The Walking Cyber Dead

Zombies: In the movie “Night of the Living Dead,” (the precursor to “The Walking Dead”) zombies are walking around the city attacking humans.   If the humans are infected, they become zombies, too, and join in the chaos.  

Cyber Zombies: Strangely enough the cyber world has exactly the same thing, except it is not fiction, it is real. It usually starts out with users getting this great free software program or clicked on a link that advertised an unbelievable deal.  This means it sometimes comes in as a Trojan Horse.  A Trojan Horse is an actual application that works as advertised, but it also has additional malware functionality that goes with it.   The malware may also be distributed by using an email with a malicious hyperlink.     The hackers have various methods to infect your machine.

What They Do: Once infected, the fun begins.  First, the software searches your computer for any useful information like credit card, bank account or other critical information.  Critical information might be relatives names, birthdays, home towns and other similar data that might help them answer your security questions.  The information is sent to the hacker’s Command and Control (C2) server. 

They’ve Just Begun: The really bad part about being a zombie is that the C2 is not finished with you once it has your information.  You are now part of the zombie botnet.   It’s a network of computing devices that infect other computers – perhaps everyone in your email address book.  Or they might control your computer to perform a denial of service attack on a large corporation making their network unusable.   

Beacons: You may ask how the C2 server can control your laptop once you are infected.  The malware running on your computer is sending a “beacon” back to the C2 server.  The activecountermeasures.com website defines beaconing as “the practice of sending short and regular communications from an infected host to an attacker-controlled host to communicate that the infected host malware is alive, functioning, and ready for instructions.”  In other words when your device is a zombie, your system communicates with the C2 server to see if there is any nefarious work for your device to perform. 

Millions of Cyber Zombies: Remember that the Trickbot network we discussed a couple weeks back had over a million devices on their network. There are many other botnets with hundreds of thousands of devices.  It’s very common.  Almost all devices show no indication that they’ve been compromised even though they are controlled by hackers.   It’s funny to think that some of the devices are part of the “Internet of Things” appliances. Imagine that your refrigerator or your coffee maker could be a zombie in one of these botnets.

Cyber Zombie Apocalypse Response Team: Unfortunately most managed security service providers are not looking for beacons even though they are prevalent.  Anti-virus won’t stop it and firewalls won’t block them.  In order to detect them, you need to be looking for them.   Beacons have very specific characteristics.  They phone home periodically at regular intervals and similar message size.  Beacons can be detected and there are some manage service providers that know how to hunt them down and take them out. Unlike the zombies in the “Night of the Living Dead,” there is a cure for this sickness in the cyber world. We do have the cyber equivalent of the Zombie Apocalypse Response Team. 

Minor Mistakes, Costly Consequences

The Launch:  It was 6:45PM on December 11, 1998.  After years of engineering effort and toil, the Mars Climate Orbiter was being launched.  This space vehicle was designed to study Mars from orbit and serve as a communications relay for space probes.  The goal was to determine the distribution of water on Mars and monitor the Red Planet’s daily weather and atmospheric conditions.  The team celebrated as the Mars Climate Orbiter started its first step in the over nine month journey to Mars.

The End:  Fast forward 286 days to September 23, 1999.   The orbiter had successfully navigated 140 million miles (225 million kilometers) to Mars with only some minor corrections required on the way.  This was the day the Mars Climate Orbiter would enter into the orbit of Mars.  The key to success was to keep the spacecraft higher than 80 km above the surface.  Go any lower and the fragile spacecraft would shatter into Mars’ atmosphere.    The first sign of trouble occurred during the insertion burn into orbit.  The engineers were expecting a communication loss, however, the loss of signal occurred 49 seconds earlier than expected.  Instead of regaining signal twenty minutes later, it never returned.  

What Happened:  The celebration was replaced with an investigation.  What happened?  It turns out that the orbiter went past the 80km safety zone and was within just 60km smashing into the atmosphere.  After traversing space for over 225 million kilometers, how were they 40 km farther than they thought?

The Answer:  American standard versus metric.   Yes, one part of the software in the orbiter’s thruster calculated pounds of force and the second piece of code that read the data assumed the metric unit – Newtons per square meter.  Although this resulted in a factor of four times, it was a relatively small difference in fuel.  Several engineers commented during the route when they had to make minor corrections, but no one made the connection along the way.  

Costly: This was a $327 million mistake – $193 million on spacecraft development, $92 million on the launch, and $42 million for mission operations.  Wow!

Employee Mistakes:  Hopefully, mistakes at your workplace don’t cost your company that much, but statistics show that many of the cybersecurity breaches are caused by employees making mistakes.  These are instances where the breach could have been avoided if not for the employee making a mistake.

No Public WiFis:  One of the biggest mistakes that people make is to trust public wifi hotspots.  That’s right, do not trust any public hotspot.  Public hotspots are hotbeds of cybercrime.  

Proper Use Required:  Another mistake of employees is “inappropriate use of IT resources.”  Examples of this are: non-work related web surfing, peer-to-peer file sharing, unlicensed software, pirated music or videos, and non-approved remote access programs.  Remember, on the internet, if something is free, then you are the product.   These sites and applications are riddled with malware and allow hackers a foothold into your organization.

Social Engineering:  Another employee mistake in the cyber arena is falling for social engineering. Hackers use human emotions to manipulate people into downloading their malware or buying gift cards or wiring money.  Either out of fear or a sense of helping someone, we get tricked into doing something that harms us.  

It’s Avoidable:  Just like metric conversion in the Mars Climate Orbiter, these mistakes can be avoided.  Education and training are key.   Your staff should be able to identify a phishing attempt or know enough to avoid public wifis. Cybersecurity training should not be a once a year requirement.  Employees should get periodic cyber training and phishing scenarios.  Breaches are costly and as the old saying goes, “An ounce of prevention is worth a pound of cure.”

Avoid the Pain, Train: Whether you are orbiting Mars or providing services to valuable clients, it is always prudent to check your math and your cybersecurity.  Train to avoid the pain.  

The Flight of the Auk

Adaptability: One of the fundamentals of survival is the ability to adapt quickly to a changing landscape.

In June 1844, the last Great Auk was killed, ironically, so it could nest permanently in a dusty museum.

Akin to the Dodo: The Great Auk was a helpless, hapless, flightless bird that bred in colonies on some rocky islands in the North Atlantic. You may never have heard of it. Perhaps, because the sly insult “strong as an Auk” doesn’t sting like “cunning as a Dodo”, and “Auk”, could be linguistically confused with “Ox”.

What Is It: The Great Auk is similar to a penguin: flightless and helpless. Why aren’t the penguins extinct, too? They live in Antarctica. People haven’t gone there in great numbers. For the Auk, they lived on an island used by sailors as a pantry for restocking supplies, like bird meat. Antarctica isn’t somewhere people regularly frequent for the same purpose. It’s inconvenient, and inconvenience to humans may have saved the penguin.

Extinction: Whether Dodo, Great Auk, or Wooly Mammoth, the end was the same—extinction. Extinction due a cataclysmic collision of unfortunate events. The animals had developed defenses ideal for the geographic bubble in which they lived which was a specific geographic ecosystem.  Suddenly their bubbles popped. The conditions changed. Their serene world careened into the 19th century, and they lost. They lost because of an inability to adapt.

We Adapt: Humans are different. We don’t adapt to suit our environment. We adapt our environment to suit ourselves. This is our axiom. Now, whether this application of adaptation is a moral one, is not the purpose of this discussion.

Change to Survive: Situations and environments change. Those who most nimbly adapt will survive. The others will not. For a case study, look at Sears. They OWNED the mail-order business. Then came Jeff Bezos in his tiny garage selling books—over the internet. No threat there. Until it was one. It was too late for Sears. Sears SHOULD HAVE owned the online mail-order business. The same way they owned the magazine mail-order world. Like the Great Auk, they failed to recognize a threat. With their ineffective wings and clunky feet, Sears bumbled into the 21st century, failing to adapt quickly when the environment changed.

The Trouble of Inconvenience: For Sears to change its business model would have been inconvenient. People don’t like inconvenience. We develop a bubble of comfortable systems and familiar procedures. We actively reject anything that may disrupt the playful bubble of familiarity.

Hard for the Bad Guys: As defenders of our world, we can use this natural human aversion to personal inconvenience to our advantage. If we make it sufficiently inconvenient for a cyber-criminal to successfully attack us, it may demotivate them and cause them to seek a softer target.

Contact CyberEye – They Know: Unfortunately, this article doesn’t provide the space to list everything you can do to introduce inconvenience into your cyber defense plan. Feel free to contact the Cyber Guys from CyberEye for details.

Recognize the Threat: Both the 19th century Great Auk and the 20th century Great Sears, didn’t recognize the threat early enough. At best, the great Auk could have changed breeding sites to a less convenient location, then decrease the frequency of human interaction. Sears could have bought Amazon’s business model for a few thousand dollars and adapted to it.

Make Adjustments: In 2021, if your business survives the tragedy of COVID, the most likely cause for failure will be a lack of flexibility in your business processes. There is a cyclone of cyber-criminal activity on the near horizon. There are threats we’ve never even considered about to drop anchor just offshore.  Sadly, change is the axiom of the cyber-threat landscape.