Monday, March 13, 2017

A small detail can change everything

A year ago, today...

"Email sent from a mobile device, excuse the brevity and possible errata" This brief text accompanies most corporate mails that are sent from mobile devices, and is because being in a rush sometimes can be tricky. And not just the rush, let's raise a hand who has not sent a completely disjointed with the spellchecker. A small detail can change everything and that is why we have to watch out every mistake we can make and of course, more when it has to do with safety. Clicking and opening a document from an infected email or having the automatic update of your mobile app could cause us some head brewing.

Last year when the Central Bank of Bangladesh was robbed of $ 100 million. The thieves could have stolen much more, Specifically a billion dollars, but they made a mistake typing the orders of the last transfer: they wrote "fandation" instead of "foundation". This alerted the bank, which stopped the transaction and was able to recover part of the money, thanks that the cybercriminals didn't pay much attention to the details.

It was a year ago when the news of the appearance of 'the first ransomware for Mac' came: KeRanger. This was based on the first known ransomware for Linux, so much so that it even inherited a design flaw. It was discovered by antivirus companies BitDefender and Mr.Web but, unlike when ransomware was discovered for Linux or in previous cases, Dr.Web did not offer the decryption key for free to everyone, but only to customers who paid their Licenses. 

But we know that not all hackers do bad things, like the protagonists of the next news that we highlight a year ago. The well-known vulnerability database Common Vulnerabilities and Exposures (CVE) had many flaws and some researchers had to wait up to six months for CVE to assign a number to the bugs that were discovered. As a result, a group of hackers launched an alternative initiative: the Distributed Weakness Filing (DWF) system, an updated alternative numbering system with the new reported vulnerabilities.

The one that always was watching out for the small details was GhostShell. The well-known Romanian hacker told in an interview that in the last 3 years he had been dedicated to stealing databases of right and wrong and spying on governments around the world. Something that looks like a movie script. It did not have any type of filter of countries, from the United States to Japan, passing through China. GhostShell explains in the interview how he invented the term "Dark Hacktivism" for "hacktivism at the level of cyber warfare." The interview ended with a final surprise that we invite you to re-read.

What also looks like a movie was the malware discovered a year ago for Android. It was a very powerful malicious code and the most advanced seen until then, according to Kaspersky Lab. It installed as administrator taking full control and infected all the apps that were on the mobile. It was distributed via malicious ads and was designed to redirect financial transactions using SMS.

After seeing what was 'cooked' a year ago by the world of cybersecurity, and putting it in perspective with the events of these days, we can see that the thing is quite similar and have not taken note of the details that could be to correct. Check Point today brought to light that it had found 38 infected Android devices before leaving the factory. Paraphrasing Mario Benedetti: alas, if one knew what he had, so clearly he knew what he lacked ...!


Post a Comment