TORA! TORA! TORA! Pearl Harbor 74 years ago!

 

 

Although on December 7th is another year gone by for remembering Pearl Harbor attack in 1941 (74 years ago) I want to focus on the suprise attack angle.

toratoratora

Tora Tora Tora トラ・トラ・トラ means “We have achieved complete surprise” in Japanese codeword. A translation is Tiger.  Tora (Tορα) is translated to  “now” from Greek. Torah is “the law” in hebrew or better known as the whole body of scripture.

But as in my previous post of Jul 29th¹ I want to talk CYBERATTACK.

 

Don’t be the next DrawQuest where the company had to close down

” We were recently made aware of a security breach that affected all of our servers which comprise the entirety of DrawQuest.”

drawquestannouncement

 

Chris Poole (the founder of DrawQuest) decided on shutting down his company instead of trying to extricate it from the coming lawsuits and multiple other headaches. As one can say that the way the company was built had structural flaws in both logistics and computer code.

 

Chris Poole built his applications on the cloud (AWS – Amazon Web Services), although that does not mean “The Cloud”  is insecure. Chris’ problem stemmed from  a main root or administration account and if it gets hacked that is … “very bad” . In fact Chris shows that in certain situations this could put your company in a situation which is not easily extricated.  The hackers ended up ordering hundreds new servers and used them for their own uses. Not to mention they were able to steal all information in the account. Including all customer data etc.

 

So instead of discussing the remembrance of Pearl harbor and our armed forces veterans…  I want to remind everyone that while you are going about your business, the criminal hacker or black hat hacker² is working on attacking you.

 

The question to you might be:  “What should I really  do within  cyberspace defense for my company?”

 

Here is a small business being attacked in England as reported in Independent of UK³ JD Wetherspoon  on Friday said hackers stole data on more than 650,000 customers in the pub chain.  The SME (Small and medium-sized enterprises) businesses have a great weakness and it is a lack of belief – that they are improtant enough to happen to them.

The most disturbing item in the article is the head in the sand technique: only 8%  in a poll of 3000 SME’s by Zurich Insurance in 2013 said they are more focused on traditional risks rather than cyber risks. true it was 2 years ago, but the general it will not happen to me attitude is what gets me.

further in the article it also shows that British government has a Cyber Streetwise campaign, and it found 2/3 of responders didn’t consider themselves vulnerable to attack.

Ransomware can hit anyone,

cryptolocker-ransomwaremessage

and when it does hit the stress of fixing this problem will be fully felt by the SME.

I don’t think most people and especially business owners do not understand how sophisticated the criminals are.

Here is another Ransomware image (slightly different from what I have personally seen)

kovtor-ransomware-pcworld

The criminals have been building  massive infrastructures: The Ponmocup malware

ponmocupfoxitinfections

with 500k current infections and being improved year after year from the early 2000 time era.  It is like Windows has improved by 3 versions over a decade. So have the malware infestations.

 

What can be done?

Spend more effort and money on cyberdefense. Build NGFW – Next Generation FireWalls (my video on NGFW) on your connection to the Internet. Because an old firewall will not protect you as well as the NGFW firewall will.

 

There are also ways to have a specific computer build and revert to it after a reboot (which defeats ransomware).

There is software which allows you to freeze your environment and with a reboot you can revert to it.  There are of course complications like when installing new software you will be required to recreate a new freeze point. But it would be nice to just not worry about ransomware at all.

 

Notice the following image:

cybercrime_underground_eng_7-1024x1024Kasperskylab

The cybercrime hackers are no longer freckle faced teenagers checking out what can be done. I.e a nuisance. In 2015 and soon to be 2016 the criminal hackers are very sophisticated with multiple “paid” employees performing specific tasks.

  1. Virus writers
  2. Malware packing distribution
  3. System admins
  4. Money flow manager
  5. money mules
  6. managers of several functions (money mules, money flow)
  7. spammers
  8. download management
  9. traffic dealers

 

Does this look like a simple attack to you?

 

This is a “Simplified Architecture discussion this image is from a @TomU presentation from my post(4) of a few days ago

SANSponmocupinvestigation

 

There is nothing simple about a sophisticated defense which is still not perfect in solving the problems of all attacks.

Contact Us 314-504-3974 discuss.

 

 

 

 

 

 

 

 

1) http://oversitesentry.com/tora-tora-tora-pearl-harbor-in-cyberspace/

2) https://fixvirus.com/why-use-certified-ethical-hacker/

3) http://www.independent.co.uk/news/business/sme/cyber-attacks-can-be-damaging-for-small-firms-as-well-as-household-names-a6762886.html

4) http://oversitesentry.com/ponmocup-largest-botnet-500k-current-infections/