Cyber World on Fire: Uncovering the latest events, from Google's outage to the newest threats and trends in technology

-

A few days ago, Microsoft says that their system was exposed. But not only Microsoft majority of fortune 500 companies including the FBI, treasury departments, state health departments, real estate and a whole lot of people probably 18000 to 19000 big companies are vulnerable to this attack. This is the very first time you are hearing of such a big massive attack.

In this article, we also go through the reason behind, why Google was a little bit down a couple of days ago??

In 2020, we all go through corona pandemic, volcanic eruptions, earthquakes and many more disasters and we all thought that now this is the end of all nightmares with the end of 2020. But for 2021, there is already biggest nightmare has been started for all fortune companies and in the cyber world.  

Now, as we all know cyber security is always a cat-and-mouse game. Sometimes, you think that you are safe but the next moment you found that you were being hacked. And to protect that, there are so many good companies which put advisories to the companies who want to secure and also want to keep there all details with safety. No matter how big you are, the next day you can be a potential target and you are down the next day as happened with Google, a couple of days ago.

So, FireEye is one of the biggest names in cyber security. It is so big that the higher management of FireEye is not allowed to even go for two days of vacation. Now a few days ago, FireEye came out and said that we were hacked and this actually made big news that one of the biggest firms in the world was attacked and is accepting that they were hacked. Now, during the hack, when it was asked of them they found out what was breached? they said that actually the biggest nightmare was not the nightmare that we were hacked but the nightmare was, what was actually hacked from us.

Nowadays, in the cyber security world usually, there are two teams the Red team and the Blue team. The job of the blue team is to simply go ahead and roll out patches and secure them and put the firewalls so that people cannot breach through them. On the other hand, the red team is responsible for simulating the attacks, of course in a controlled environment. But since some of these attacks are so sophisticated that they need automation. So, companies like FireEye, have their own kind of big box in which they use these red tools (and by the box I simply mean their software stack, their server or wherever they keep their simulation of these red attacks). Now some of these red attacks are so much more complex and so much more powerful if they get out of the world they can do so much damage. 

And that’s exactly what was attacked and that’s exactly what was stolen from FireEye. So, all those boxes which were holding these simulations for red teams or the red attacks. They got stolen.

Now according to the official statement of FireEye, there was no zero-day tool. Zero-day is a potential vulnerability but nobody has seen it yet so there is no patch and not a whole lot of people know about it. Probably few people know that there are zero days. But according to FireEye's statement, there are no zero days which is not so true.

Another big news you heard these days is the SolarEye attack. SolarWind tool is so much popular and powerful that every 2 of 3 companies use this tool. The SolarWind tool is goto tool for every single fortune company. They used this as a network monitoring tool. So SolarWind is a nice tool which keeps track of monitoring the network, its bandwidth, how it is using the logs and how the fluctuation is going on, everything that possibly you can do by networking is being done there. So you can say that it is almost like a monitoring tool for the entire internet which is running on the planet. And what’s scarier is their client list of SolarWind. Including all 500 big fortune companies also the state department, lot of governments use this, like the FBI, state health governments, treasury departments etc. So all of them were the potential victims of this hack.

Now let me tell you how this hack was actually planned up. So now the hackers have access to this red tool and they actually found out how the network updates of this tool are being delivered. Whenever we got software patches and software updates, we update the tools which we used, the same goes for the SolarWind tool as well. And the reason why it’s a little bit scarier is that the new update came out in march 2020. And what attackers did was they somehow got access to the network or CDN through which they were delivering these updates and they injected a DLL, a malicious DLL along with the patch. So the patch is now gonna act as a potential vulnerability to every single person who is gonna be updating their software. And of course, this is a talk about the march and now this is almost the end of 2020, so every single company did update. Now FireEye came out with a public disclosure that we were attacked and entire dots were connected. And this is scary because hackers had these access to all of the big giant companies from the march. Now they are saying, this attack was planned by Russia but no one has proof of that. Now the danger here is that attackers had network-level access to everything in all of these fortune 500 companies and 18000 customers from the march. They also know that, how these attacks are being made and how the potential firewalls are being kept, so they are knowing too much of the details. But, currently, we are not seeing any impact. Currently, the news is just out and we have seen one big giant (Google) being down for an hour, a couple of days ago. Now obviously, it is expected that in 2021 it’s gonna be a bigger nightmare of the cyber attacks that are gonna happen and eventually it’s gonna scale up.


THANK YOU!!!!

 

 

Comments

Post a Comment

Popular posts from this blog

Addicted To Infinite Scrolling: The Dark Side Of Social Media

-
Image
Imagine visiting a renowned restaurant that offers an all-you-can-eat buffet. Excited to try the best dishes, you arrive hungry and ready to indulge. However, with a constant flow of food being served, it becomes difficult to distinguish the best options and you find yourself consuming an excessive amount without really knowing what you're eating. Eventually, you may become overwhelmed and sick from overindulgence. A similar phenomenon is happening in our digital culture, where an abundance of content is readily available and easily accessible through the use of infinite scrolling. This feature, intended to improve the online experience, has instead led to an overconsumption of content, resulting in distractions and a loss of focus. Just like overindulging in food, overconsumption of content can have negative effects on our well-being.  Have you ever found yourself scrolling through your social media feed for an extended period of time without realizing it? Or have you ever become
Read more

Coding for Everyone? My Personal Journey and Lessons Learned

-
Image
  Are you ready to discover the world of endless possibilities that coding has to offer? My experience working as a freelancer, in a service-based MNC, a product-based startup, and a product-based MNC tells me in no uncertain terms that coding is crucial, but it isn't for everyone, and definitely not for 6th graders. Don't waste your child's precious time on coding when they can learn it later. Trust me, they'll thank you for it. Coding is like solving a puzzle. You use a specific set of instructions, called code, to tell a computer what to do. And the coolest part is, you can use code to create almost anything you can imagine! From designing video games to building websites, the possibilities are endless. But coding isn't just about creating cool projects. It's also a valuable skill that can help you in many different areas of your life. It can help you develop problem-solving skills, logic and creativity, and even prepare you for a career in the tech industry.
Read more

The Dark Truth Behind Apple's Privacy Claims - Is Your Data Really Safe?

-
Image
In recent years, Apple has positioned itself as a champion of user privacy, touting its commitment to protecting personal data. However, a closer examination of their practices reveals a complex and controversial landscape. This article delves into Apple's new surveillance system in iOS 15, the clash with Facebook's targeted advertising, the strategic implementation of the "Do Not Track" feature, and its intentions to expand its advertising network. We will also explore conflicts with other companies and the implications of Apple's control over app distribution. It is essential to question whether Apple's motives are genuinely privacy-centric or if profit and market dominance are driving their decisions. 1. Apple's Surveillance System in iOS 15: Balancing Privacy and Security The introduction of Apple's new surveillance system in iOS 15 raises significant concerns about user privacy. This system is designed to identify and report potential child porno
Read more