
the press couldn’t stop talking about Patchwork – or the ‘Copy-Paste APT’.
Having infected over 2,500 organizations in Southeast Asia, there is nothing even remotely complicated about
how Patchwork operates. As the name would have it, this threat doesn’t use a zero-day event to infiltrate
systems, but rather makes use of a known CVE-2014-4114 vulnerability, patched by Windows in 2014. More so,
the pieces of code it employs are ALL ready for the taking on public hacking forums. In the words of Radiohead,
this malware is a true abnormality among its peers – a genuine ‘creep’.
2. AUGUST: Project Sauron at your every step
If the cyber-attack nominee for July managed to set the bar for hacking ingenuity quite low, as summer
approached its end, Kaspersky Labs uncovered the existence of Project Sauron. Launched by a group called
Strider, this genuine APT made the expert community gasp, as it managed to completely bypass cybersecurity
radars for a period of no less than 5 years (!).
Researchers determined that Project Sauron is designed as a modular cyber-espionage platform, comprising a
total of 50 modules programmed to adapt from one target to another. It not only learns from previously
discovered advanced cyber-threats, but it also takes cyber-espionage to a new level. If the Strider group were
to have a dedicated montage, this song would probably be playing in the background:
SEPTEMBER: Yahoo!, an ode to disappointment
This Fall, Yahoo! took over the title for the record number of stolen account credentials up for sale on the Dark
Web. During what is better known publicly as the ‘yahacking’ incident, at least 500 million accounts were hacked
in the biggest data breach recorded… in the history of data breaches. On top of that, according to public records,
the breach had actually taken place in 2014.
If you thought that was bad, we advise you to keep reading. Just last week, the former most popular internet
portal announced that a different attack in 2013 compromised more than 1 billion accounts. That being said,
our September hit goes out to all those still brave enough to use Yahoo! services, although the web giant just
keeps on letting them down.
3. OCTOBER: IoT and the zombie infestation
As the International Month of Cybersecurity unfolded, hackers took it as their cue to display a show of force,
unleashing a massive DDoS attack against the DynDNS service provider. On October 21st, almost the entire North
American coast was unable to reach websites such as Twitter, Airbnb, GitHub, Paypal, Reddit, eBay and Spotify.
This digital K.O. was carried out with the help of the same Mirai malware that targeted blogger Brian Krebs
earlier the same month. The novelty during both DDoS attacks is that they no longer rely solely on botnets built
on zombie-like computers, but tap into the potential of IoT botnets, using an impressive number of devices
connected to the Internet – from webcams, routers, baby monitors and so on.
NOVEMBER: Windows, the scorned and vulnerable
This certainly wasn’t a good month for Microsoft, whose Windows vulnerabilities keep surfacing like earthworms
after rain. In November, experts from Google’s Threat Analysis Group warned Microsoft that a local privilege
escalation vulnerability had been found in the Windows kernel and publicly disclosed its existence before a
patch could be released.
This obviously resulted in a tensioned dialogue between the two parties and a heated debate on whether or
not flaws should be systematically communicated. In the words of Axl Rose, ‘nothing lasts forever’, not even the
November rain. The Windows security bulletin was released one week after, resulting in a belated kind of happy
ending, but a happy ending nonetheless.
4. DECEMBER: Ransomware lets you come as you are
On Thanksgiving, the San Francisco Municipal Transportation Agency (SFMTA) went through a hacking nightmare
at the hands of the Mamba ransomware. Although it spreads pretty much the same way as a Trojan horse, the
latter doesn’t exactly behave like is not a average ransomware. The malware that picked a quarrel with the
SFMTA profits aims to encrypt all disk sector levels, including the Master File Table, the OS, the applications, the
shared files, as well as the user’s personal data.
During the cyber-attack, 25% of the SFMTA computers were compromised causing a breakdown of its ticketing
service. Quite the early Christmas gift to all travelers that were able to travel for free for an entire weekend.
As it turns out, 2016 had its fair share of memorable cyber-incidents, from the cybersecurity winter that decided
to hit in the first half of the year to the wondrous events described in the present article. And if we’ve learned
anything from the countless attacks that unfolded, it’s that hackers are a relentless breed. We’re also fairly certain
they’re big fans of Blondie:
5. But before ending our wrap-up, we’d like to add just one more thing: why not try a different approach in 2017?
Instead of focusing just on getting the best defenses in place, why not assume that your system has already
been breached and find the right tools capable of analyzing hidden traces? Treat all cybersecurity matters as if
the ‘bad guys’ already managed to get into the system and perhaps we can prevent history from repeating itself.
Need some motivation? Here’s a track that goes with that as well:
Link:
https://www.reveelium.com/en/cybersecurity-awesome-mix-vol-ii/