We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.
Accept and closeHow WannaCry hit the world and how it suddenly stopped
One day in May 2017, computers all around the world suddenly shut down. A malware called WannaCry asks for ransom. The epidemic suddenly stops, because a young, British researcher found a killswitch, by accident.
From the Web:
What is WannaCry ransomware, how does it infect, and who was responsible?
WannaCry cyber attack cost the NHS £92m as 19,000 appointments cancelled
A star is born - and soon arrested
His random act of heroism makes security researcher Marcus Hutchins famous overnight. Being celebrated by media around the world, he spends a week in Las Vegas. When he wants to leave, the FBI arrests him. They suspect him of creating malware.
From the Web:
FBI arrest of Marcus Hutchins (@MalwareTechBlog) has chilling effect
Bad news for WannaCry slayer Marcus Hutchins
What Happens When a Hacker Hero is Arrested by the FBI? | Freethink Coded
Jail forever or a free man?
Stuck in the US, free on bail, Marcus Hutchins considers his options and decides to plead guilty. He faces up to 10 years in jail.
From the web:
Marcus "MalwareTech" Hutchins Pleads Guilty to Writing, Selling Banking Malware
Marcus Hutchins spared US jail sentence over malware charges
COVID-19 wasn't the only deadly disease of 2020
When a patient died after a ransomware attack meant she had to be diverted from her nearest center for care, the cybersecurity world paid close attention. Why is this event being described as a warning for the future of cyber defense? Watch Ransomware: An Escalating Threat to find out.
In 1989, a Harvard Ph.D graduate sent 20,000 floppy disks to that year's international AIDS conference attendees, labeled AIDS Information – Introductory Diskettes. They were loaded with the earliest known ransomware, PS Cyborg. It encrypted files on the host's computer unless the owner sent $189 to PC Cyborg Cor. And it was no misguided academic experiment – the graduate just wanted extra cash.
Fast forward 31 years from ransomware's inception. Today, this form of malware is life threatening.
Historically, ransomware targeted personal computer users. Today, the profit's in attacking businesses, because they have more money and valuable data. By the end of 2021 there will be a ransomware attack every 11 seconds, causing overall damage worth 20 billion US dollars. But it's not just about money.The coronavirus pandemic was the opportunity of the decade for ransomware. While overrun healthcare systems experienced an unprecedented wave of attacks, one ransomware incident in Dusseldorf, Germany stood out.
Medics received a call from a woman in pain. When they saw her, they realized she needed urgent surgery. They planned to take her to the local university hospital, but a ransomware attack had shut down its crucial machinery, so she had to be diverted to another emergency unit. She died on route.
With the consequences of ransomware now proven deadly, how do we protect ourselves, our loved ones and our businesses? Prepare yourself with free ransom decryption tools from No More Ransom – an initiative by the Netherlands' police, Europol's European Cybercrime Centre, Kaspersky and McAfee.
Looking forward to watching the Olympic Games in Tokyo? Here's a reminder of what happened at the opening ceremony of the 2018 Winter Olympics in Pyeongchang
Barely noticed by the public, but an elaborate hacking attack hit the stadium, starting a cyber-political puzzle.
It is February 9, 2018. The stage is set for the Pyeongchang Winter Olympics' opening ceremony. But the organizers didn't realize one of the most deceptive cyberattacks in history was afoot.
This three-part series looks at the background to the Pyeongchang cyberattack, the Olympics IT team's stunning response and why it was so hard (and so risky) to find out who did it.
Security researchers described the code used to attack the 2018 Pyeongchang winter Olympics as 'Frankenstein-like.' In part two of our video series, hacker:HUNTER Olympic Destroyer, they explain how the malware was designed to point in multiple directions.
The designer of an extraordinary piece of code lodged it in a system where it remained undetected for months. Part two of hacker:HUNTER Olympic Destroyer explores the nature of the attack, its process and why 'Frankenstein-like' code made it one of the most mysterious advanced persistent threat (APT) attacks in history.
Olympic Destroyer was the perfect example of an APT. What are they, and why are they so harmful?
APTs are sophisticated hacks that often wait for the perfect time to strike to create maximum damage. They lodge themselves in a system and steal critical data over weeks, months or years. Those behind these attacks build complex software for intentional damage – from espionage and sabotage to data theft.
APTs are notoriously associated with highly organized groups. They attack high-status targets like countries or large corporations, notably in manufacturing and finance, aiming to compromise high-value information like intellectual property, military plans and sensitive user data.
Their high-profile targets will have secure networks and defenses, so threats must stay undetected as long as possible. The longer the attack goes on, the more time attackers have to map the system and plan to steal what they want.
Motives behind attacks vary, from harvesting intellectual property to gaining advantage in an industry, to stealing data for use in fraud. One thing is clear: APTs cause severe damage.
Olympic Destroyer was the perfect APT. A highly-organized group attacked a national Olympic committee, and it worked.
The 'confusion bomb' had been undetected in the computer system for four months, biding its time to strike. Being in the system gave them time to find weak spots and pain points to make the attack more devastating. When it finally surfaced, all hell broke loose.
By directly attacking the Olympics' data centers in Seoul, South Korea, Olympic Destroyer cut employees' access to network computers. Because Wi-Fi was out, Olympic building security gates stopped working, coverage stopped, and the whole infrastructure went offline. The Pyeongchang IT team was staring down the barrel of a potential geopolitical disaster.
Stay tuned for episode three, where we unravel the IT team's ingenious response and find out who did it. Any guesses? Go to hacker:HUNTER to stay up to speed.
The final instalment of our series hacker:HUNTER Olympic Destroyer examines how Pyeongchang winter Olympics hackers put smokescreen to misdirect cybersecurity analysts. But through the fog, analysts realized the culprit wasn't who you might expect.
If successful, the 2018 Pyeongchang cyberattack could have cost billions of dollars, leaving a canceled Olympics and a geopolitical disaster in its wake. Their deceptive methods meant the cybercriminals nearly got away with it. Why did they want to point the analysts at another group? And who was behind it all?
Cybercriminals don't leave a calling card, but they do leave evidence. The art of finding and using that evidence to find the culprit is known as threat attribution.
Threat attribution is forensic analysis for advanced persistent threats (APTs). It analyzes the attackers' 'fingerprints,' such as the style of their code, where they attack and what kinds of organizations they target. Attacks can be matched with the fingerprints of other attacks attributed to specific groups.
Hackers have their own set of tactics, techniques and procedures. Cybersecurity experts can identify threat actors by studying these elements.
In February 2016, hackers attempted to steal $851 million US dollars and siphoned $81 million US dollars from the Central Bank of Bangladesh. The attack was linked to notorious cyber espionage and sabotage group Lazarus Group. Lazarus attacks casinos, financial institutions, and investment and cryptocurrency software developers.
Lazarus has certain targets and ways of attacking: Infecting a website employees of a targeted organization often visit or finding a vulnerability in one of their servers. These are the 'fingerprints' used in threat attribution.
Crucially, Lazarus Group is long thought to be linked to North Korea. Olympic Destroyer included a piece of Lazarus's malware code, but the type of attack didn't fit. Its fingerprints better matched a cluster of attacks by another group with a very different agenda.
Watch the full video to see if you knew who the hacker was all along.
This APT might not have worked, but over the years, others have. To see what a successful APT looks like, watch Chasing Lazarus: A hunt for the infamous hackers to prevent big bank heists.
