Cybersecurity Awesome Mix Vol. II

Not that long ago, Bob Gourley, the publisher ofCTOvision.com, posted onTwitterquite the unusual question:

This was happening right about the time we started thinking of how to do our semi-annual cyber-attack review. Mr. Gourleys tweet got us thinking if cybersecurity had a rhythm, it would have to be one of Hans Zimmers epic soundtracks, right? Sure, but why not take things even further?Hence, theCybersecurity Awesome Mix Vol. IIwas born, a collection of musical masterpieces that may have very well been inspired by the best (or the worst, it depends how you look at it) hacks recorded in the second half of 2016.JULY: Patchwork, the APT outsiderThe term Advanced Persistent Threat or APT was definitely one the most frequently encountered buzz words in the cybersecurity related media coverage this year. Tech journalists especially like to use it to help define an unknown threat that works in new and sophisticated ways. Whereas this is the case most of the time, last July, the press couldnt stop talking aboutPatchwork or the Copy-Paste APT.Having infected over 2,500 organizations in Southeast Asia, there is nothing even remotely complicated about how Patchwork operates. As the name would have it, this threat doesnt use a zero-day event to infiltrate systems, but rather makes use of a known CVE-2014-4114 vulnerability, patched by Windows in 2014. More so, the pieces of code it employs are ALL ready for the taking on public hacking forums. In the words of Radiohead, this malware is a true abnormality among its peers a genuine creep.

AUGUST: Project Sauron at your every stepIf the cyber-attack nominee for July managed to set the bar for hacking ingenuity quite low, as summer approached its end, Kaspersky Labs uncovered the existence ofProject Sauron. Launched by a group called Strider, this genuine APT made the expert community gasp, as it managed to completely bypass cybersecurity radars for a period of no less than 5 years (!).Researchers determined that Project Sauron is designed as a modular cyber-espionage platform, comprising a total of 50 modules programmed to adapt from one target to another. It not only learns from previously discovered advanced cyber-threats, but it also takes cyber-espionage to a new level. If the Strider group were to have a dedicated montage, this song would probably be playing in the background:

SEPTEMBER: Yahoo!, an ode to disappointmentThis Fall, Yahoo! took over the title for the record number of stolen account credentials up for sale on the Dark Web. During what is better known publicly as theyahackingincident, at least 500 million accounts were hacked in the biggest data breach recorded in the history of data breaches. On top of that, according to public records, the breach had actually taken place in 2014.If you thought that was bad, we advise you to keep reading. Just last week, the former most popular internet portal announced that a different attack in 2013 compromised more than1 billion accounts. That being said, our September hit goes out to all those still brave enough to use Yahoo! services, although the web giant just keeps on letting them down.

OCTOBER: IoT and the zombie infestationAs theInternational Month of Cybersecurityunfolded, hackers took it as their cue to display a show of force, unleashing a massive DDoS attack against the DynDNS service provider. On October 21st, almost the entire North American coast was unable to reach websites such as Twitter, Airbnb, GitHub, Paypal, Reddit, eBay and Spotify.This digital K.O. was carried out with the help of the sameMirai malwarethat targeted blogger Brian Krebs earlier the same month. The novelty during both DDoS attacks is that they no longer rely solely on botnets built on zombie-like computers, but tap into the potential of IoT botnets, using an impressive number of devices connected to the Internet from webcams, routers, baby monitors and so on.

NOVEMBER: Windows, the scorned and vulnerableThis certainly wasnt a good month for Microsoft, whoseWindows vulnerabilitieskeep surfacing like earthworms after rain. In November, experts from Googles Threat Analysis Group warned Microsoft that a local privilege escalation vulnerability had been found in the Windows kernel and publicly disclosed its existence before a patch could be released.This obviously resulted in a tensioned dialogue between the two parties and a heated debate on whether or not flaws should be systematically communicated.In the words of Axl Rose, nothing lasts forever, not even the November rain. The Windows security bulletin was released one week after, resulting in a belated kind of happy ending, but a happy ending nonetheless.

DECEMBER: Ransomware lets you come as you areOn Thanksgiving, the San Francisco Municipal Transportation Agency (SFMTA) went through a hacking nightmare at the hands of theMamba ransomware. Although it spreads pretty much the same way as a Trojan horse, the latter doesnt exactly behave like is not a average ransomware. The malware that picked a quarrel with the SFMTA profits aims to encrypt all disk sector levels, including the Master File Table, the OS, the applications, the shared files, as well as the users personal data.During the cyber-attack, 25% of the SFMTA computers were compromised causing a breakdown of its ticketing service. Quite the early Christmas gift to all travelers that were able to travel for free for an entire weekend.

As it turns out, 2016 had its fair share of memorable cyber-incidents, from thecybersecurity winterthat decided to hit in the first half of the year to the wondrous events described in the present article. And if weve learned anything from the countless attacks that unfolded, its that hackers are a relentless breed. Were also fairly certain theyre big fans of Blondie:

But before ending our wrap-up, wed like to add just one more thing: why not try a different approach in 2017? Instead of focusing just on getting the best defenses in place, why not assume that your system has already been breached and find the right tools capable of analyzing hidden traces? Treat all cybersecurity matters as if the bad guys already managed to get into the system and perhaps we can prevent history from repeating itself.Need some motivation? Heres a track that goes with that as well:

Link:https://www.reveelium.com/en/cybersecurity-awesome-mix-vol-ii/