Tag: cybersecurity

How much damage can one hacker cause to a team of cyber security specialists?

June 17, 2021 /

Cybersecurity has an asymmetric nature. Usually, hacking groups do not have the resources of their targets, or the targets do not have the proper qualification to defend themselves. Now, let’s discuss the one compelling case of a hacker who managed to DDoS companies such as Microsoft and Sony.

He started hacking at the age of sixteen when he developed a Titanium Stresser program that was enough to carry out around 1.7 million attacks. With this program, he got the websites of Microsoft, Minecraft, TeamSpeak, and Xbox Live and earned £386,000 in US dollars. Along with that, he made some bitcoins by selling hacked programs on the Dark web.

The hacker turned 20 until the proceedings of the court continued. He received an accusation of causing losses to schools and colleges by hijacking their local networks. The initial investigation showed that he was also responsible for personally attacking 594 IP addresses through Distributed Denial of Service (DDOS) between 2013 and 2015.

On the diagram, you can see a standard DDoS attack system architecture. The hacker usually has a control server for orchestrating the whole botnet attack.

Later on, the court revealed that the hacker was not alone in his hacking. His program had around 112,000 registered users in a kind of vDoS service, and they collectively hacked over 660,000 IP addresses. He put some clever schemes for gaining users fast, like inviting a friend. Many of these attacks were based in the United Kingdom. One notorious attack was on Runescape. The owner of the company had to protect the website by spending around six million euros.

During the hearing, the hacker’s lawyer tried to justify his stance by saying that his medical condition (a form of autism) was not mild enough to understand between wrong and right. Additionally, the lawyer pled that the hacker was in the gaming community but was not good enough and wanted to make him higher.

Now, I see it quite interesting how a 16 years old kid managed to invent a vDoS service and make over 112,000 people register to this service to attack different services across the World. It is a beautiful case of how asymmetric is the nature of hacking. Despite his lack of resources, he managed to build a botnet network of over 112 000 machines. And all of this without any hacking activity towards the registered users. Let’s take that the average Internet speed is around 50 megabits. The total capacity of the botnet is about 600 gigabits of bandwidth. And all of this done by one single guy.

In conclusion, we have to be happy there are no more hackers such as this one. Most of the hackers are for the money. However, this boy managed to DDoS companies with millions of dollars for a cybersecurity budget. And all of this just for fun. Imagine what could happen in case most of the criminals have similar to his mind.

Cyber war for Natural Resources

June 10, 2021 /

Cyberwarfare is our new reality. There are many examples where state and non-state actors were involved in hacking government-based organizations. Reasons for these attacks are different, but essentially financial gains and personal vendetta are the two most common. However, we could add one more reason for a cyber attack – an attempt to take leverage. Sometimes these cyber-attacks can sabotage even natural resources. Let us see if we could find any example for it or not.

The GERD case:

One example of cyber warfare for natural resources is the one related to the Grand Ethiopian Renaissance Dam. The dam is a reason for a dispute for a long time. However, at the end of June, a hacker group executed many attacks on the Ethiopian government’s websites. The attacks targeted information technology infrastructure, communications, and websites of public service agencies, security organizations, and other public and private institutions. On June 18, the hacker group announced that they would strike six other websites in response to the Ethiopian government intransigence on the GERD issue. As with every cyberattack origin of the attack is unknown.

On the diagram, you can see a sample diagram of how a squad of cyber soldiers can execute their attack. Now think about what will happen with large-scale operations between different nations.

The Colonial Pipeline case:

Another exciting and relatively soon case is the one with the Colonial pipeline. Ransomware managed to block the entire infrastructure of the company. In response, Colonial Pipeline Company halted all of the pipeline’s operations to contain the attack. Colonial Pipeline paid the requested ransom (75 bitcoins or $4.4 million) within several hours after the attack. The hackers then sent Colonial Pipeline a software application to restore their network, but it operated very slowly. How the attackers reacted is a little bit suspicious because usually, attackers want you to receive your data immediately after you pay. In another case, no one will ever pay them again. And most of the cybercriminals are after the money. The origin of this attack is unknown. 

Florida water systems hack:

A plant operator for the city of about 15,000 on Florida’s west coast saw his cursor being moved around on his computer screen, opening various software functions that control the water being treated. The intruder boosted the level of sodium hydroxide—or lye—in the water supply to 100 times higher than normal.

Sodium hydroxide, the main ingredient in liquid drain cleaners, controls water acidity and removes metals from drinking water in treatment plants. Lye poisoning can cause burns, vomiting, severe pain, and bleeding. After the hacker exited the computer, the operator immediately reduced the sodium hydroxide back to its normal level and then notified his supervisor,

In conclusion, governments must treat their systems similar to what big corporates and organizations do. Critical infrastructure needs proper defenses, and a good security level is not achievable without appropriate resources and budget. With the coming of the Internet, the World is no longer a disconnected place with multiple local communities. Now we live in an era where everyone connects to everyone else up to a couple of milliseconds. And as we can see the cyberspace more and more can affect our real lives.

Are hackers used in guerilla warfare?

June 3, 2021 /

Once the top interest of the state was its national integrity and the protection of its borders, that no more seem like the top priority with the rise of globalization. The world has now turned into a global village, and everyone is interconnected. We no longer base the international policy on the principle of expansionism but more on soft and indirect interventions. Cyber-attacks have become very common these days to steal sensitive data or block a critical infrastructure of any country by targeting its vital computer systems. State governments sponsor part of these cyber-attacks to penetrate rival states. Criminals execute another piece for the sake of financial gains.

State-Sponsored Cyber Soldiers:

Despite having conventional solid militaries, many countries are putting efforts into arranging training programs for cyber soldiers who are getting themselves ready for cyber warfare. They are picking up the best people from network exploitation, malware, or firmware reverse engineering. It is essential to understand that cyber warfare usually has asymmetric nature. A small unit attacks a relatively bigger target in terms of resources. That’s the reason these people receive additional training in guerilla warfare by top military specialists.

On the diagram, you can see how different hacker cells secure themselves during different types of communication. Security during operations and internal group communications is with the highest guarantee.

Everyone is welcome to the party:

Almost every country now has a position regarding cybersecurity. And every country confirms that it has or wants to have highly developed cyber warfare systems. Although most countries are strictly against the use of military cyber systems to access the sensitive data of any other country, they keep on developing their cybersecurity platforms. An analysis of cyber capabilities of one relatively big country from 2009 to 2015 showed seven major cyberattacks origin from it. The hacker group tried to hack everything, starting from simple data theft from technological companies to hacking a Personnel Management office of a government agency.

Unofficial cyber attacks:

Not all cyber attacks are for getting to know the secrets of other nations. Sometimes cyber attacks are used to gain access to critical infrastructure and gain leverage during war actions. Cybersecurity is vital during these wartime operations, keeping in mind that now almost everything is digital and modern armies use more and more information systems to increase their efficiency on the battlefield. 

There are several other examples where unaffiliated groups were involved in violating cyberspace. Most cases even show that the state government is well aware of these groups but does not act against them. These attacks bring betterment for the state, so as long as they benefit the government, it does not interfere in their matters but even shields the hacker groups. If they use their skills to steal money, the money comes to the home state, which is beneficial for state economics. That is why governments often allow such hackings in their territory. 

Many unofficial and unethical cybercriminals are the silent pupils of state-sponsored cyber actors. They learn the tricks from the big boys but use them for other malicious reasons and financial gains. It is essential to understand that these days everyone is a target. Especially having in mind that many states manufacture and use military-grade malware. Later this malware can be recycled by criminals and used versus non-state level organizations or even small and medium businesses. 

Security dangers of DNA based storages

May 27, 2021 /

Data storage was never such a big issue in the past. However, nowadays, every day, we produce a massive amount of data. The newest form of storing data is DNA sequencing. The current leader in long-term storage is magnetic tape. Unfortunately, magnetic tapes can store data only for thirty years. One device has the capacity of only a terabyte of data. In comparison, DNA Fountain-based storage could store data at a density of 215 petabytes per gram of DNA.

But to store a massive amount of data in such a tiny medium has its unique list of dangers. Let us look at those potential risks one by one.

  • Risk for Computers: At the moment, there is no threat to your computer by storing data into a DNA sequence. However, similar to every data medium, hackers can use DNA storage to keep and spread malware.
  • Intentional insertion of malware:  Unfortunately, one of the main disadvantages of using DNA-based storage is that the physical world can modify your DNA. A skillful attacker can create an entirely different set of threats such as biological viruses or bacterias, transmitting and injecting malware programs into your DNA storage.
  • No way to erase the storage: Once written, DNA is usually quite tricky to modify. We should treat the DNA-based storages such as highly capable compact discs with slow rewriting capabilities. The most trustful way to erase such storage is to eradicate it.
  • Easier to physically steal: How do you assure the physical security of under one gram of data? Do we store it in a safe? Sure, but hackers can make a hole in your safe and steal your data. The size of DNA-based storage devices introduces an entirely different set of challenges for your physical security.
A sample diagram of how DNA-based storage works. To record your data into DNA, you can create an entirely new footprint with your data encoded as Nucleo code. After that, you have to synthesis it into a DNA sequence.

Benefits of using DNA based storages:

Despite the threats, we could still prefer DNA-based storage in the future because it can store data for thousands of years, unlike hard drives. The information stored in DNA will not go extinct until human beings exist. These characteristics make DNA-based storage a perfect replacement for the currently used cold backup systems such as magnetic tapes.

How to control the security threats associated with DNA-based storages?

Fortunately, at this current moment, there is no significant adoption of DNA-based storage devices. The current leader is magnetic tape and will stay the same for foresee future. At the same time, the ordinary person does no use magnetic tape to store data. Usually, we use a collection of hard drives with multiple copies of our data. With this in mind, we can deduce that DNA-based storage will find its use mainly in data centers and big corporations’ data storage departments. Still, it is essential to understand that we must implement an entirely different set of techniques when we speak about DNA. With our current speed of technological development, it is quite possible to have DNA-based storage in our homes or bodies in the next decade or two.

Way Out of these Threats:

In conclusion, DNA-based storage is just another data medium. To secure the data stored there, we can use the same set of principles for storing data in hard drives. We could use strong encryption, excellent authentication, and a sound policy to store your data on a digital device or in paper documents.

Cybersecurity tactics for small teams – Physical Security – part 1

May 1, 2021 /

In the next couple of months, I shall write series of articles covering the topic of cybersecurity on a limited budget. The idea is to show you different methodologies for how to keep you safe without spending too much. The articles will cover various topics such as physical, computer, and mobile security. Additionally, as part of this series, I shall publish two articles covering business security and public image preservation. A final overview article will summarize all written and consist of a sample budget to cover your cybersecurity needs. It will be a good reference for startup and SME organizations. They can use it to establish or upgrade their cybersecurity defenses.

Different authors wrote many books and articles on keeping your computer and mobile phone safe for the past couple of years. Unfortunately, most of these writings ignored one fundament of cybersecurity. Without properly secured hardware devices, all of your defenses are meaningless. Of course, other authors wrote whole books on physical security, but no one covered it from a cybersecurity perspective. This article aims to cover this perspective and give an exemplary workflow of achieving adequate protection on a tight budget.

You can see a sample dependency graph of how an organization must structure its cybersecurity defenses on the diagram. As you can see, everything starts with physical security, and after that, you build more pieces on this fundament.

So let’s start it. 

There are multiple online threats to your security, and let’s start with them. During my time working in different companies, I saw many people neglecting these threats. Fortunately, these mistakes did not lead to escalation. But let me list them and give a short explanation of how they can affect you.

  • Social Platforms: Sharing your life is an excellent way to keep in touch with your friends and relatives. At the same time, it opens possibilities for hackers to monitor you. Monitoring is essential for other types of attacks. Usually, hackers execute these attacks in the following phases.
  • Shared Travel: Shared travel is a new way of traveling around. It increases comfort and lowers down the price of travel. At the same time, travelers organize the travel in public social media groups. Everyone can join this group and monitor when you travel. Such information is valuable, mainly if attackers target your home or office space.
  • Cyberstalking: Your online persona can trigger destructive emotions, and usually, this evolves into cyberstalking. It is essential to limit down exposure to such threats because they can end up into physical ones.
  • Navigation Devices: Using online navigation is lovely in terms of comfort, but most navigation software collects a considerable amount of data. Hackers can correlate this data to your real persona and monitor your life and travel plans.

As you can see from the list, different parties can monitor a good number of your online activities. With enough time and resources, these parties can execute future attacks on you. For real estates, we can create a similar list:

  • Social platforms: The situation is the same as in the previous paragraph. Attackers can execute multiple attacks using the information gathered by your social media accounts.
  • Smart Home Assistants: Smart assistants are hardware devices placed in your home. Usually, they have always turned on microphones to catch your commands and execute different orders regarding your house. At the same time, they can be hacked and used to monitor your activities.
  • Camera arrays and sensors: These days, many people install cameras and sensors attached to the Internet. Without proper cybersecurity protection, attackers can use these hardware devices to monitor your activities.
  • Laptop and smartphones: Same is true for laptops and smartphones without a proper security defense. Hackers can use them for monitoring your activities.

Intruders can use all of the upper threats to execute next-stage attacks on your real estate. Another aspect of your physical security is the security of your vehicle (car, truck, and other vehicles). As vehicles become more and more intelligent and automated, their vulnerability to hacks increases. Next are the common threats you can face with intelligent vehicles:

  • WiFi Access Points: Modern cars have WiFi access points in them. Or in simple words, this is a network router, which is part of your car’s computer. This router can be hacked and used for malicious activities.
  • Smart Locks: The current trend in the automotive industry is making cars more and more intelligent, including their locks. Of course, this is a wrong decision in cybersecurity because the makers increase the penetration surface with new functions and capabilities. Some of these locks use older encryption protocols, not updated with years.
  • Autopilot: Most modern e-cars support autopilot as a feature. Autopilot is a fancy name for a sophisticated computer program, which drives the car for you. And being a program, autopilot runs on a computer, and this computer can be hacked and used for malicious activities.
  • Real-time Updates: Newer car models receive constant updates on the fly. They follow the process your operating system uses to update itself. How secure this process is rarely publicly disclosed.

Next part is – here.

Simple Ways to Ensure Your Children’s Safety Online

April 29, 2021 /

Today, cybercrime is rampant. That presents a unique problem to parents in deciding how to approach ‘online safety’ with their children.

In the World, about 4000 cybercrime attacks occur each day, and, in fact, every 32 seconds, a hacker attacks someone online. To use the Internet safely and securely, you must know what to do and not do and distinguish between safe and unsafe.

Awareness and personal responsibility are vital components in surfing the web safely. Children should become aware of that as soon as possible.

Child-proofing the Internet is not as viable an option as some parents may hope it is. Yes, there are ways to block websites, keeping your children off of them. But it’s still preferable to educate them on the dangers the web presents.

Teach them how to keep themselves safe online. That includes what sites to avoid, links not to click, files not to download, emails to ignore, and so on. Education on the topic of cybercrime is a must.

Above all, children must learn against sharing personal information of any kind. Teach them young that giving out your full name, phone number, home address through any medium (email, Facebook, gaming platforms) is wrong.

Teach them to be cautious. Sometimes a string of innocent-seeming questions may pose a grave danger. It can start with your name, where you go to school, your postcode, and the child might not realize the escalation. Ensure it can recognize it.

As a parent, you must always keep your devices up to date with security installed on them – antivirus programs, anti-malware software, and other security software. Create unique passwords for your different accounts, and teach your children to do the same. Or use passwordless based authentication.

There are varying parenting styles. Some deem the act of monitoring their child’s online activity as an intrusion of privacy. Others perceive it as a given. Regardless of your parental views, it’s good to keep aware of what your child does on the Internet and encourage appropriate behaviors while discouraging inappropriate ones.

On the diagram, you can see a standard hacking workflow. Usually, hackers use this workflow to execute attacks. You can see that the first stage of attacks usually involves message-based fraud or social engineering.

‘Stranger danger’ has evolved beyond an in-person possibility of peril. It now lurks online, as well. Teach your children that not all online strangers are friendships waiting to happen – some are dangerous and look to cause mayhem and harm, i.e., hackers.

Make sure children realize that what goes on on the Internet stays on the Internet. If they upload a picture, it will forever be there. If they share their private details, they cannot merely ‘take them back.’

There are consequences to interacting with the web, and it’s your responsibility as a parent to teach them that valuable lesson.

In summary:

  • Stay updated: Always install updates when needed, and ensure your devices are protected.
  • Do not overshare: Be wary of sharing private details with people online. Sharing personal information can backfire. Ensure your children know this.
  •  Have a conversation with your child: Explain the many dangers that lurk online. Yes, children may be won’t ‘get it’ right away. But if that’s the case, talk to them again. 
  •  Use unique passwords: Ensure your child knows the importance of a strong password and the perils of using the same one for every account.
  • Keep an eye on their online activities: Be sure to monitor your child’s online activities to the extent that you know what they’re ‘up to’ online. Still, over monitoring is not good, so please use it carefully.

Educate your children, and make sure they know of the dangers the Internet presents and what they can do to minimize them

How Secure are the Virtual appliances?

April 22, 2021 /

A recent report raises questions about the software vendors’ responsibilities and claims that detected more than 400,000 Vulnerabilities across software vendors. The virtual appliances often get used to providing IT security functions like firewalls, encryption, and secure gateways. It aims to eliminate the need for dedicated hardware and can get deployed on cloud platforms.

Virtual appliances often reach consumers ready to be deployed to public and private cloud environments. Most consumers believe that virtual devices are safe and secure, free from security risks, but Orca’s report proves otherwise.

The research, conducted in April-May 2020, shows that 2,218 virtual appliances from 540 vendors got scanned and checked for known vulnerabilities and risks. The researchers ranked every appliance according to a scoring system designed for this research.

It is a good idea to encrypt your data before sending it to any virtual appliance. On the diagram you can see the standard hybrid encryption protocol using symmetric and asymmetric cryptography schemes. It offers good level of additional security.

The number of total discovered vulnerabilities is just over 400,000. The appliances received grades from A+ (exemplary) to F (failure). Only a mere 8% of products scored an A+, while 24% got an A as ‘well-maintained,’ 12% received a B as ‘above average,’ 25% were ‘mediocre’ with a C, 16% got a D as ‘poor,’ and 15% ‘failed’ with an F.

Interestingly enough, some vendors had products with an A and A+ and landed an F mark.

Correlation quality/price

Another exciting discovery by the report was that price doesn’t directly correlate with security. More expensive products don’t necessarily offer more protection. 1,489 of the products charged an average of $0.3/hour, while 510 were free, many of which were also open-source. The highest charge for appliances, which got tested in the report, was $3.00/hour. Free products received an average security score of 77.58, while fee-based ones got a 77.38.

Updates

It should come as no surprise that, as products get outdated, their vulnerability increases. Updates are essential as they can fix vulnerabilities when done regularly. The report discovered that 110 products received no updates for at least three years, 1,049 in the last year and only 312 got updated over the previous three months. Only 64 had received updates in the past month.

Feedback

Upon finishing the scans and grading process, the vendors received emails with the findings. All the vendors got contacted, but only 80 responded. Though the responses ranged, many confirmed they had taken remedial action. As a result, 287 products have received updates, and 53 got removed from distribution. Even though these numbers may seem unimpressive, that meant 36,938 (out of 401,571) discovered vulnerabilities got addressed. After a rescan, products that initially received an F ranking had improved their ranking to an A or A+.

The report also presents a few recommendations to help organizations reduce risks posed by virtual appliances. Among them are asset management and vulnerability management tools. Asset management helps to keep track of virtual devices, while vulnerability management tools assist in finding weaknesses.

Orca made sure to include in its report that all the data presented is a mere guide. A vendor’s top score doesn’t equate to a risk-free guarantee on all its virtual appliances. As already mentioned, some vendors have products with both the top and the lowest scores.

Cybersecurity for business travelers

April 1, 2021 /

Every business travel is a beautiful opportunity for people to visit their favorite countries and places. But these events are a fantastic opportunity for every sort of malicious cyber activity, too. Cyber criminals’ wet dream is many people connecting to the same hardware infrastructure, which is outdated in security because of lack of maintenance or cost savings.

Most people going on these trips are in business mode, deprotected. Usually, travelers are targets, but many hacker groups could attack local businesses or host infrastructure, too. Management personnel is wealthy and generate much interest in it as targets for cyber attacks. On the other hand, host infrastructure is a good target for hacktivism because some events have worldwide media coverage. We can imagine what happens if hackers manage to hack the internet access for hosting infrastructure and instead abc.com, they show anti-government slogans. Last but not least, travelers are excellent targets for data steal and botnets creation purposes.

So how can we keep ourselves safe? There are three primary attack vectors which travelers must have in mind. Hardware device-based attacks, data steals, and bank card information steals. The best strategy to prevent hardware-related threats is to carry only a smartphone. Modern smartphones are more capable of computing power and memory than most middle-class notebooks from the beginning of the decade. You don’t need a fully-featured laptop when you travel abroad. Modern smartphones are more than enough for day-to-day activities like chatting, email exchange, document reading. You bring your smartphone everywhere you go, so it is tough for someone to steal it. It provides many wireless ways for data exchange between devices, which decreases the risk of rubber ducky-based attacks. Often, many hotels, venues, cafes offer free wifi access for all the participants in the event. In general, using these wifi spots is a terrible idea. You can use them, but you have to know that hackers can record all the traffic on these devices. They can store all your encrypted user data, passwords, and sessions for later analysis and decryption attempts.

A better strategy is to use 4g mobile connections during your trip. In that case, the hacker must first hack the mobile internet provider connection to store and decrypt your data. Mobile internet providers are tough to hack, and that adds a layer of security to your device. This approach has a nice bonus feature; you can use the same 4g connection for internet access because of the smartphone’s internet sharing feature. I use 4g internet during my travels and hotel stays. In the most paranoid configuration, you bring two phones, one for a 4g connection and one for real work connected via wifi to the first phone. This setup offers a better level of security.

Bank card data stealing is one of the most common cybercrimes. Stealing card data is so easy that hackers steal millions of bank card credentials every day. How to prevent ourselves from these steals? With cash, of course. Cash is the ultimate paying method, never rejected, never tracked, and challenging to steal if stored properly. The average business trip has no more than ten days as a life span. The regular traveler can cover the expenses in cash during this time. However, for more extended stays bringing a considerable amount of money is not a good idea. Storing it is not easy, not to mention that many countries have an upper limit for cash transactions. In this case, carrying crypto tokens would be a fantastic idea. You can find many crypto exchanges and ATMs these days.

In conclusion, when traveling, the most valuable security advice is to stay undercover. Don’t show off yourself, don’t bring jewelry, wear functional but not expensive clothes, limit yourself to low to middle range electronic devices. You can also stay in moderate range hotels, pay in cash, and use an internet connection only when needed. And my last advice to business travelers worldwide – many cybercriminal organizations prepare themselves for your travel; please prepare yourself, too!