CYBER ATTACKS

CYBER ATTACKS

Did you know that Cyber attacks for today exceed 1,523,196 and is about half a million less than yesterday's 2,043,871 cyber attacks. If you don't believe me, you can verify it for yourself here. The malware families that account for about 40 percent of all recorded attacks are from the Worm32.Conflicker, the Virus.Win32.Sality, the Cutwail botnet and the Neutrino Exploit kit. These treats have been  religiously turning MS Windows computers into DDoS and spam-spewing botnet drones for at least the  past five years. But now, that Cryptowall ransomware version 4 was released, corporate cyber security companies are on a back foot. This is exactly what is portrayed in the Series Mr. Robot when Evil Corp's entire data centre got hacked and  encrypted with 256-bit AES encryption.

Hacks taking place every the day

The trick to doing this, is to open a backdoor through some unauthorized remote administration software. Once this is done, you essentially own the target computer system. Trojans like Cryptowall, Netbus, Back Orifice and SubSeven have several customizable options to get the job done.

Looking at the daily cyber war far between attacking countries like USA, China,  Portugal,  Germany,  Russia,  Sweden,  United Arab Emirates,  United Kingdom,  Netherlands,  and Turkey, etc, and target countries like USA  India,  Chile, Sweden,  United Kingdom, Taiwan,  Poland,  Brazil,  Norway,  Russia, flinging virus and Trojans at one another is bound to strain relations.

Hackers are attacking targets across all borders

Some of the malware threats are:- 

Worm32 Conflicker
Banker.Win32.Bancos.K
Trojan.Win32.ZeroAccess.A
Worm.Win32.Brontok.B
Trojan.Win32.Virtu.A
Trojan.Win32.Mwzlesson.A
Virus.Win32.Sality.
Operator.Andromeda.gx
Operator.Cryptowall3.bbe
Operator.Trojan.Win32.Grafter.e.a
Trojan.Win32.Smokeloadr.C

FSOCIETY

F-Society, Fsociety, fSociety, fuck society.

Mr. Robot is probably the best series I've seen in 2015. The story line revolves around an anarchic, highly secretive, anti-establishment  hacker group named "fSociety" based in Coney Island New York, intent on recruiting Elliot Alderson (Rami Malek) to help them with their mission to destroy the conglomerate E Corp and in the process cancel world debt . Elliot is  a socially anxious yet morally righteous "white hat" super-hacker,  whose day job with Allsafe Cybersecurity is to protect E Corp's servers against external exploits. Fsociety contact Elliot using a Distributed Denial Of Service (DDoS) attack that takes E Corp offline, but leaving a message in the DAT file on  one of E Corps servers for him. As a result Eliot becomes cautiously affiliated to  "fSociety"  which is led by Mr. Robot (Christian Slater). After disabling the rootkit that was responsible for the DDoS, instead of deleting the file, he changed its root attributes, granting himself sole access.

Elliot, Mr Robot and Darlene after the E corp crash.

Elliot is a social outcast, skitso, a little nutso and very different, continually hallucinating about traumatic incidents that he experienced as a child by his father who was his best and only friend. Living alone and lonely, existing in his own mental space and his own reality, his narcotics-clouded brain, blocked out the fact that the alluring coder Darlene (Carly Chaikin) is actually his sister, even though they interacted to some degree, and that fSociety's imaginary leader "Mr. Robot" was in fact their late father. Elliot also frequents a therapist, Krista Gordon who assists him to deal with his anger, his anxiety and  his introversion but not out of choice. He is a hacker my night and exposes offenders who he feels needs to tow the line. At the end of it all, Elliot's  often unreliable  mind couldn't piece together E Corp's take down nor could he recollect whether or not he orchestrated it.

Elliot Alderson (Rami Malek) in Mr Robot

In their  determination  to bring down the world corporate structure, fSociety members adopts a disguise that looks somewhat like the the Monopoly Man when flighting their video manifestos, making demands that E-corp donate all the ill-gotten gains to charity and give all the clients a reprieve. But when E-Corp doesn't comply with their demand, they encrypt all their data with 256-bit AES encryption ransomware, disabling all banking, credit transfers, credit card purchases etc. In the real world, to decode AES-256 bit encryption would take approximately trenonagintillion  years to exhaust half the combinations of a AES-256 key. Restated, some  ~6.7e40 times longer than the age of the universe which is estimated to be 14 billion years in existence.

Support for fSociety for cancelling the debt of masses

All this has a very current day ring to to it especially as ransomware is used to encrypt business computers globally. Ukranian hackers have been instrumental in extorting money out of American businesses with CryptoWall and CTB Locker for almost three years and there isn't much that the FBI and the CIA can do about it.  Mr Robot series paints a picture of a global corporation that is the villans, and the hacker collectives, each battling with his own mentally and personal socially issues, as the heroes that society roots for.  The underlying message says that all it takes to destroy the financial world is a few crackpot hackers and and internet connection.

However, the series does however gives laymen especially the corporate types a perspective of the data world of cyber spying, viruses, honeypots, spiked emails, trojans, rootkits, ransomware, encryption keys and other computer system vulnerabilities. The TOR network and onion routing protocols are mentioned a few times and in the very first episode it is highlighted that whoever owns the end nodes, owns all the data that traverses it. Meaning if any hacker owns the ISP of the business his targeting then every bit of data that flows through their data pipe belongs to him or her.

Scenes showing hackers destroying their own computer equipment "wipe down mode" is a bit overboard, and microwave oven and incinerator are a bit dramatic since power supplies and computer boxes are incapable of retaining any data. Most experienced hackers cover their tracks very well and leave no evidence behind unless they want to be caught. Except for the hardrives, the computer's BIOS, routers, cellphones and flash memory, the majority of other computer components save no information about use whatsoever. 

A CPU cooking in a microwave

Computer hardrives, hubs/switch, power supplies incinerated

Besides, the Computer Abuse and Fraud Act is notoriously difficult to navigate and just as difficult to prosecute suspects. Considering hackers using  the TOR browser is routed through several connections all over the world and changes their IP number through proxies at least 3 times masking  their true identity online and making their connection appear as if it is coming from another country like Estonia for example. So the "IP address evidence" that is left behind  is not theirs but rather totally anonymous.  In fact the FBI has been paying a university crack team a million dollars to decode the TOR onion protocol yet more than 2 million hacks  are taking place daily globally.

RANSOMWARE

2015 WAS THE YEAR OF RANSOMWARE  

Computers and ICT networks are prone to electronic failure but with the expert help of ICT professionals, network up-time can almost be guaranteed to 99.98 percent. However, for the past decade computer and network redundancy and global replication services, ISP's and corporate networks have been under attack from, Heuristic Computer Viruses, Worms, Malware, Spyware, Trojan/backdoors, Adware,  Rootkits,  Scareware, Keyloggers, and the worst of all Ransomware attacks that appear to be more personal.  Not to mention the physical threats by hackers, making the jobs of network security personal more intense and challenging. Costing companies huge additional and unnecessary expenses globally. 

It is predicted that Ransomware is going to be the greatest emerging security risk in 2016 and the general consensus is that 2015 has been the year of Ransomware. The purpose behind all intrusion software is to disrupt, create chaos, steal data and extort money. The reasons, avarice, sadism, vindictiveness, arrogance, aggression, envy,  anger, bitterness, jealousy, hate, narrow-mindedness and plain unadulterated evil. Can you even imagine a cracker hacking your computer system stealing your personal information as well as take over your computer holding  it ransom until you make their specified payment and endure the uncertainty whether or not thy will release you computer once payment is made. 

Globally security experts are doing the utmost to reverse engineer Ransonware software in an attempt to put a stop to this thievery. 
Surprisingly there are number of them amongst which are TeslaCrypt, Alpha Crypt, CryptoFortress,  Chimera , CryptoWall, Ransomware infection, MBR Ransomware  (MBR stands for Master Boot Record), CryptoLocker and the worst of all CTB Ransomware (CTB atands for Curve-Tor-Bitcoin). Crowti (aka Cryptowall) and Tescrypt (aka Teslacrypt) are two Ransomware families that cyber gangs and e-criminals used  to infect  more than half a million Computers  running Microsoft Operating System and Microsoft Security Software. In fact the majority of Ransomware is targeted at the Microsoft Windows operating system and is sent as spam and e-mail attachments with the following names.

disgruntled.zip
facto.zip
headband.zip
woodworking.zip
firefly.zip

If the attachment, is unpacked, it unloads a .scr file, which if activated will launch a dropper of the Dalexis class.  It will then connects to a series of hard-coded URLs, from which it will download  CTB Locker.  CTB Locker will change  all your file name extensions to .crypt however the various flavours of Ransomware can change it to any of these  file name extensions listed below. (NB! This list is not exhaustive)

*.aaa
*.abc
*.cry
*.cpyt 
*.crypt 
*.crypto
*.darkness
*.ecc
*.enc
*.exx
*.ezz
*.kb15
*.kraken
*.locked
*.nochance
*.obleep
*.vault
*.zzz

One way to combat Ransomware is to keep a snapshots of the files in a secure area of your network that wouldn't be affected by Ransomware if the  machine is infected. Alternatively store an offline backup image of your hard drive so that your data can easily be restore. Refrain from downloading or access e-mail attachments from people you don’t know and never  click on  e-mails links you receive from unknown e-mail addresses. Also make absolutely sure your  anti virus / security solution is up to date and able to detect and block CTB Locker, and change your online security protection level by adjusting your web browser security settings.