Successfully reported this slideshow.

Top 10 Hacks of the Last Decade

0

Share

Upcoming SlideShare
Why Web Security Matters!
Why Web Security Matters!
Loading in …3
×
1 of 21
1 of 21

Top 10 Hacks of the Last Decade

0

Share

Download to read offline

Security breaches have become a normal part of our lives over the past decade, but each hack comes with its own complications and ramifications. In this webinar, Teleport Tech Writer Virag Mody will dive deep into the details of 10 notable hacks of the past decade, how they happened, and their effects on how we approach cybersecurity. This will include kickstarting new models, turning cybersecurity into a national-security issue, and forcing a conversation around data privacy. The presentation will include breaches from:

Solarwinds
Panama Papers
Operation Aurora
Equifax
Capital One
Cambridge Analytica

Virag Mody

Security breaches have become a normal part of our lives over the past decade, but each hack comes with its own complications and ramifications. In this webinar, Teleport Tech Writer Virag Mody will dive deep into the details of 10 notable hacks of the past decade, how they happened, and their effects on how we approach cybersecurity. This will include kickstarting new models, turning cybersecurity into a national-security issue, and forcing a conversation around data privacy. The presentation will include breaches from:

Solarwinds
Panama Papers
Operation Aurora
Equifax
Capital One
Cambridge Analytica

Virag Mody

More Related Content

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Top 10 Hacks of the Last Decade

  1. 1. Top 10 Hacks of the Last Decade goteleport.com
  2. 2. Top 10 Hacks Operation Aurora (2010) Stuxnet (2010) Mt. Gox (2014) Panama Papers (2016) The DNC Hack (2016) Equifax (2017) WannaCry (2017) Cambridge Analytica (2018) Capital One (2019) SolarWinds (2020) 1. What happened? 2. How did it happen? 3. What happened afterwards?
  3. 3. Operation Aurora (2010) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Google, Adobe, Juniper Networks, Dow Chemical, Morgan Stanley, and more ● IP Theft - Source code ● Sophisticated ● Internet Explorer zero-day ● Spear phishing ● JS program exploited IE zero day to download malware ● Malware opened backdoor for access and search internal networks ● BeyondCorp: A new Approach to Enterprise Security (2014) ● Implement Zero Trust at scale
  4. 4. Stuxnet (2010) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Computer worm for industrial SCAD systems ● Precisely designed to target specific configurations ● Error in software update unintentionally unleashed the worm on the internet ● >50% Iran, indonesia, india, azerbaijan, etc. ● Air-gapped environment - Contractor’s USB ● Payload, .lnk file, rootkit, command and control network ● Exploited zero-days and shared secrets ● Slowly manipulated PLC for centrifuges ● First attack on industrial infrastructure ● Highly publicized (error) = weaponized cyberspace ● Kicked off another arms race
  5. 5. Mt. Gox (2014) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Largest Bitcoin exchange in the world stopped all trades ● 850K $BTC stolen (largest theft to date) ● $450MM in 2014 but > $34B now ● Only 200K $BTC ever recovered ● Poorly managed codebase ● Stole credentials from an auditor ● Siphoned $BTC from hot wallet masked as normal txs ● Debate over centralized exchange - similar to enterprise trusting third-parties for private data ● Binance / Coinbase - Transparent ops + insured deposit ● Die hard fans = DEXs
  6. 6. Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com What happened? ● Law firm - Mossack Fonseca ● Exposed high-ranking officials using offshore companies to hide income + taxes ● Largest leak in history - 2.6TB of data Countries implicated in Panama Papers
  7. 7. Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com How did it occur? ● Outdated Drupal CMS version ● Outdated WP version - Revolution Slider ● Emails not encrypted TLS ● Web servers on same network as mail servers Portal ran outdated Drupal version
  8. 8. Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com What happened afterwards? ● Reinforce basic principles - segment, encrypt, update software ● Warning - Companies store sensitive customer information ● Illegally obtained info can be evidence
  9. 9. DNC Hack (2016) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What happened? How did it occur? What happened afterwards? ● (1) DNC (2) Clinton Campaign (CC) ● 50K emails published on WikiLeaks ● CC - 2FA, wiped servers, phishing drills ● Fancy Bear targeted private accounts - 50K emails ● Admin credentials to DNC network ● X-Agent and X-Tunnel ● 300GB through buffer servers ● Election cyberwarfare ● Billions spent voter upgrading security infra ● DNC - specialized hardware, cloud, phishing drills
  10. 10. Equifax (2017) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What happened? How did it occur? What happened afterwards? ● One of the largest credit reporting agencies: Sensitive personal + financial info ● 143MM americans - 40% of population ● Address, SSN, driver ID ● Apache - Security notice to patch vuln in Struts ● Remote code injection via HTTP header ● Human error - Equifax did not upgrade ● Hackers scanned for vuln -> Equifax ● DB to DB, extracted data ● Did not renew 3rd party software = did not inspect traffic ● Not much fallout - Stock went down for a few months ● $1.4B in upgrades & $1.4B in claims (~$125/person) ● Legacy co’s slow to modernize - poor implementation / governance
  11. 11. WannaCry (2017) How? Aftermath What happened? ● Ransomware attack ● 100,000s of windows machines in 150+ countries ● Ransomed access in return for $BTC - Often not honored ● Mostly UK hospitals, railway networks, and private co’s © Gravitational, Inc. 2020 | goteleport.com Locations affected by WannaCry
  12. 12. WannaCry (2017) How? Aftermath How did it occur? ● Shadow brokers stole NSA tools ● NSA inform MSFT about exploit, but not enough time to patch ● EternalBlue - Arbitrary code execution delivered in network packet ● DoublePulsar payload = Backdoor to install WannaCry ● DNS killswitch © Gravitational, Inc. 2020 | goteleport.com Countries implicated in Panama Papers
  13. 13. WannaCry (2017) What happened afterwards? ● EB and DP used in NotPetya (2017) ● Critical of NSA ● PATCH Act - Balance vuln disclosure and national security © Gravitational, Inc. 2020 | goteleport.com It was NSA. I saw them do it. What??? Noooo. I wouldn’t spy on you … Remember Snowden? LOLOLOL Yeah. It was NSA. Vote to kick
  14. 14. Cambridge Analytica (2018) How? What happened? How did it occur? What happened afterwards? ● Whistle blown on data harvesting op ● 87MM American ● High-def psychographic profiles -> Targeted ads ● 300K users accepted terms of thisisyourdigitallife ● Abusive ToS harvested user and FB Friends data ● Public profile, pages liked, birthday, location ● Access to photos, timeline, and messages ● Not exactly a hack ● $5B fines + regulation ● CCPA (2018) - As California Goes, So Goes the Country ● Changed privacy policies, minimize API access, banning cookies © Gravitational, Inc. 2020 | goteleport.com
  15. 15. Capital One (2019) How? What happened? How did it occur? What happened afterwards? ● ex-Amazon employee ● Exploited misconfigured WAF ● 100K SSN & 1MM SIN ● Financial info = CC apps, bank account ● Hacker admitted guilt over GitHub and Slack ● Details not fully disclosed, but expected to be SSRF ● WAF sent HTTP request to Amazon metadata services ● AWS IAM credentials to S3 bucket ● Brought attention to SSRF ● Public clouds communicate through HTTP and assume a degree of trust ● More popular with APIs and SaaS © Gravitational, Inc. 2020 | goteleport.com
  16. 16. SolarWinds (2020) How? What happened? How did it occur? What happened afterwards? ● Most consequential hack of all time ● Supply chain attack through Orion software ● 18K customer exposed over months ● Nearly all F500 Co’s and govts ● Trusted component with backdoor to third party servers ● Digitally signed upstream by SolarWind ● SUNBURST - transfer and execute files, reboot, disable services, profile network, exfiltrate data ● Masked data extraction as network traffic part of protocol ● Will require months to understand full extent of damage and years to mitigate/clean ● Adds to growing concern of cyberwarfare © Gravitational, Inc. 2020 | goteleport.com
  17. 17. Best Practices © Gravitational, Inc. 2020 | goteleport.com Segmentation ● Networks designed for clustered resources ● API, SaaS, cloud, remote devices ● Interconnectivity means trust in networks deteriorates ● Better yet, don’t trust network at all
  18. 18. Best Practices How? © Gravitational, Inc. 2020 | goteleport.com Secrets ● Individualized, rotated, automated, stored, encrypted ● Infrastructure packaged and scaled up and down ● End up sharing static credentials - hard coded or on multiple client machines
  19. 19. Best Practices How? © Gravitational, Inc. 2020 | goteleport.com RBAC ● Credentials have two basic levels: privileged and unprivileged ● Different segments within unprivileged ● Follow PoLP ● Requires identity information, but most secrets are arbitrary strings (ssh, bearer)
  20. 20. How? © Gravitational, Inc. 2020 | goteleport.com
  21. 21. Thanks for stopping by! Check your email for the whitepaper

×