Ransomware and Cybercrime
eBook - ePub

Ransomware and Cybercrime

Andrew Jenkinson

  1. 182 pagine
  2. English
  3. ePUB (disponibile sull'app)
  4. Disponibile su iOS e Android
eBook - ePub

Ransomware and Cybercrime

Andrew Jenkinson

Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni

Informazioni sul libro

In May 2021, Jim Gosler, known as the Godfather and commander of US agencies' cyber offensive capability, said, ''Either the Intelligence Community (IC) would grow and adapt, or the Internet would eat us alive.'' Mr Gosler was speaking at his retirement only several months before the terrorist attacks of 9/11. He possibly did not realise the catalyst or the tsunami that he and his tens of thousands of US IC offensive website operatives had created and commenced.

Over the last two decades, what Mr Gosler and his army of Internet keyboard warriors created would become the modus operandi for every faceless, nameless, state-sponsored or individual cybercriminal to replicate against an unwary, ill-protected, and ignorant group of executives and security professionals who knew little to nothing about the clandestine methods of infiltration and weaponisation of the Internet that the US and UK agencies led, all in the name of security.

This book covers many cyber and ransomware attacks and events, including how we have gotten to the point of massive digital utilisation, particularly during the global lockdown and COVID-19 pandemic, to online spending that will see twice the monetary amount lost to cybercrime than what is spent online.

There is little to no attribution, and with the IC themselves suffering cyberattacks, they are all blamed on being sophisticated ones, of course. We are witnessing the undermining of our entire way of life, our economies, and even our liberties. The IC has lots to answer for and unequivocally created the disastrous situation we are currently in. They currently have little to no answer. We need—no, we must demand—change. That change must start by ensuring the Internet and all connections to it are secure and no longer allow easy access and exfiltration for both the ICs and cybercriminals.

Domande frequenti

Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Ransomware and Cybercrime è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Ransomware and Cybercrime di Andrew Jenkinson in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Business e Management. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.

Informazioni

Editore
CRC Press
Anno
2022
ISBN
9781000585896
Edizione
1
Argomento
Business
Categoria
Management

1Stuxnet to Sunburst and Ransomware Development 

DOI: 10.1201/9781003278214-1
My previous book, Stuxnet to Sunburst, 20 Years of Digital Exploitation and Cyberwarfare, took the reader on a journey and looked at numerous specific cyberattacks and the first use of digital code for warfare in the form of Stuxnet. Stuxnet used digital certificates laced with malicious code (Stuxnet). It went in depth about many attacks and concluded with the similarities of the SolarWinds breach that started in early 2020 and surfaced in December 2020, affecting thousands of clients including the US government. What made this ironic is SolarWinds is an American company that develops software to help manage clients’ networks, infosec, and infrastructure. As a well-known and highly utilised US government supplier, SolarWinds could not have been better placed to be breached and cause maximum infiltration, disruption, and unfettered access. What made it a double whammy, in many ways, was the fact that once Domain Administration Access had been achieved via a hijacking a legacy, insecure subdomain, the adversaries laced SolarWinds’ own digital certificates, which were distributed and used to update customers’ versions, with Sunburst, the name given to the code. Furthermore, the delay of 13 days from update acceptance, often without any intervention, was an identical timeframe as used in Stuxnet was set before Sunburst was activated. Is that just a coincidence with Stuxnet’s own 13-day delay from infiltration? We think not.
Both Stuxnet and Sunburst were cyberattacks with a specific purpose. The first was to destabilise, slow down, or even halt the Iranian nuclear program, the second to cause major disruption and infiltrate the US government, including the Treasury. This can only be a bad thing as the United States, indeed all organisations and governments, do not have proper controls or know what their enterprise contains; chances are they contain much more now, along with data exfiltration.
Over the last few years, organised crime has watched, and learned, from how simply, and anonymously similar attacks can be utilised as part of their overall illegal business plans. In fact, they are so easy that digital cyberattacks have overtaken and surpassed all other forms of crime and are so successful as organised crime, they are in fact much better organised than the people charged with ensuring security. It is also not unreasonable to confirm that the good guys have to secure 100% and the bad guys find a single access point. This situation was further exacerbated by revelations in 2013 by Edward Snowden and others who confirmed the access points and tools used to infiltrate organisations and governments to gain digital access and exfiltrate information and data. The harvesting of this data gave control and power; however, once it fell into the wrong hands, the birth and early iterations of Ransomware were spawned, and the global market and economy would change forever…
What is Ransomware? In the simplest of terms, Ransomware is the name given to a type of Malware from crypto virology that typically threatens to publish the victims’ data or block access to it unless a ransom is paid. As we know, a person being held hostage and not released until a ransom is paid is highly illegal. In the digital world, it is seemingly tolerated, even accepted, which is why organisations like Darkside, who hit Colonial recently, have received an estimated $90 million over the last several months…
Ransomware has evolved over the last few years, even more so over the last year or so, and now it typically means cybercriminals exfiltrate data to then demonstrate to the victim the data is in their possession and to prove they have been able to remove it. They offer to sell it back at a premium, and so the next attack commences. Let us look at this closer, as it is an area that even some of the biggest and best leaders in security don’t fully understand. In or around 2013/2014, Google and others wanted to move from the weak HTTP (Hypertext Transfer Protocol) to HTTPS to ensure better and stronger security for website visitors. The S part of HTTPS effectively stood for security and meant all data would be encrypted as opposed to being kept in plaintext form. Plaintext form is text as you are reading here, hopefully easily understood for everyone. You will be familiar with various emails and communication Apps such as Whatsapp, Signal, and so on. These have all been designed with the same purpose in mind, to ensure messages are encrypted and enable only decryption by the recipient, or that was at least their desired business plan at the outset.
What Google possibly never realised is that not everyone would adopt this great new security position, and what took years to agree on, design, and develop for global increased security would in fact make it even easier to identify organisations that were not using the new variant of HTTPS and, as such, were maintaining data in plaintext form. It would become a cybercriminal’s staple diet to go to organisations who maintained HTTP and enable easy access, plaintext data enabling them to encrypt it and demand a ransom for the decryption capability properly. Google confirmed they would share details of those that ignored the upgraded HTTPS by showing a Not Secure text in the address bar. The list of organisations that have fallen foul of such oversight or negligence reads like a who’s who of governments, Fortune 500, and FTSE 100 companies.
It gets worse. The HTTPS element refers to the digital certificate validity; that is, does have the correct certificate and is valid. It matches the domain and is it of the correct type. What it does not tell you is whether the domain is configured correctly or has other security vulnerabilities that are exploitable. Does it use a hosting provider, shared services, DNS (Domain Name System) or CDN (Content Delivery Network) third party content, and so on?
The self-inflicted challenge is rarely understood, and that shamelessly includes Captains of Industry and far too many Chief Security Information Officers. This is enough cause for concern, as although maintaining a Not Secure domain confirms a total lack of Internet security controls and management, it also highlights a lack of internal security by default. Furthermore, it also confirms that domains are being published, often using third-party content, hosting providers with shared responsibilities, or servers using older code written in HTTP which relegates the entire site to being Not Secure. Unauthenticated, lacking data integrity, and data often in plaintext: it is easy to see why 200,000 websites of the 1.2 billion each day are targeted and attacked and why successful attacks are costing the global economy $billions, ever $trillions annually.
In the last 12–24 months, my associates all around the world have been sending me details of local Ransomware attacks. From Healthcare in Australia, New Zealand, the United States, Ireland, the United Kingdom, and many more. It used to trickle through at the rate of around 4 or 5 per week; now it is that many daily. It would take a full-time analyst just to record all the Ransomware attacks alone, let alone the monies paid.
In 2019, a meeting of the US Senate Committee first agreed that paying Ransomware was unacceptable and would lead to further crimes, and they were not wrong. Further Bills have tried to be passed making Ransomware payments banned. It stops short of making it illegal, and even Insurance companies, until very recently, were willing to pay Ransomware as part of the overall policy and often would take an active role in negotiations. Now, call me crazy, but is this simply a blatant reshuffling of monies from A to B and allowing further crimes to manifest? Furthermore, every company we have researched that has been breached has sub optimal, insecure domains, making them exposed, vulnerable, and easily exploited. This fact alone should nullify their insurance coverage and policy, and yet in one example, University Hospital of New Jersey paid $675,000 whilst maintaining a Not Secure homepage, agreed to the payment of Ransomware with their Insurance providers and state, and remain Not Secure some nine months later. … Their Not Secure position acted as a beacon for Cybercriminals, and they paid and continued to ignore the root cause.
Being very candid, most companies simply ignore basic security and then get breached. It is like smoking and ignoring the warnings on the side of the packet or driving blindfolded and expecting nothing to happen.
RTFs (Ransomware Task Forces) have recently been set up, which one would hope is a step forward, as is the EO (Executive Order) by the Biden Administration of ploughing a further $500 million into cyber security with the NSA being heavily focused upon. Our reservation, indeed, our concern, is that our two messages to the RTF have been ignored, even after sharing intelligence of their own, and their panel’s websites running Fs and 0s for Internet security. Their, and seemingly others’, focus is very much about Ransomware management and simply not enough about prevention; however, given their own security posture, I guess that speaks volumes. As for the NSA, it has long been known that since the terrorist attacks of 9/11, their focus has shifted immensely from data harvesting at a ratio of more than 1–100 of defensive resources to offensive. As such, Ransomware continues and indeed increases. As Paul Nakasone said to the Senate Committee, ‘Our adversaries do not fear us’. Given our frequent research and findings, candy from a baby spring to mind.
In addition, when organisations supported by the DOD, DHS, RTF, MITRE CWE, and thousands of others happily maintain sub optimal security, they have not only made themselves a target but an easily exploitable one. We often advise clients when such situations occur, even though it may be uncomfortable: was the attack down to someone being complacent or complicit? Bitcoin and other digital currencies coupled with Blockchains enable a degree of anonymity and one simply cannot be sure who the good, and who the bad guys really are. Security is truly a choice, as is smoking, drinking, or being reckless. Domain security is critical and overlooked systemically and ignored across sector after sector. Ransomware and cyberattacks are a self-fulfilling prophecy. Ransomware is rarely sophisticated, as it is always termed to mask incompetence and complacency. It is time to call it as it is before it is simply too late.
There are two distinct ways to decrease the chances of being the victim of a cyberattack and Ransomware. The first is simply unthinkable in today’s digital world, and that is to disconnect everything from the Internet and go back to pen, paper, and speaking directly with each other. Or making sure the organisation controls and manages Internet-facing and connected security. Ask yourself: why do most agencies take this area seriously and, in the main, have security at this critical area covered? They know all too well that this is the first access point from an adversary thousands of miles away; that thin cable with a connection will punish anyone who neglects their domain/server security. We explored several governments cyberattacks in the previous book due to insecurity, and we will look at several Ransomware attacks in this book, and by the end of it, you will be shocked, in disbelief, and possibly a tad paranoid about just what our governments initiated and are doing to prevent this downward spiral and trajectory they started 20 years ago…

2Not Secure, F and O…

DOI: 10.1201/9781003278214-2
We have over a hundred domains, we run bug scanning daily and fully appreciate the critical security issues and requirements of domains and security. We know some are literally holding pages with little to no data, we also know the top two dozen or so that we control and manage.
(CISO of a US $billion cyber security firm 20 May 2021. after numerous cyberattacks, including SolarWinds)
So, I asked my vulnerabilities and research team to have a look. Within an hour, they sent me a dozen insecure domains belonging to the company. Even worse, Not Secure Login domains, domains with mismatching Transport Layer Security (TLS) certificates, TLS that had expired, and misconfigured domains.
As a matter of professional courtesy, I sent two screen shots to the CISO at 23:00 hrs my time in the United Kingdom to show them the findings. To the first, they responded, ‘Thanks for that, luckily that is only a client demo site’, implying it had no data or security exposure. On the second, a company videoconferencing Not Secure domain used by hundreds of the company’s staff constantly and totally open to a Man-in-the-Middle Attack, no comment was made…
We hear dozens of excuses or reasons maintaining Not Secure domains is an OK thing; it is simply not. Any domain with a company on it that has been allowed to fall into a situation of relying upon obsolete TLS certificates at the absolute best demonstrates to anyone looking that the company lacks Internet security controls and management. What is also overlooked is the fact that cyber criminals are scanning the Internet looking for F and 0 rated websites to add to their target list and launch attacks on. Put simply, a Not Secure website says a lot about a company’s overall security position and capability. If it is insecurely connected to the Internet, chances are it is not much better on the inside. Equally, as the SolarWinds breach clearly showed the world, in a single domain hijacking and takeover, some lateral movement and you can lace digital certificates with Sunburst malicious code and breach thousands of companies… . It is not clear which part of digital open doors people fail to understand or secure; however, our research has discovered the same situation at leading global Insurance providers, including cyber insurance providers, financial service regulators, central banks, and even our own GCHQ and NCSC, and No. 10 Downing Street.
Let us consider physical premises for a moment. Let us say the same company, the previous cyber security company, had premises instead of domains. Would they have the same attitude of only making sure a couple dozen of their premises were secure, locked up, and alarmed, or would they say they only lock up a couple dozen? Of course, they would lock them all up, and yet when it comes to their digital, online, 24 × 7 domains, seemingly it does not matter. This poor view and complacency is exactly why cyberattacks are occurring constantly and are unchallenged.
In the address bar of every website, you will see www.example.com. In front of it, you will see either a padlock, confirming a valid TLS certificate and the fact it is using the latest HTTPS protocol. If it is not, it will display a Not Secure text instead. To complicate matters even more, even when a padlock is displayed, it does not mean the domain is secure and safe; it simply confirms the validity of the certificate. This confusion extends to numerous security professionals. Let me explain further. We recently informed many organisations of their overall insecure positions recently, including ...

Indice dei contenuti

  1. Cover
  2. Half Title
  3. Title
  4. Copyright
  5. Contents
  6. Foreword
  7. Preface
  8. CHAPTER 1 Stuxnet to Sunburst and Ransomware Development
  9. CHAPTER 2 Not Secure, F and 0…
  10. CHAPTER 3 Ransomware Lessons Being Learned…
  11. CHAPTER 4 Colonial Pipeline and CI Companies
  12. CHAPTER 5 CNA Ransomware Attack and Cyber Insurance
  13. CHAPTER 6 BA, easyJet, and the Travel Industry
  14. CHAPTER 7 Destabilising the United States, Courts, Law Enforcement, and Way of Life
  15. CHAPTER 8 Deterrence Theory and the Five Eyes Faux Pas
  16. CHAPTER 9 Ensuring the Security of Insecurity
  17. CHAPTER 10 Traditional Warfare, the Fat Man, Mistakes Made, and Lessons Still Being Learned and Ignored
  18. CHAPTER 11 Survivorship Bias
  19. CHAPTER 12 Air India Ransomware Faux Pas
  20. CHAPTER 13 Most Common Website Vulnerabilities and Attacks
  21. CHAPTER 14 The Old Lady of Threadneedle Street and the FCA
  22. CHAPTER 15 MITRE CWE and Ransom Task Force
  23. CHAPTER 16 Critical National Infrastructure: The Collapse of a Nation
  24. CHAPTER 17 US State Attacks and the Continued Oversight of Security
  25. CHAPTER 18 Conflicts of Interest
  26. CHAPTER 19 Innovation and Disbelief
  27. CHAPTER 20 Blackbaud, Cyberattacks, and Class Action Lawsuits
  28. CHAPTER 21 The World’s Largest Global Economic Shift
  29. CHAPTER 22 It Is Not Setting Goals Too High, but Setting Them Too Low and Achieving Them
  30. CHAPTER 23 Avoiding the Apocalypse
  31. CHAPTER 24 If a Clever Person Learns from Their Mistakes and a Wise Person Learns from the Mistakes of Others, What Is a Person Who Learns from Neither Known As?
  32. Index
Stili delle citazioni per Ransomware and Cybercrime

APA 6 Citation

Jenkinson, A. (2022). Ransomware and Cybercrime (1st ed.). CRC Press. Retrieved from https://www.perlego.com/book/3469262/ransomware-and-cybercrime-pdf (Original work published 2022)

Chicago Citation

Jenkinson, Andrew. (2022) 2022. Ransomware and Cybercrime. 1st ed. CRC Press. https://www.perlego.com/book/3469262/ransomware-and-cybercrime-pdf.

Harvard Citation

Jenkinson, A. (2022) Ransomware and Cybercrime. 1st edn. CRC Press. Available at: https://www.perlego.com/book/3469262/ransomware-and-cybercrime-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Jenkinson, Andrew. Ransomware and Cybercrime. 1st ed. CRC Press, 2022. Web. 15 Oct. 2022.