Results 1 to 2 of 2

Thread: Hackers. What they want and how they get it.

  1. #1
    Lead Moderator calikid's Avatar
    Join Date
    Nov 2011
    Location
    Sunny California
    Posts
    8,486
    Blog Entries
    19

    Hackers. What they want and how they get it.

    I publish a small news letter to my clients a few times a month. Shared with their staff as a security reminder.
    I'll post a few of them here.



    Welcome to my new series on Cyber-criminals.


    What they want and how they get it….. with you as the victim.



    I know everyone is busy with their workload, so instead of bogging everyone down with an hours long seminar/lecture on PC security, I will be sending out an email a few times a month to my clients. You may opt out at anytime.


    These emails will be brief reminders, a paragraph or two that will highlight what we all need to watch for, to fend off criminal attempts to compromise our PCs, Servers, and Networks. Also included will be any breaking news about new hacker attempts/methods.


    What do they want? Hackers target users to gain access. To your system, to your network, to your bank account, to the control systems that provides electricity to your city. Anything they can compromise and then sell on the dark web.


    How do they do it? Most popular method is “catfishing”. Sending out fake emails from what appears to be reputable sources (FROM: Your banks name here) and hoping you will open an infected attachment, or click on a normal appearing link that actually leads to a website that downloads malicious code into your browsers background infecting your PC, or send them an email reply with your confidential info (passwords/acct numbers/SSN etc.). Often the hackers don’t have great English skills and may tip you off with spelling or grammar errors. “Please reply to this e-male” or “This is an issue with your cheque”. Also, you may get fake notices such as “notice from Apple; your purchase has been approved, check the attached receipt”, not bad. Except Hello? I don’t own Apple products or have an Apple account. This was one email/attachment I deleted unopened.

    Other methods will be discussed in future segments.


    Enough for our first installment.

    Hopefully this is just a review and not news to you, but either way let's be alert to Hackers.

    Feel free to share with friends.
    The aim of an argument or discussion should not be victory, but
    progress. -- Joseph Joubert
    Attachment 1008

  2. #2
    Lead Moderator calikid's Avatar
    Join Date
    Nov 2011
    Location
    Sunny California
    Posts
    8,486
    Blog Entries
    19
    Newsletter#2. In an effort to keep it brief, I will add a few technical definitions at the end. You can review if you need too, or skip.


    As I mentioned in the last newsletter, a hacker seeks access. May 2017 in a two-step process, hackers managed to infect computers (via phishing emails, infected websites, clicking on dangerous links) which then spread the virus to all the other computers within their office network (aka LAN). This was accomplished using a stolen NSA hacker toolkit that took advantage of an unpatched Windows vulnerability. Once they gained access it allowed the hackers to run whatever programs they wanted on the infected systems. Step two in this instance was to run a malicious program called "Wanna-Cry", aka Ransomeware software.



    In this second step Wanna-Cry Ransomware took all of the user's desktop data and encrypted it. Most notably/hard hit were hospitals in the UK. Every item on the desktop was ENCRYPTED rendering it inaccessible without the Decryption "KEY".

    A BIG RED notice (see graphic) was then displayed to the user saying "You have been hacked, send $300 in bitcoin to account XXX within 48 hours, and we will send you a key to "decryt". Unfortunately, no guarantees were made. Some desperate folks did send money; last I heard less than 50% actually got a working KEY after paying.



    wannacry ransomeware1.JPG

    INSERT ACTUAL GRAPHIC HERE

    Try to imagine the feeling of powerlessness when this graphic pops up on your screen. For a few of my clients, you don't have to imagine. It was a real life "pain in the butt" only resolved by discarding everything from the current desktop and reverting to backups.

    Wannacry Ransomware affected some 230,000 computers over 150 countries with damages estimated in the billion$ of dollars.



    Our best defense? Keep your Operating System's patch updates current.

    Run solid Anti-Virus/Anti-malware programs.

    Don't open email/attachments or click links to unknown websites. Delete email from suspect sources.

    Reduce user's level of access (normal User vs Administrator).

    Maintain multiple rotating backups of your critical data.

    . .



    Supplemental Information.

    A couple of terms you may be familiar with.

    Bit more in depth for the tech curious.

    1) ENCRYPTION/DECRYPTION KEY,

    2) ZERO DAY EXPLOIT,

    3) HACKER TOOL KIT,

    4) RANSOMWARE.



    ENCRYPTION: No surprise, computers compute. That is they perform math functions on numbers. A part of this computation is to secure information to prevent snooping eyes from seeing true information. Say you send the combination of your gym locker to a friend in an email: 10-20-30. Only prior to sending this information to your friend you have established a shared "KEY" of 5,000. This means when the email arrives in your friend's email box, the combination is display as 50,000-100,000-150,000. Your friend, knowing the correct

    DECRYTION KEY, can use it to DeCrypt the numbers and reveal the actual combination.

    Anybody else snooping in on the email would have worthless information. Without the correct key, the data is useless.

    .

    ZERO DAY EXPLOIT:

    Occasionally flaws are discovered in programs (like web browsers, etc.).

    Example of one such flaw, discovered and corrected a few years ago, was the "BUFFER OVERFLOW" error.

    This error had to do with forms filled out on web pages.

    When you filled in a form, a certain number of spaces are reserved.

    Example, a date: 01/20/2010 would have 10 spaces reserved.

    It was discovered that if you input 11 or more characters into such a form, and no error catching routine was programmed, it would cause a buffer "overflow error" with unknown results.

    Only hackers quickly discovered that the results were; the person typing into the form was exited from the form and entered an elevated level of access to the webserver who was hosting the form. Successful Hack/Step one (a discovery worth $elling on the dark web).



    When this type of error has been detected, passed onto the manufacture (Microsoft, etc.) and a "Patch" is built to resolved the problem. Only ZERO days after the discovery there is a window where hackers (and other agencies*) can use this programming defect to exploit any affected PC/SERVER prior to the patch being distributed and installed. Also, users who neglect to install patches continue to be vulnerable.



    HACKER TOOL KIT:

    In the dark web, there exists a motley crew of programmers who search out such exploits and package them into tools kits for sale. People without the knowledge to hack directly, can buy a tool kit and use it to take advantage of flaws in the system, prior to discover and repair (Remember, what do hackers want? ACCESS they can sell on the dark web). In this Ransomware case, the EthernalBlue exploit of Windows SMB1 communications protocol was used to install and spread the DoublePulsar backdoor.


    RANSOMWARE:

    A program that encrypts a PC's files, with a promise to deliver a decryption key once a ransom has been paid



    *Of historical interest:

    Unfortunately, some national agencies have taken the stance that they would like to retain such information (ZERO DAY) as a tactical advantage. Rather than report the "bug" to an affected vendor (like Microsoft or Apple), controversially they keep it secret for their own use.



    Strange Twist to the WANNACRY RANSOMWARE case, it was revealed that an underground hacker group (The Shadow Brokers) had obtained (stole?) an older tool kit produced by The US Intelligence Agency (NSA). The tools were sold on the dark web. Those tools (aka cyberweapons) were used to hack into the PCs (step one). Once inside the hackers were free to unleash any malware they wanted. In this case it was Wannacry Ransomware (step two).
    The aim of an argument or discussion should not be victory, but
    progress. -- Joseph Joubert
    Attachment 1008

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •