Cybersecurity: We Have A Situation

Once inside [the target computer], advanced malware, zero-day and targeted APT attacks will hide, replicate, and disable host protections. After it installs, it phones home to its command and control (CnC) server for instructions, which could be to steal data, infect other endpoints, allow reconnaissance, or lie dormant until the attacker is ready to strike. Attacks succeed in this second communication stage because few technologies monitor outbound malware transmissions. Administrators remain unaware of the hole in their networks until the damage is done.

-FireEye Security

*If you don’t understand that quote, see the “More” tag at the end of the post.

Malware is a different animal than it was five or ten years ago. It is smoother, stealthier, more secretive, and stronger, in computer terms, than even many of the strongest of security applications.

So why is this so important? People get viruses on their computers all the time; what’s the big deal?

During the civil war, new weapons were used. Incredible advances had been made since the Revolutionary war, however the same old tactics were being used. This resulted in unforeseen casualties. I believe the same thing is happening in the cybersecurity world. Major companies are being hacked. Vital data is being stolen, our security tools are out of date. We’re trying to fight a war with old, outdated weapons. Safety in numbers is not an option. Computers are as safe in numbers against malware as a crowd of people against one man with a machine gun.

Allow me to go over some of the major security vulnerabilities of 2013-2014.

Target

Seventy million accounts at Target have been stolen. ‘Nuff said. However, let me expound.

Target has invested in robust security software called FireEye, of such a caliber that the Pentagon uses it. On November 30, malware was planted in Target computers for the first time. FireEye warned the Minneapolis security team. On December 2, FireEye warned the security team again because a second piece of malware was planted in Target computers. At this point data began flowing out to Moscow, where the hackers seemed to be based. The malware-planting cycle continued three more times, each time FireEye warning Target’s Minneapolis Security team. The biggest issue is, that the security did nothing for two weeks.

Big problem.

Update 5/2/2014

All U.S. retailers with independent cards-not just Target-are required to implement cards with computer chips in them by October 2015 or the responsibility for breaches will fall solely on their shoulders. These are disasters waiting to happen, perhaps more so than the magnetic strip cards.

These cards (called SmartCard or RFID cards) have chips in them that machines will scan; they are supposedly impossible to replicate, which is what people are going for. Even if they are, there is technology that can scan them from in your wallet, whether it’s in your pocket, purse, or under your mattress. The scan will net anyone who has the scanner the card number, and he/she will be able to track where that card is all the time-usually wherever you are.

Pretty scary, huh?

“Heartbleed”

This could be called the most widespread data breach in history, and many people haven’t even heard about it. Two years ago, hackers discovered a vulnerability in open-source secure socket layer encryption software (OpenSSL), which they exploited to find usernames and passwords to anyone who uses the site where this encryption was used. The most highlighted example is Yahoo! email accounts. Running the Heartbleed software on a yahoo website gave a reporter 200 usernames and passwords. Not to mention the fact that this hole has been left open for two years on many websites. I have seen the effects of heartbleed. In the month leading up to the detection, I got three malware-infested emails from friends with yahoo accounts, two from the same email account. Not to mention the countless others I’d received in the past two years. It’s time to change all Yahoo! passwords.

Michael’s Arts and Crafts

Finally we get to the largest underplay in hacking history. I heard maybe two television reports on the Michael’s data breach, one to say there might be a problem and another to say there was a problem but it’s under control.

So what’s the big deal here? It’s under control!

That’s what Michael’s would love to have you believe. Unfortunately, there is no way of truly knowing how much data was stolen unless you get your hands on the source code of the actual malware. You can guess, you can assume, but there is no way to really know. This hole was open for nearly a year, from May 13 to January 27, 2014. It was confirmed sometime in mid-April 2014. The Target hole was open for only two weeks and it got an estimated (keyword estimated) 70 million customer profiles. The Michael’s breach was open for nine months and an estimated 2.6 million cards were affected. Once again, keyword estimated. They don’t really know. Not to mention that this is the second data breach of Michael’s stores since 2011. Time for some new security software.

In Conclusion…

  • There were three major data breaches discovered in 2014.
  • Malware stays ahead of software, instead of the other way around.
  • There is no way to really know how much damage was done by malware.

Update: 5/2/2014

Microsoft discovered a hole in Internet Explorer the day I wrote this post that hackers can exploit to badger you into clicking on a malicious link, and then proceed to take control of your entire computer. That means, if they have control of your entire computer, they can access everything you have stored on your computer. All your personal documents, tracking cookies, bank account numbers, passwords saved in your browser-everything.

Continue reading