Common Attacks Part 2: Logic Bombs and Ransomware

00:00

we pick up on the next topic, which is war driving.

00:03

I have to chuckle here because this picture always cracks me up.

00:06

That is an intense war driver right there

00:09

when we talk about war driving, this was something that was much more popular back in the day.

00:14

It would be someone driving around with their wireless sniffer, looking for a signal that was unsecured so they could either take advantage of the free WiFi connection or funnel their request that might be illegal in nature through someone's access point.

00:26

There was an instance about six or seven years ago where the FBI busted down a guy's door.

00:31

They increased child exploitation activities to disguise I. P address.

00:35

Turns out it was not him but his next door neighbor. Siphoning off the WiFi signal. You've got to be very careful with that.

00:42

We talked about securing wireless communications with WP a too strong authentication. That's certainly a step.

00:49

When war drivers would find a location that wasn't protected, they would use what's referred to as war talking.

00:55

They would just take chalk on either side of the building or sometimes the sidewalk out in front.

00:59

It was a little upside down horseshoe looking thing.

01:03

They would specify the speed of the connection and the type of security of any.

01:07

It was just one way of an attacker letting another attacker know that this was a vulnerable source.

01:11

Mhm.

01:12

Today you can just go on Google and type out unsecured wireless signal. But don't do that. You can find the numerous locations that don't have security on their WiFi network.

01:21

The Internet is a wealth of information.

01:23

Also, spin ups of work driving. There's also we're talking and we're flying.

01:27

There's also something called We're Dialing. I didn't put it on this list because it's not really all WiFi.

01:34

It would be something like looking for a remote access server. This used to be more common when there were more remote access servers. If your company's phone number is 8524000 I would have my mod um, dial 4000001400 to 2 like a response from the remote access server.

01:53

For those of you that go way back, there was a movie called War Games. Matthew Broderick. The premise was that if he wanted to get to the Pentagon because they had a wide wealth of games. He could play

02:01

the premise. Maybe a little shaky, but basically he did a war dialing attack connected to a Pentagon computer and really came close to launching World War Three.

02:10

Perhaps not based on the truth of situations that is an example of war dialing. We're walking, we're flying,

02:17

we're flying. Seems really ambitious. But in that situation we be thinking about taking a drone over an area that might have additional security or be less accessible and attempting to find out that signals. That way, we can either eavesdrop on or access.

02:30

Yeah,

02:32

logic bombs come next. This isn't really a network attack as much as it is just malware.

02:38

The idea is to get malware installed on your system. You download a file, you click on a link in an email. Whatever.

02:45

What's so tricky about this malware is it doesn't immediately execute its payload.

02:50

It stays there dormant, waiting for some sort of logical event, whatever that might be.

02:54

Maybe I work for a company and create a program that scans the human Resources payroll database for the name Kelly Hanrahan

03:00

as long as Kelly Hander Hannes in that HR payroll database. The code lies dormant.

03:06

If Kelly Hanrahan is missing from payroll two consecutive cycles that launches malware that will format the hard drive and free certain company assets. That's a logic bomb.

03:16

There are certain types of logic bombs that are set on time.

03:20

Maybe on April Fool's Day, the logic bomb goes off and runs its payload. Sometimes they're considered time bombs. Sometimes they're just under that generic header of logic bomb.

03:30

There's also a type of attack called a fork bomb.

03:31

What a fork bomb does, is it. When the play load is run, it opens up just an extreme number of processes on your system.

03:39

It might open up to 2500 Web browser instances.

03:44

Every operating system has a set number of processes that can run at the same time.

03:47

The goal is that fork bomb is to open up so that many of you can't do anything else on the system.

03:53

I'll just do task manager and shut them down.

03:55

Task manager is a process itself. Let me run Norton Antivirus. No, that's a process. It really can come up a system and make it very difficult to eradicate

04:05

big concerns. When you eradicate this software, you're going to want to make sure that it's really gone. Remember, lying Dormant makes it tough to tell if it's there.

04:15

Restoring from backup can be tricky, because who knows when the logic bomb was indicated or was introduced to the system?

04:20

The best way to deal with this type of Mauer is Just don't get it. Change control. Don't let users install things on their systems unless they're formally approved.

04:30

Make sure that there's good anti malware software in the systems. Make sure scans happen on a regular basis, just the standard things that we do to keep ourselves protected from some of this garbage that's out there.

04:42

Here's a hot topic all around ransomware

04:45

with Ransomware, the Attackers uses a strong algorithm to encrypt data our services from an organization

04:50

in order to get the key. They charge an incredible amount of money.

04:55

What happens if they pick the right data? If they pick the right service, people will pay.

05:00

For example, this was an organization, the city of Lakeland. Attackers had encrypted their services that they used to handle the emergency phone call systems. The 911

05:09

At that point in time, the software is rendered inoperable. They were actually reduced to the state, where they were writing down notes to hand deliver to offices on yellow sticky notes. You want to talk about the potential for loss of life.

05:20

Minutes cost more than that cost when we're responding to fires or other catastrophes.

05:25

It was so devastating that they held an emergency City Council meeting. They voted unanimously to pay.

05:30

Let's get the system back then we can pursue trying to prosecute, find the Attackers

05:36

It really focuses on these most critical services. Hospitals are frequently targets. As a matter of fact, the Baltimore County school system has been targeted with Ransomware in their school based platform that they used to communicate with students. Everything was tied up into with ransomware attack. They've had to cancel schools for the third day in a row.

05:55

Again, if the Attackers are smart, they go after these critical operations where people kind of have their hands tied and say, I have to pay,

06:01

then we'll figure it out.