Malware, Virus, Worms, Trojans and so on. If you are a computer user or a smartphone user, you should be very well aware of these terms, or should I say threats. They all have been a part of the digital life that we have been living since years. You, me and everyone has been a victim to them. We get them treated or cleaned using applications such as Antivirus programs.
However, threats in the modern world have evolved in a way that many cannot even believe them. In this post, I intend to take you to a tour of modern day viruses and threats, especially an incident where one of my computers (the very computer from which I am writing this post) got infected with modern day cyber threats.
Cyber Security Threats in 2016 and 2017
The year 2017 showed us a lot of new wave of Cyber Threats. We have seen threats like CryptoLocker, Locky, and the most talked about, ‘Wannacry’. All of these are Ransomwares. Ransomwares are computer viruses that get downloaded to your computer, without you knowing about it, then they simply encrypt all of the files on your computer like your documents, pictures, videos and so on. During the encryption, the ransomware generates a key to decrypt the files; however, it moves the key from your computer, to the command and control server of the hackers who created that ransomware. Once this process is over, the ransomware notifies you about the same by changing the wallpaper of your computer and dropping some information on your desktop, in the form of text files. The wallpaper say that all your files have been encrypted and are unusable now; however, if you wish to get them back, you will have to pay some amount to the hackers in the form of Bitcoin (a crypto currency). Once you make the payment, they say that they will let you know about how to get your files back, but, who knows if you can trust them or not.
Wannacry, was a kind of special ransomware. On March 7, 2017, Wikileaks began publishing a series of documents called Vault 7. These documents detailed the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. It included a variety of undisclosed or zero-day vulnerabilities found in Microsoft Windows, Linux, Mac OS, Android, iOS, Web Browsers and more. This was a huge revealing to the world. However, some hackers, used one of the vulnerabilities and created a ransomware called Wannacry. Wannacry was a worldwide cyberattack that started in May 2017 and had infected more than 2,30,000 computers in over 150 countries within just 1 day.
The WannaCry message
Image Source: theverge.com
Countries initially Infected by WannaCry
Image Source: wikipedia.org
Then we saw another attack, which used a new form of botnets, that is the Internet of Things devices. Distributed Denial of Service (DDOS) attacks are carried out using hundreds and thousands of computing devices, which send bogus traffic to a particular target, so that the target network is in a traffic jam situation and their users are not able to access any resources on the target servers. On October 21, 2016, Dyn, a company responsible for providing DNS services to other companies experienced a major DDOS attack. A huge amount of bogus traffic was directed by the hackers to the DNS servers owned by Dyn. This attack, in particular, was one of the first attacks carried out by the hackers using compromised IoT devices.
Cyber Security Threats on Personal and Enterprise computing
Generally, it is thought that, small business, individual or independent service providers or a home computer user is not a target of hackers or hacking attack. We also think that a regular antivirus application will take care of any cyberattack that comes knocking our door. However, to break the news, this is an incorrect thought. Everyone can be a victim as well as a part of major cyberattacks. Cyberattacks are not just viruses and DDOS attacks. To validate my point, I will now discuss my personal experience to a new type of cyberattack on my laptop.
A few days back, while working on some client network, I was handed a USB drive with some applications that were needed. As soon as I plugged the drive in my laptop and opened the drive in the explorer, I saw nothing in there but just a shortcut to the same drive. That told me immediately that the drive was infected with a virus and needed a scan using some antivirus application. But as I was using a Windows based laptop (not complaining about any system, just describing the situation), it was too late. Even my system was infected.
After any infection, the best thing to do is to scan your system with an antivirus application. This usually is a good practice; however, a regular scan is recommended.
So back at my office after the work, the infection showed no effect. I ignored the infection due to some work; as it is there were no symptoms of the infection. After a few days I observed the system performance and noticed that some processes were utilizing the CPU and Memory to significantly high levels. Antivirus scan showed me a couple of viruses which were quarantined and were deleted; however, for some reason I was not convinced and investigated further. I found some folders in the C drive with some suspicious file and deleted them to make sure the virus files as deleted. This made the system resource consumption get back to normal. However, some new symptoms showed up. My google search results showed some ads even when I am using an adblocker on my network gateway device as well as ad block plugin in the browsers. Also, when I tried to click on any links, it would open some ads instead of the actual desired page. Once again, I ran the antivirus application and scanned the entire system; but no infection was found. I checked all my browser plugins and addons and found they were running perfect.
Upon being unable to find the threats and disinfect my system using the antivirus application, I decided to try another application, called Malwarebytes Anti-Malware. Malwarebytes is basically an anti-malware system that can protect you from multiple threats or malwares like ransomwares and other online threats.
I installed the application and initiated a scan. To my surprise, my system had over 300 infections or viruses or malware in it. Once the scan was completed, the exact count of threats was 302. This included a mix of Adware, Trojans, Potentially Unwanted Programs and Bitcoin Miners. Yes, Bitcoin Miners. Bitcoin is a crypto currency that works on a network of distributed systems called as Blockchains. Bitcoin miners are basically computer that are used to do encryption tasks to keep the Blockchain system running as well as miners gain bounty in Bitcoins after every successful operation. This basically requires great computing power, as faster you mine the more bounty you get. So, based on this principle, hackers created malwares that once infects your computer, uses your computer to mine Bitcoins. This helps the hackers to gain larger bounty if he/she is able to infect multiple computers. All of these miners are controlled by a Command and Control center. Basically, your computer is working in favor of the hackers. This, in a sense may not cause any harm, however, when more than 30% of the computer resources are busy, you are sure to face lagging and low performance issues. This can be a really huge issue for mission critical systems like online banking systems, ERP servers, or so.
I was a bit confused as in why my antivirus application was not able to detect so many threats and said my system was clean. Further, I quarantined these threats and deleted them through Malwarebytes, and after a reboot, the system was functioning as normal.
I was happy that my system was disinfected and was running normal. This wasn’t a huge threat for me or my business, however, it could have been so. My confidential business records and client documents could have been compromised. If that would have had been happened, it would have cause me serious problems. That is called a security breach.
Now imagine such a security breach in a bank or at an insurance company where hundreds and thousands of computers are used to carry out daily business. Imagine the loss that could occur if such organizations are breached. As a matter of fact, the cost of such kind security breaches costs in millions. IBM security has developed an interactive chart that can show you the cost of a security breach based on the factors like the Country, Industry and Cost factors. Check it out here.
That calls for us to take a new approach towards enterprise as well as personal cyber security. Its high time that we take a closer look and implement security factors in our personal digital life as well as in enterprise IT world.
After this encounter, I am sure that I will not just trust a single security application (Duh, I am a security professional, how can I be so naive). The security landscape is rapidly changing and so shall our views and strategies must change towards securing our online assets. Businesses and individuals shall give more attention to security. In a world where everything from our money to our identity is digital, we shall be more alert and proactive to protect our belongings.