CIS Podcast Episode 18: Top 5 Scariest Malware
In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson welcomes Randy Rose, CIS Sr. Director of Cyber Threat Intelligence. In the spirit of Halloween, they list the top five (and some honorable mentions) malware of all time – so far!
Discussed in this podcast:
- Top five malware
- Evolution of cyber threats
- Randy Rose answers the Atkinson 9
Since the beginning of computers there have been those who wish to exploit vulnerabilities. Malware was, and continues to be, a convenient and profitable way for cybercriminals to take advantage of organizations as well as individuals.
Top Five Malware
Stuxnet was considered the first known cyber weapon. For the first time as a field, a cyber-attack was used to create physical effects. Up until this point, most attacks had a physical component, whereas Stuxnet was purely cyber. It targeted specific individuals in industrial control systems and infected personal devices. When the individual connected to their internal devices it created an opening for the attackers. What made this malware so effective was its leveraging of four zero-day exploits which caused an immense amount of work to reverse.
EternalBlue was a cyber-attack exploit developed by the U.S. National Security Agency (NSA) and then leaked by the hacker group Shadow Brokers. What was learned from this attack was the importance of implementing patches as soon as they are released. Software targeted by EternalBlue had patches in place at the time. However, many organizations had not made the necessary updates even a year after a patch was released, and were vulnerable.
3. BlackEnergy and CrashOverride
BlackEnergy came in two phases and targeted power supply control systems. This malware showed the impact of a cyber-attack on the public rather than just an organization. It left large communities without power. What is intriguing about this attack was these exploits were developed by those who knew how the systems operated. This was the first exploit to show the human component of cyber-attacks. A person on the inside could be enticed to provide information to cause a breach.
Still a widely used malware, TrickBot utilizes modular capabilities beyond a standard Trojan. It targeted financial institutions to steal banking credentials in order to obtain personal information. TrickBot has also reached beyond standard malware and has grown in its number of ransomware attacks.
ZeuS resulted in the largest singular financial theft by cyber-attack thus far. Like BlackEnergy, this malware targeted organizations as well as individuals. What made it different was how it reached the individual. The exploit was uploaded to credit card processing companies. Retail stores used the processing services and were also compromised. When a customer used their credit card at one of these stores their information was then stolen.
MorrisWorm was the first malware distributed via the internet. It was created by college student Robert Morris.
Why was MorrisWorm so scary? What about WannaCry? Listen to this week's podcast to find out!
The Evolution of Malware
Malware continues be a top threat to the cyber environment:
- It is developed via a “family tree” where one builds off the other and gains strength.
- It exploits organizations knowing there is a delay in patching vulnerabilities.
- Exploits created to perform malware can be leveraged and used for other types of attacks.
- Patches only fix what is known; malware is still a threat even if known vulnerabilities are accounted for
Malware and other cybercrime works in a fully organized criminal space. It’s now a business set up, like a service. Developers offer access to their tool for a percentage of the profits and customer service portals are available for criminals in the way of helpdesks, code requests, and training capabilities.
The future shows the growing adoption of full digital platforms and the disappearance of physical backups. This leaves us all more vulnerable than ever. A truly scary thought, but implementing patches quickly, and using essential cyber hygiene gives everyone a better fight against these attackers.