I performed my Reconnaissance exercise on Beneficial Bank in Philadelphia, PA. They operate 57 branches across PA and NJ and hold ~$5 billion in assets.
Please see video, executive summary, and PowerPoint presentation below.
Paying the Ransomware
I learned today where one bitcoin equals 600 US dollars as of 21-Sep-16. When a ransomware Incident occurs, one of the first few question does come up what will it take to get back into operation? The first I would think is how did it happen? Depending on the impact of the Ransom it was in the case of the Hollywood Presbyterian it was cheaper to pay the 29 bitcoins(in today’s bitcoin value equals 17K in USD) to get back up and running faster. The cost of trying to fix it on your own could have been higher in man and machine hours. In this case patient information was involved and systems were down so it me it made business sense to resolved the incident. The question what can be done to prevent the next Ransomware incident from occurring?
This article is a little dated but it describes the approach used by hackers before, during, and after breaching a system. It gives a good overview what malicious hackers plan to do and it coincides, essentially, with what we have been covering in class. Starting with reconnaissance, a hacker will use methods such as Google Hacking as discussed in class. The most extreme example of recon is actually going to a location and physically gaining access. Next, the individual will scan the network as we will do in class or what some of us have already done to the target we have done some reconnaissance against. Ultimately, the hacker will try and gain access, keep that access, and, perhaps most importantly, cover their tracks so as not be detected. What’s most compelling to me is at the end of the article when the author mentions that a hacker must iterate through these phases. Once he or she gains access to part of the system, the reconnaissance usually has to start again. I chose to perform reconnaissance against my particular company because I felt that the industry they are in is vulnerable to attack. I also picked this company because they are not very large but have connections with very large companies that deal with sensitive information. My thinking is that, if the company I chose could be breached, then an attacker might be able to jump from their systems’ into other companies systems. This would be a classic example of iterating through the phases the article talks about.
Over the past few years, it is no secret that Malware, Denial of Service Attacks and Zero Day Exploits have been among the most popular ways hackers launch cyber-attacks. Also, as cyber threats is becoming a more growing concern, so does the type of attacks that are available today. According to the author of “Cybersecurity: Two-thirds of CIOs say threats increasing, cite growth of Ransomware,” Alison DeNisco, Ransomware is rapidly multiplying and more than 718,500 users were hit with encryption Ransomware over a one-year period (2015 – 2016). The writer continues to add that this is an increase of 550% compared to the same period in 2014-2015 according to Kaspersky Lab.
As stated in the title, two-thirds of CIOs now believe threats increasing, cite growth of Ransomware. This is true because Ransomware is developed as one of the quickest ways for hackers to get money. For example, LA Times’ Richard Winton reported on February 18 this year that, “Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital’s computer systems and would give back access only when the money was paid, the hospital’s chief executive said Wednesday.”
Ransomware is an issue that the FBI and the U.S. Homeland Security need to address rapidly before it becomes more popular. For example, they can invite malware researchers to work with organizations to legally get paid if they can prove that known vulnerabilities exist or can be exploited.
Below are the two articles:
Article Link: http://thehackernews.com/2015/12/internet-of-things-search-engine.html
After the presentation last night on Reconnaissance using some Google Tools, I thought it this was a perfect addition. For fun, I put in a:temple.edu in the search.
FYI – it only allows 5 searches per day without creating an account!
© Temple Community Platform, Patent Pending.