The Evolution of Malware

Thomas Smith

1971

First Known Virus
Creeper

Experimental,
self-replicating worm that does not damage data but generates a message that reads: “I’m the creeper: catch me if you can”

1985

First PC Virus
Brian

Built in Pakistan, affects the boot sector of storage media using stealth tactics

1988

First Internet Worm
Morris

Immobilized 6,000 computers, $100,000 to 10,000,000 in damages, affected universities, military facilities, and NASA

1999

Mass-Mailing Virus
Melissa

Not a worm, dispersed via email, affected over 100,000 computers in under 72 hours

2000

Email Worm
ILOVEYOU

Email scam with an infected attachment, affected 10% of internet-connected computers worldwide, a setback of over $20 billion

2004

Mass-Mailer Worm
MyDoom

One of the most damaging mass-mailer viruses, contains a backdoor for remote control of compromised systems and triggers DoS attacks

2005

First Crypto-Ransomware
Trojan.Gpcoder

Disguised as a PC cleanup app which prompts consumers to pay for services

2010

First Weaponized Malware
Stuxnet

Infected Iran’s nuclear centrifuges in addition to 100,000 other computers

2013

Point-Of-Sale Malware
Target Stores

70 to 110 million Target customer records affected, exposed credit and debit card information

2014

Strategic Data Heist
Sony Pictures

50,000 Social Security numbers obtained, in addition to Sony Pictures’ unreleased films and other proprietary information

2014

Industrial Malware
Energetic Bear

Russian industrial espionage attacks gained entry into the computers of over 1,000 oil and gas companies

2015

Government Breach
US Office of Personnel Management

Personal data of 21.5 million at the US Office of Personnel Management breached, including Social Security numbers and fingerprints

2015

First Infrastructure Attack
Ukrainian Power Grid

IT team tricked by social engineering, blackouts resulted across Ukraine

2016

Geographic Attack
Turkish Citizenship Database

Personal data of 50 million Turkish citizens (two-thirds of the population) leaked

  1. http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey.html
  2. http://www.toptenreviews.com/software/articles/what-was-the-first-antivirus-software/
  3. https://en.wikipedia.org/wiki/Creeper_(program)
  4. https://www.symantec.com/content/en/us/about/media/securityintelligence/SSR-Timeline.pdf
  5. https://en.wikipedia.org/wiki/Brain_(computer_virus)
  6. http://www.syracuse.com/vintage/2016/01/thrpt-row rowback_thursday_cornell_stu.html
  7. https://en.wikipedia.org/wiki/Morris_worm
  8. http://www.cert.org/historical/tech_tips/Melissa_FAQ.cfm?
  9. http://www.pcmag.com/article2/0,2817,2363172,00.asp
  10. https://en.wikipedia.org/wiki/ILOVEYOU
  11. https://www.symantec.com/content/en/us/about/media/securityintelligence/SSR-Timeline.pdf
  12. https://blog.barracuda.com/2016/03/27/the-evolution-of-ransomware/
  13. https://www.symantec.com/security_response/writeup.jsp?docid=2005-052215-5723-99
  14. https://gcn.com/articles/2012/06/26/stuxnet-demise-expiration-date.aspx
  15. http://www.nytimes.com/2014/01/11/business/target-breach-affected-70-million-customers.html?_r=0
  16. http://www.securityweek.com/target-confirms-point-sale-malware-was-used-attack
  17. http://www.nytimes.com/2014/12/31/business/media/sony-attack-first-a-nuisance-swiftly-grew-into-a-firestorm-.html
  18. https://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack
  19. http://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html
  20. http://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html?_r=0
  21. http://venturebeat.com/2016/04/06/turkey-is-investigating-leak-of-50-million-citizens-data/

Share on FacebookTweet about this on TwitterShare on LinkedIn

If You’re A Hacker, Your Nation Needs You!

Xuyen Bowles

Nation states are now outsourcing critical elements of their cyber security programs. Nations have been arguably employing third party hackers for years, but in recent years the demand for hacker work products and support has developed a global market where support goes to the highest bidder. Hackers are starting legitimate businesses whose sole purpose and product is to develop tools to exploit vulnerabilities or to discover yet unidentified vulnerabilities known as zero days. “Zero days” get their name from the number of days that a computer user has to fix a vulnerability before a hacker can exploit them. Hackers often focus efforts on developing exploits for day vulnerabilities because there is no available patch or fix identified to close the vulnerability.

The fact that hundreds of companies are developing to address this very market is telling to say the least. Bounties can literally be set if and when new vulnerabilities or their exploits have been developed/discovered. More troubling is that this information typically would go to the highest bidder which would likely be a government entity. Microsoft, Google, and Facebook all offer rewards for people who find the zero day vulnerabilities, but these rewards often can’t touch the kinds of money and resources being invested by governments.

Further, there is also evidence that governments are now hiring third party hackers to infiltrate targeted enemies and allies on their behalf. The benefit of hiring a non-affiliated hacker for this type of effort is really three-fold: the government can have plausible deniability associated with any infiltration and exploitation since there is no direct link between the hacker and the nation-state, the hacker is often located in a third party location so even if discovered the physical location would not lead to the government, and the government can take advantage of greater flexibility in being able to hire specific hackers for specific purposes rather than employing personnel long term.

While there is a clear and evident upside to outsourcing for cyber security support, there is also a very clear risk that is often not considered. When outsourcing hackers who will work for the highest bidder, governments are not dealing with people who have any clear loyalty to the nation state. Living and working within the confines of the Internet often leads hackers to become a citizen of the world rather than a particular nation. Additionally, the same hacker that at one point may support once nation could easily work for that nation’s enemy if they offer a bigger bounty or salary. Further, in cases where that hacker could get access to the government’s networks as an insider, the government could literally be sharing information, access, and secrets with someone who has not been vetted for trust and who harbors no loyalty. In the rush to compete with their enemies in this burgeoning “hacker marketplace”, governments could be inviting their enemy in through the front door. Much of this threat could be combatted with proper compartmentalization of the information, role-based access, and proper security infrastructure. Unfortunately, many government agencies do not properly implement protections to watch, monitor, and limit insiders for their systems. This has most recently become evident in the Snowden NSA Leaking Scandal. As a recently acquired cyber security administrator, Snowden was able to steal information from multiple locations, some above his actual clearance level. Further, it does not appear that any monitoring or additional protections were in place to catch his suspicious actions before he decided to release classified material and flee the country.

While it is important to stay competitive in the cyber security war being waged, it is also important to consider whom you are hiring and what the benefits and potential risks they really offer. Additionally, it is key that proper security infrastructure, policy, and procedures are in place to detect and deter the insider threat.

http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html

http://www.usatoday.com/story/news/nation/2013/06/12/hackers-cyber-nsa-intelligence/2413183/

Share on FacebookTweet about this on TwitterShare on LinkedIn

DEFCON No Longer Welcomes the Federal Government

Xuyen Bowles

In the wake of recent revelations from NSA leaker Edward Snowden, DEF CON announced that the Federal Government should take a time out from attending DEF CON this year. On 10 July, the following post was made public on the DEF CON website: “For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect. When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a “time-out” and not attend DEF CON this year. This will give everybody time to think about how we got here, and what comes next.”

This announcement is a significant one considering the history and precedence set by previous DEF CON events. In fact, in 2012, the NSA Director, General Keith Alexander, was the key note speaker for the DEF CON event. During his speech he was open in indicating that the federal government was hoping to recruit people from the hacker community to bolster the somewhat limited capability of the Pentagon’s cyber security mission. The recent revelations and issues concerning the NSA’s surveillance program have reduced its trust and credibility within the very hacker community they need to complete their new cyber security initiatives. While it cannot be measured as of yet, the impact of the federal government being asked to take a “time out” from one of the largest hacker conferences in the world and the lack of trust that now exists between the two communities will likely cause significant impact to the federal government being aware of adversary capabilities and threat as well as their ability to recruit the best and brightest minds in cyber security.

Share on FacebookTweet about this on TwitterShare on LinkedIn